Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundoo virus: cannot remove, please help

Started by walkermd09 , Sep 02 2009 07:15 PM

  • Please log in to reply

#1
walkermd09
Posted 02 September 2009 - 07:15 PM

walkermd09

    New Member

  • Member
  • Pip
  • 1 posts
OTL logfile created on: 9/2/2009 8:59:46 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\HP_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.29 Mb Total Physical Memory | 612.74 Mb Available Physical Memory | 60.35% Memory free
2.39 Gb Paging File | 2.10 Gb Available in Paging File | 88.04% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.33 Gb Total Space | 159.94 Gb Free Space | 89.19% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 232.81 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive E: | 6.96 Gb Total Space | 1.83 Gb Free Space | 26.37% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4F1261A8E5
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2004/08/27 19:22:48 | 00,164,984 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/08/27 19:22:42 | 00,197,752 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/01/13 19:00:02 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2008/05/29 17:38:02 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE
PRC - [2004/09/23 17:30:48 | 00,038,912 | ---- | M] () -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/07/30 07:26:38 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/11/01 19:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2009/09/02 20:32:00 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\My Documents\Downloads\OTL.exe
PRC - [2004/06/29 13:06:38 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2008/06/15 01:19:32 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2008/06/15 01:14:11 | 00,278,528 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2004/10/13 17:01:50 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/10/13 19:17:06 | 02,742,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/10/13 19:00:10 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2008/06/15 01:14:10 | 00,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
PRC - [2004/01/16 06:27:30 | 00,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
PRC - [2004/10/14 02:03:54 | 00,327,680 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2005/05/05 01:00:00 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2004/11/05 05:28:24 | 00,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/05/05 01:04:01 | 00,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/08/27 19:22:42 | 00,197,752 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2004/08/27 19:22:48 | 00,078,968 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2004/08/27 19:22:48 | 00,164,984 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2009/05/02 08:14:52 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/14 02:03:54 | 00,327,680 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService [On_Demand | Running])
SRV - [2004/01/13 19:00:02 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2004/09/23 17:30:48 | 00,038,912 | ---- | M] () -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - File not found -- -- (MyWebSearchService [Auto | Stopped])
SRV - [2003/07/28 22:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}:2.1.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://aolsearch.aol...archbox&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/24 15:23:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/24 15:23:51 | 00,000,000 | ---D | M]

[2009/02/07 16:26:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Extensions
[2009/02/07 16:26:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/22 11:15:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Firefox\Profiles\un81qwry.default\extensions
[2008/09/10 18:05:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Firefox\Profiles\un81qwry.default\extensions\{6d2924c6-90c8-4e32-bff7-e1805d6cd1ca}
[2009/07/21 14:50:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Firefox\Profiles\un81qwry.default\extensions\{ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}
[2009/08/13 23:35:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Firefox\Profiles\un81qwry.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/07 16:26:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/10 14:09:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/30 07:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 07:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/06/18 02:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/07/30 07:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/07/30 03:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 03:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 03:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 03:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 03:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 03:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 03:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {26D432EC-1A16-437A-BDBE-888DCB80C81D} - File not found
O2 - BHO: (no name) - {2E72EFB9-E95D-4A1F-A899-D974C432AC92} - File not found
O2 - BHO: (no name) - {372D3C5E-D865-49F0-975C-C474324F1341} - File not found
O2 - BHO: (no name) - {44FA1DB8-1ECF-4D5F-9AF2-50E2B60661B1} - File not found
O2 - BHO: (no name) - {4CBA5C86-659C-40A4-8C04-ABFCD6492763} - File not found
O2 - BHO: (no name) - {6598E026-F976-4D45-9BE0-48B39D07FA5B} - File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {77E58F16-5651-4D0B-9E99-70E8D20B812A} - File not found
O2 - BHO: (no name) - {8388C527-339F-4743-9F57-0827FECCD7F9} - File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (no name) - {AD042368-3151-4152-B702-749BD3B0F4EC} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (no name) - {E5D6E45E-37AF-4D80-B98D-E40283EB3E85} - File not found
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [FaxCenterServer4_in_1] C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Lexmark 4200 Series] C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\System32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Acme.PCHButton] C:\Program Files\Help and Support Additions\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found
O4 - HKCU..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpExtreme\SpeedItUpEx .exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
F3 - HKCU WinNT: Load - (C:\WINDOWS\system32\ssqpp.exe) - C:\WINDOWS\System32\ssqpp.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O8 - Extra context menu item: &Search - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinn...es/wwspades.cab (WWSpades Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (C:\\WINDOWS\\system32\\ssqpp) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/05 01:32:55 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 21:01:14 | 00,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/09/02 20:04:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/02 20:02:08 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\NTREGOPT.lnk
[2009/09/02 20:02:08 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\ERUNT.lnk
[2009/09/02 20:02:08 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/02 19:10:12 | 10,646,85568 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/02 18:18:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
[2009/09/02 18:17:59 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/02 18:17:57 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/02 18:17:56 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/02 18:17:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/02 18:17:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/31 14:56:12 | 00,009,728 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Numbers.wps
[2009/08/24 23:09:31 | 00,000,768 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to Eddie Money.lnk
[2009/08/24 23:09:19 | 00,000,863 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to Harold Melvin & The Blue Notes.lnk
[2009/08/24 23:09:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\Sound Of Money_ Greatest Hits
[2009/08/24 23:08:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\Songs 4 Worship_ Shout To The Lord (Disc
[2009/08/24 23:07:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\Billy Joel
[2009/08/24 19:15:30 | 00,001,856 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Retry AOL 9.0 or call 866.489.4698 for assistance.lnk
[2009/08/24 15:24:04 | 00,202,072 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2009/08/24 15:23:50 | 00,000,000 | ---D | C] -- C:\Program Files\Coupons

========== Files - Modified Within 14 Days ==========

[2009/09/02 20:43:02 | 00,001,230 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI
[2009/09/02 20:15:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/02 20:15:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/02 20:15:16 | 10,646,85568 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/02 20:12:59 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/02 20:02:08 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\NTREGOPT.lnk
[2009/09/02 20:02:08 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\ERUNT.lnk
[2009/09/02 18:17:59 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/31 15:03:48 | 00,009,728 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Numbers.wps
[2009/08/31 15:03:48 | 00,008,650 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2009/08/31 02:28:01 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/25 09:39:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/24 23:09:31 | 00,000,768 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to Eddie Money.lnk
[2009/08/24 23:09:19 | 00,000,863 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to Harold Melvin & The Blue Notes.lnk
[2009/08/24 19:15:39 | 00,001,856 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Retry AOL 9.0 or call 866.489.4698 for assistance.lnk
[2009/08/24 19:15:39 | 00,001,059 | -H-- | M] () -- C:\IPH.PH
[2009/08/24 15:24:16 | 00,202,072 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid

========== LOP Check ==========

[2009/09/02 19:08:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2006/03/06 19:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4200Series
[2006/03/27 19:04:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2005/05/05 01:07:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2005/06/28 21:28:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2005/05/05 00:29:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/05/22 09:11:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/06/28 21:27:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2004/08/04 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/15 01:13:34 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/07/01 01:00:01 | 00,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/08/31 02:28:01 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/09/02 20:15:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/06/14 23:33:56 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E49FC3A5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E13861A5
< End of report >

OTL Extras logfile created on: 9/2/2009 8:59:46 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\HP_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.29 Mb Total Physical Memory | 612.74 Mb Available Physical Memory | 60.35% Memory free
2.39 Gb Paging File | 2.10 Gb Available in Paging File | 88.04% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.33 Gb Total Space | 159.94 Gb Free Space | 89.19% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 232.81 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive E: | 6.96 Gb Total Space | 1.83 Gb Free Space | 26.37% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4F1261A8E5
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe" = C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- File not found
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe" = C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- File not found
"C:\Program Files\Common Files\AOL\1213500330\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1213500330\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- File not found
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4C04DF1B-6A39-4299-9DD1-1FA60000266E}" = HP Photosmart Cameras 4.0
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{5A4E3B3A-D1E1-4586-9249-2DA68D0B09D2}" = HPIZplus450
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6B350CA4-0031-0002-3757-34999AD85AEC}" = InterVideo WinDVD Creator
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{725249C3-B94C-4141-8799-0D3BA43D0812}" = CameraDrivers
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B103C8A7-D1CC-4B1A-BD41-883F652E097D}" = muvee autoProducer 3.5 magicMoments - HPD
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C439D065-5B64-4563-A6B9-1AA202633E13}" = Lexmark Fax Solutions
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D0420D64-8D33-4374-A2B2-9225C7925CA6}" = HP Image Zone Plus 4.5.4
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{E0343A4C-2FFD-4CCB-B0EB-5DE9F0E2A083}" = LS_HSI
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"3F34F72F-9BB0-4B73-8312-558953ACF56F" = Super Granny from Hewlett-Packard Desktops (remove only)
"58D1A004-6D3C-480A-9E0D-FAA58F3C2A62" = Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
"62067F4C-84A9-45B9-8573-B90468B0A3EF" = Orbital from Hewlett-Packard Desktops (remove only)
"6723E59E-322A-417A-8E03-27A61E18253C" = Overball from Hewlett-Packard Desktops (remove only)
"6B60434A-ABE1-48FF-906B-0EA67087AB25" = Road Ready Streetwise from Hewlett-Packard Desktops (remove only)
"703E3900-69DA-47C9-9768-C6514098F149" = Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only)
"8C4E79CC-03E1-43AA-9910-9A5113F24603" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AskSBar Uninstall" = Ask Toolbar
"B151D9AC-5E4E-4AD0-96C9-5A6C9EC23502" = Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
"B2D3332F-EA2D-42B3-8E4A-F74D052BCBC1" = Polar Golfer from Hewlett-Packard Desktops (remove only)
"BackWeb-309731 Uninstaller" = Updates from HP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"D11F7128-8CBD-408B-8BF8-034604DEDD42" = Bounce Symphony from Hewlett-Packard Desktops (remove only)
"DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292" = Crystal Maze from Hewlett-Packard Desktops (remove only)
"ERUNT_is1" = ERUNT 1.1j
"F5215F01-DFC0-475D-A910-6F1AF94E807E" = Tradewinds from Hewlett-Packard Desktops (remove only)
"Help and Support Additions" = Help and Support Additions
"HP Photo & Imaging" = HP Image Zone 4.5.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"InstallShield_{C439D065-5B64-4563-A6B9-1AA202633E13}" = Lexmark 4200 Series Fax Solutions
"Lexmark 4200 Series" = Lexmark 4200 Series
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Port Magic" = Pure Networks Port Magic
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Text Twist" = Text Twist
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2008 10:03:10 PM | Computer Name = YOUR-4F1261A8E5 | Source = Application Hang | ID = 1001
Description = Fault bucket 126637809.

Error - 12/30/2008 6:33:10 PM | Computer Name = YOUR-4F1261A8E5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/1/2009 11:13:57 PM | Computer Name = YOUR-4F1261A8E5 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 2/15/2009 1:58:32 AM | Computer Name = YOUR-4F1261A8E5 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3306, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/15/2009 2:05:35 AM | Computer Name = YOUR-4F1261A8E5 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3306, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/15/2009 1:04:28 PM | Computer Name = YOUR-4F1261A8E5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/15/2009 1:12:37 PM | Computer Name = YOUR-4F1261A8E5 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....1A61C7DC25.crt>
with error: This operation returned because the timeout period expired.

Error - 2/15/2009 1:12:37 PM | Computer Name = YOUR-4F1261A8E5 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....1A61C7DC25.crt>
with error: The specified server cannot perform the requested operation.

Error - 2/15/2009 3:10:42 PM | Computer Name = YOUR-4F1261A8E5 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module repdrvfs.dll, version 5.1.2600.2180, fault address 0x0001bc43.

Error - 2/25/2009 10:33:47 AM | Computer Name = YOUR-4F1261A8E5 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 9/2/2009 7:10:25 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7000
Description = The My Web Search Service service failed to start due to the following
error: %%3

Error - 9/2/2009 7:51:40 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7034
Description = The LightScribeService Direct Disc Labeling Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 9/2/2009 7:51:40 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/2/2009 7:51:40 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7034
Description = The Symantec Settings Manager service terminated unexpectedly. It
has done this 1 time(s).

Error - 9/2/2009 7:51:40 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7034
Description = The Symantec Event Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/2/2009 7:51:40 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7034
Description = The LexBce Server service terminated unexpectedly. It has done this
1 time(s).

Error - 9/2/2009 7:51:40 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 9/2/2009 7:51:40 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 9/2/2009 7:55:17 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7000
Description = The My Web Search Service service failed to start due to the following
error: %%3

Error - 9/2/2009 8:15:30 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7000
Description = The My Web Search Service service failed to start due to the following
error: %%3


< End of report >

Attached Files


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP