Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System froze while attempting malware guide

Started by housemom , Nov 25 2009 10:20 AM

  • Please log in to reply

#1
housemom
Posted 25 November 2009 - 10:20 AM

housemom

    New Member

  • Member
  • Pip
  • 9 posts
Posting to forum from alternative source while waiting for laptop to respond
Have hp laptop running vista home premium service pack 2
Followed malware guide to step three
system slowed and froze
attempted to open task manager with no response
& after a while chose to do a hard shut down
restarted in safe mode with networking
attempted to run rootrepeal
unsure what to do to get back out
how long should I wait for it to respond?
  • 0

Advertisements

#2
housemom
Posted 25 November 2009 - 10:31 AM

housemom

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
While I was posting, rootrepeal responded and finished, after almost an hour. Will attempt to finish guide and post logs from there.
  • 0

#3
housemom
Posted 25 November 2009 - 10:50 AM

housemom

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Malwarebytes' Anti-Malware 1.41
Database version: 3226
Windows 6.0.6002 Service Pack 2

11/24/2009 7:30:36 PM
mbam-log-2009-11-24 (19-30-36).txt

Scan type: Quick Scan
Objects scanned: 91353
Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_________________________________________________________


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/25 08:34
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_diskdump.sys
Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys
Address: 0x8CD62000 Size: 40960 File Visible: No Signed: -
Status: -

Name: dump_nvstor32.sys
Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys
Address: 0x8CD6C000 Size: 106496 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x95470000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

==EOF==
  • 0

#4
housemom
Posted 25 November 2009 - 11:19 AM

housemom

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 11/25/2009 10:04:55 AM - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Users\parents\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 79.90% Memory free
2.38 Gb Paging File | 2.12 Gb Available in Paging File | 89.13% Paging File free
Paging file location(s): c:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.63 Gb Total Space | 182.06 Gb Free Space | 81.05% Space Free | Partition Type: NTFS
Drive D: | 8.25 Gb Total Space | 1.35 Gb Free Space | 16.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PARENTS-PC
Current User Name: parents
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/25 09:58:49 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Users\parents\Desktop\OTL.exe
PRC - [2009/09/08 13:46:32 | 01,012,040 | ---- | M] (Sunbelt Software) -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
PRC - [2009/04/10 23:28:15 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wisptis.exe
PRC - [2009/04/10 23:28:15 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wisptis.exe
PRC - [2009/04/10 23:28:06 | 00,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009/04/10 23:28:06 | 00,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/19 00:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe


========== Modules (SafeList) ==========

MOD - [2009/11/25 09:58:49 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Users\parents\Desktop\OTL.exe
MOD - [2009/04/10 23:28:24 | 00,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/04/10 23:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/01 14:08:34 | 00,521,496 | ---- | M] (Avanquest Software) -- C:\Program Files\Avanquest\SystemSuite\MXTask.exe -- (SystemSuite Task Manager)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/08 13:46:32 | 01,012,040 | ---- | M] (Sunbelt Software) -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/29 21:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/18 11:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/18 11:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/02/18 11:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/01/19 00:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 00:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/19 00:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007/12/19 19:28:34 | 00,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/12/19 19:28:34 | 00,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/02/17 07:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/02/12 09:36:58 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/10 02:38:00 | 00,069,120 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/06/26 09:50:08 | 00,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/06/22 01:14:00 | 00,131,584 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASChnl.dll -- (ASChannel)
SRV - [2006/05/02 14:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/w...b?o=13110&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.45
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {04426594-bce6-4705-b811-bcdba2fd9c7b}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 17:51:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\Avanquest\SystemSuite\Firefox [2009/11/24 15:30:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4d855a8a-1536-4aa8-bf99-da2362910205}: C:\Program Files\Avanquest\SystemSuite\Firefox3DV [2009/11/24 15:30:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Zoned\Mozilla Firefox\components [2009/11/18 10:43:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Zoned\Mozilla Firefox\plugins [2009/11/18 10:43:31 | 00,000,000 | ---D | M]

[2009/04/21 13:52:27 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Extensions
[2009/04/21 13:52:27 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/21 15:23:09 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\p0alg2nf.default\extensions
[2009/04/21 14:43:49 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\p0alg2nf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/04/21 15:23:09 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\p0alg2nf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/04/21 14:43:49 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\p0alg2nf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/21 15:07:16 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\p0alg2nf.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/04/21 15:03:46 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\p0alg2nf.default\extensions\[email protected]
[2009/04/21 14:43:49 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\p0alg2nf.default\extensions\[email protected]
[2009/04/21 14:43:49 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\p0alg2nf.default\extensions\[email protected]
[2009/11/24 17:42:58 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\y9lh8wbh.default\extensions
[2009/11/24 17:41:49 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\y9lh8wbh.default\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}
[2009/09/06 08:38:48 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\y9lh8wbh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/24 17:41:51 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\y9lh8wbh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/11/24 17:41:53 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\y9lh8wbh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/09/06 08:53:50 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\y9lh8wbh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/24 17:41:50 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\y9lh8wbh.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/11/24 17:41:49 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla\Firefox\Profiles\y9lh8wbh.default\extensions\[email protected]

O1 HOSTS File: (761 bytes) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\avgssie.dll ()
O2 - BHO: (DataVault Object) - {8373ADC0-6330-11DD-9D77-22C856D89593} - C:\Program Files\Avanquest\SystemSuite\IE_ContextMenu_Vault.dll (Avanquest Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\Zoned\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/14 11:47:58 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{253fedfb-25e3-11de-baa5-001b24f1c15b}\Shell\AutoRun\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{253fedfb-25e3-11de-baa5-001b24f1c15b}\Shell\install\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{253fedfb-25e3-11de-baa5-001b24f1c15b}\Shell\usermanualEnglish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{253fedfb-25e3-11de-baa5-001b24f1c15b}\Shell\usermanualFrench\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{253fedfb-25e3-11de-baa5-001b24f1c15b}\Shell\usermanualSpanish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\WINDOWS\System32\ias [2009/04/21 18:40:02 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/11/25 09:58:48 | 00,531,456 | ---- | C] (OldTimer Tools) -- C:\Users\parents\Desktop\OTL.exe
[2009/11/24 19:24:34 | 00,000,000 | ---D | C] -- C:\Users\parents\AppData\Roaming\Malwarebytes
[2009/11/24 19:24:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/24 19:24:25 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/24 19:24:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/24 19:03:08 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/24 15:21:01 | 00,000,000 | ---D | C] -- C:\Users\parents\6A615007721D4063B226EA41EB6604B9.TMP
[2009/11/24 13:28:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/11/24 13:28:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/11/24 13:28:23 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/11/18 11:43:03 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/11/18 09:52:21 | 00,000,000 | ---D | C] -- C:\Users\parents\AppData\Local\Seven Zip
[2009/11/13 09:37:10 | 00,000,000 | ---D | C] -- C:\Users\parents\AppData\Local\Microsoft Games
[2009/11/12 19:48:05 | 00,000,000 | ---D | C] -- C:\Users\parents\nimbuzz
[2009/11/12 19:43:19 | 00,000,000 | ---D | C] -- C:\Program Files\Nimbuzz
[1 C:\Users\parents\*.tmp files -> C:\Users\parents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/25 09:59:18 | 02,359,296 | ---- | M] () -- C:\Users\parents\ntuser.dat
[2009/11/25 09:58:49 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Users\parents\Desktop\OTL.exe
[2009/11/25 08:17:04 | 00,727,348 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/25 08:17:04 | 00,621,098 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/25 08:17:04 | 00,109,970 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/25 08:10:07 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/25 07:39:09 | 00,041,946 | ---- | M] () -- C:\Users\parents\AppData\Roaming\nvModes.001
[2009/11/25 07:36:50 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/25 07:36:50 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/25 07:36:45 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/24 21:36:28 | 00,065,536 | -HS- | M] () -- C:\Users\parents\ntuser.dat{cd6d8683-d069-11de-af35-001b24f1c15b}.TM.blf
[2009/11/24 21:36:27 | 00,524,288 | -HS- | M] () -- C:\Users\parents\ntuser.dat{cd6d8683-d069-11de-af35-001b24f1c15b}.TMContainer00000000000000000001.regtrans-ms
[2009/11/24 21:36:00 | 01,651,247 | -H-- | M] () -- C:\Users\parents\AppData\Local\IconCache.db
[2009/11/24 19:24:29 | 00,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/24 18:59:58 | 00,000,823 | ---- | M] () -- C:\Users\parents\Desktop\NTREGOPT.lnk
[2009/11/24 18:59:58 | 00,000,804 | ---- | M] () -- C:\Users\parents\Desktop\ERUNT.lnk
[2009/11/24 15:06:59 | 00,350,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/18 10:05:15 | 00,008,192 | ---- | M] () -- C:\Users\parents\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/17 20:32:03 | 00,010,362 | ---- | M] () -- C:\Users\parents\Documents\Diagnostics Results.rtf
[2009/11/13 12:00:05 | 00,524,288 | -HS- | M] () -- C:\Users\parents\ntuser.dat{cd6d8683-d069-11de-af35-001b24f1c15b}.TMContainer00000000000000000002.regtrans-ms
[2009/11/13 09:22:39 | 00,524,288 | -HS- | M] () -- C:\Users\parents\ntuser.dat{711bb217-1319-11de-afa3-001b24f1c15b}.TMContainer00000000000000000001.regtrans-ms
[2009/11/13 09:22:39 | 00,065,536 | -HS- | M] () -- C:\Users\parents\ntuser.dat{711bb217-1319-11de-afa3-001b24f1c15b}.TM.blf
[2009/11/13 08:36:49 | 00,000,248 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/11/12 19:43:30 | 00,000,788 | ---- | M] () -- C:\Users\Public\Desktop\Nimbuzz.lnk
[2009/11/12 19:32:39 | 00,041,946 | ---- | M] () -- C:\Users\parents\AppData\Roaming\nvModes.dat
[1 C:\Users\parents\*.tmp files -> C:\Users\parents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/24 19:24:29 | 00,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/24 18:59:58 | 00,000,823 | ---- | C] () -- C:\Users\parents\Desktop\NTREGOPT.lnk
[2009/11/24 18:59:58 | 00,000,804 | ---- | C] () -- C:\Users\parents\Desktop\ERUNT.lnk
[2009/11/17 20:32:03 | 00,010,362 | ---- | C] () -- C:\Users\parents\Documents\Diagnostics Results.rtf
[2009/11/13 09:25:48 | 00,524,288 | -HS- | C] () -- C:\Users\parents\ntuser.dat{cd6d8683-d069-11de-af35-001b24f1c15b}.TMContainer00000000000000000002.regtrans-ms
[2009/11/13 09:25:48 | 00,524,288 | -HS- | C] () -- C:\Users\parents\ntuser.dat{cd6d8683-d069-11de-af35-001b24f1c15b}.TMContainer00000000000000000001.regtrans-ms
[2009/11/13 09:25:48 | 00,065,536 | -HS- | C] () -- C:\Users\parents\ntuser.dat{cd6d8683-d069-11de-af35-001b24f1c15b}.TM.blf
[2009/11/12 19:43:30 | 00,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Nimbuzz.lnk
[2009/10/08 12:31:15 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/08 12:30:49 | 00,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009/04/28 12:36:31 | 00,000,000 | ---- | C] () -- C:\Users\parents\AppData\Roaming\wklnhst.dat
[2009/04/22 18:59:29 | 00,000,144 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/03/25 12:16:07 | 00,041,946 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/25 12:16:07 | 00,041,946 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/17 12:31:30 | 00,008,192 | ---- | C] () -- C:\Users\parents\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/16 20:13:28 | 01,651,247 | -H-- | C] () -- C:\Users\parents\AppData\Local\IconCache.db
[2009/03/16 17:44:31 | 00,000,680 | ---- | C] () -- C:\Users\parents\AppData\Local\d3d9caps.dat
[2009/02/28 20:46:53 | 00,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2009/02/24 16:47:35 | 00,041,946 | ---- | C] () -- C:\Users\parents\AppData\Roaming\nvModes.001
[2009/02/24 16:47:28 | 00,041,946 | ---- | C] () -- C:\Users\parents\AppData\Roaming\nvModes.dat
[2009/02/24 14:13:01 | 00,000,000 | ---- | C] () -- C:\Users\parents\AppData\Local\QSwitch.txt
[2009/02/24 14:13:01 | 00,000,000 | ---- | C] () -- C:\Users\parents\AppData\Local\DSwitch.txt
[2009/02/24 14:13:01 | 00,000,000 | ---- | C] () -- C:\Users\parents\AppData\Local\AtStart.txt
[2009/02/24 14:12:49 | 00,091,672 | ---- | C] () -- C:\Users\parents\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/06/14 11:20:50 | 00,001,676 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/27 13:43:02 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 23:01:36 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 23:01:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 05:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 05:37:35 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 05:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 05:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 00,727,348 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006/11/02 03:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:24:31 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:09:45 | 00,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006/11/02 00:09:44 | 00,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 00:09:44 | 00,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 00:09:42 | 00,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006/11/02 00:09:41 | 00,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 00:09:40 | 00,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 00:09:38 | 00,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 00:09:35 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 00:09:31 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 00:09:29 | 00,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 00:09:26 | 00,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 00:09:24 | 00,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 00:09:23 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 00:09:22 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006/11/02 00:09:20 | 00,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006/11/01 23:25:08 | 00,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2006/03/09 17:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/04/03 14:30:00 | 00,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[1998/05/06 19:10:00 | 00,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

========== LOP Check ==========

[2009/03/18 06:56:28 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Adobe
[2009/10/08 11:14:52 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Apple Computer
[2009/11/02 12:22:58 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Avanquest
[2009/02/24 14:27:23 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\CyberLink
[2009/03/28 14:14:17 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\GTek
[2009/11/18 09:11:52 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Hewlett-Packard
[2009/02/24 14:27:13 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\HP
[2009/02/24 14:12:19 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Identities
[2009/04/08 07:43:21 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\InstallShield
[2009/02/24 13:29:18 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Macromedia
[2009/04/13 18:20:00 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\MAGIX
[2009/11/24 19:24:34 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Malwarebytes
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Media Center Programs
[2009/11/04 11:22:17 | 00,000,000 | --SD | M] -- C:\Users\parents\AppData\Roaming\Microsoft
[2009/04/21 13:52:27 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Mozilla
[2009/10/24 13:41:35 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\mp3rocket
[2009/04/06 15:06:19 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\muvee Technologies
[2009/03/17 12:32:47 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Real
[2009/04/20 11:26:42 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Roxio
[2009/02/27 15:28:34 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\VeriSoft Access Manager
[2009/11/02 11:46:19 | 00,000,000 | ---D | M] -- C:\Users\parents\AppData\Roaming\Yahoo!
[2009/05/12 14:25:06 | 00,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\HPCeeScheduleForparents.job
[2009/11/25 07:36:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/24 21:36:36 | 00,032,616 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 00:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 00:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 00:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 00:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/06/14 12:00:47 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/06/14 12:00:48 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/06/14 12:00:48 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 02:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006/11/02 02:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys
[2009/04/10 23:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 00:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 00:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/02/24 23:50:33 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009/02/24 23:50:33 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009/02/24 23:50:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 00:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 00:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 02:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 23:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll
[2009/04/10 23:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 00:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006/11/02 02:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 00:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 00:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 00:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 02:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/10 23:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll
[2009/04/10 23:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
___________________________________________________________________

OTL Extras logfile created on: 11/25/2009 10:04:55 AM - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Users\parents\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 79.90% Memory free
2.38 Gb Paging File | 2.12 Gb Available in Paging File | 89.13% Paging File free
Paging file location(s): c:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.63 Gb Total Space | 182.06 Gb Free Space | 81.05% Space Free | Partition Type: NTFS
Drive D: | 8.25 Gb Total Space | 1.35 Gb Free Space | 16.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PARENTS-PC
Current User Name: parents
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Zoned\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E87154-E534-423B-BD07-684B259465B8}" = protocol=17 | dir=in | app=c:\program files\zoned\itunes\itunes.exe |
"{120A478B-A7E4-401A-B97E-97B01281CE40}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdapswx.exe |
"{195A04C1-6FEA-482A-98E0-F1EF81879C8D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1F3BFD7A-ADB2-41AB-AC88-1314E1143C1B}" = protocol=6 | dir=in | app=c:\program files\zoned\itunes\itunes.exe |
"{2C6C002B-D0DF-4694-AF3C-13B4A029273E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdapswx.exe |
"{5546DD5A-D531-45F9-B73F-32F3A47BD156}" = protocol=17 | dir=in | app=c:\program files\zoned\itunes\itunes.exe |
"{5CAB3145-016C-4C9A-86B5-458EFF59ABE0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{65897089-D9FF-4355-8A8A-20EE151BA37E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{677CC29E-A751-43E1-856F-A199EBC8AF6D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{834DE1BB-BD41-428D-9044-B6E0CEEB753B}" = protocol=6 | dir=in | app=c:\windows\system32\lxdacoms.exe |
"{9E99079A-0445-4E77-A229-587629544683}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C950EB73-5517-4D35-ABE8-591BDB96DD53}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CD609FAC-DCDD-4498-8FC6-FF01E891C8CF}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{DFCE9C67-41CB-4DEE-96B8-BA5F7FA8BA22}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{E25B1F2E-4AE9-4E9A-9CBD-3AC67CC42787}" = protocol=17 | dir=in | app=c:\windows\system32\lxdacoms.exe |
"{E6D4B88C-87F6-4A6E-BF77-BEACCCCB7F65}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EFBB1183-326E-4D42-83BF-B01674BDA468}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F13D49CA-1866-44BF-AFDA-CDBE367D0A68}" = protocol=6 | dir=in | app=c:\program files\zoned\itunes\itunes.exe |
"TCP Query User{20839B5C-469F-43BB-8213-629B6D0356B9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A5EE4646-2E0D-4632-92CB-CCD4F80AE9AD}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{04874DE9-1032-48E1-ADD6-77E3B16EEADB}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{F7E34C60-0DBF-4186-B813-5797038F3B4E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1B210DDA-6402-47F6-8CE4-BB8BB19809B9}" = HP User Guides 0034
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{55CABB2F-4513-4FF1-B912-B45F93FC5B01}" = AuthenTec Fingerprint Sensor Minimum Install
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A615007-721D-4063-B226-EA41EB6604B9}" = SystemSuite 10 Professional
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{88A548E6-4B09-43E7-AD55-3C7D1B37706D}" = ESU for Microsoft Vista
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D83899AB-9964-4CFC-A246-F1BD430A455F}" = VeriSoft Access Manager
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ERUNT_is1" = ERUNT 1.1j
"Hot Wheels® Turbo Driver™ Downloader" = Hot Wheels® Turbo Driver™ Joystick Installer
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MP3 Rocket" = MP3 Rocket
"Nimbuzz" = Nimbuzz 0.99.0
"NVIDIA Drivers" = NVIDIA Drivers
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hplaptop Master Uninstall" = My HP Games

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP