Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet not working after Trojan Infection/Appropriate Scans complete


  • Please log in to reply

#1
Ruth7R

Ruth7R

    New Member

  • Member
  • Pip
  • 4 posts
Hello,

I'm new to Geeks-to-go and hope you can help me, thank you for your patience as I didn't fully understand the importance of the log requirements. My internet explorer will not display web pages due to a possible infection of a trojan of the SHeur type?, I am not the admin on the computer as I am only a user, the admin (My wife) however is having no issues accessing the net. I have followed the Malware and Spyware Cleaning Guide, ran an Avast scan, removed AVG as per instructions through the guide without success. Here are the required MBAM, GMER & TLO logs as required. Also when I log on it gives me an error box stating the following.
"Error loading c:/Users/Shane/Appdata/Local/dlsalwa.dll"
"Specific mod could not be found"

AVG before it's removal discovered 8 infections and was able to heal 6 of 8. 2 remain unhealed. I however believe the infection goes deeper than the average scan could capture. Please help!!!!! Also I noticed alot of people posting a Hijack report though the cleaning guide suggests to use TLO instead, is this correct?

EDIT* I've noticed plenty of views but no replies. If there is something else I need to do/provide please let me know, I really need to fix this! Also I have some information from Avast after a Thorough scan from the Virus vault of the three threats that were originally encountered.

Avast Information

Virus has been detected!
File Name: uqicikot.dll
FileID: 15
Virus Description: JS:FakeWarn-C [Trj]

Virus has been detected!
File Name: uohdyartssd.exe
FileID: 17
Virus Description: Win32:Trojan-gen



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4219

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

6/21/2010 7:18:49 AM
mbam-log-2010-06-21 (07-18-49).txt

Scan type: Quick scan
Objects scanned: 141137
Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-21 07:51:28
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\axkyykog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BA07340, 0x3DA8C7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!CreateDialogParamW 765C72A2 5 Bytes JMP 71FFDEA8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!GetAsyncKeyState 765C863C 5 Bytes JMP 71F18EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!SetWindowsHookExW 765C87AD 5 Bytes JMP 71FF9AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!CallNextHookEx 765C8E3B 5 Bytes JMP 71FED0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!UnhookWindowsHookEx 765C98DB 5 Bytes JMP 71F6467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!EnableWindow 765CCD8B 5 Bytes JMP 71FFDD35 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!CreateWindowExW 765D1305 5 Bytes JMP 71FFDB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!GetKeyState 765D8CB1 5 Bytes JMP 71FFD2E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!IsDialogMessageW 765E0745 5 Bytes JMP 71F259D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!DialogBoxParamW 765F10B0 5 Bytes JMP 71F254C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] USER32.dll!EndDialog 765F326E 5 Bytes JMP 71F27E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] SHELL32.dll!SHRestricted + D95 76A18988 4 Bytes [4D, 30, 4C, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] SHELL32.dll!SHRestricted + D9D 76A18990 8 Bytes [57, 2F, 4C, 73, 9C, 5B, 4B, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3316] ole32.dll!CoCreateInstance 777D9EA6 5 Bytes JMP 71FFDB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!CreateWindowExW 765D1305 5 Bytes JMP 71FFDB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!DialogBoxParamW 765F10B0 5 Bytes JMP 71F254C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!CreateDialogParamW 765C72A2 5 Bytes JMP 71FFDEA8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!GetAsyncKeyState 765C863C 5 Bytes JMP 71F18EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!SetWindowsHookExW 765C87AD 5 Bytes JMP 71FF9AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!CallNextHookEx 765C8E3B 5 Bytes JMP 71FED0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!UnhookWindowsHookEx 765C98DB 5 Bytes JMP 71F6467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!EnableWindow 765CCD8B 5 Bytes JMP 71FFDD35 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!CreateWindowExW 765D1305 5 Bytes JMP 71FFDB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!GetKeyState 765D8CB1 5 Bytes JMP 71FFD2E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!IsDialogMessageW 765E0745 5 Bytes JMP 71F259D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!DialogBoxParamW 765F10B0 5 Bytes JMP 71F254C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!EndDialog 765F326E 5 Bytes JMP 71F27E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] SHELL32.dll!SHRestricted + D95 76A18988 4 Bytes [4D, 30, 4C, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] SHELL32.dll!SHRestricted + D9D 76A18990 8 Bytes [57, 2F, 4C, 73, 9C, 5B, 4B, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] ole32.dll!CoCreateInstance 777D9EA6 5 Bytes JMP 71FFDB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----


OTL logfile created on: 6/21/2010 7:56:04 AM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Christine Gauze\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.59 Gb Total Space | 136.12 Gb Free Space | 60.88% Space Free | Partition Type: NTFS
Drive D: | 9.29 Gb Total Space | 1.26 Gb Free Space | 13.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTINEGAU-PC
Current User Name: Christine Gauze
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/21 07:55:32 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Christine Gauze\Desktop\OTL.exe
PRC - [2010/06/02 09:49:54 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 09:49:52 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 09:49:51 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 09:48:28 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 09:48:26 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/26 11:03:40 | 002,346,192 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/03/25 21:52:21 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/14 21:07:54 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/14 21:07:41 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/20 16:46:32 | 000,175,888 | ---- | M] () -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2009/07/17 23:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/03 12:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 07:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe


========== Modules (SafeList) ==========

MOD - [2010/06/21 07:55:32 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Christine Gauze\Desktop\OTL.exe
MOD - [2010/03/14 21:08:03 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/14 21:07:54 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/14 21:07:41 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/08 01:11:32 | 000,079,360 | ---- | M] (WoltersKluwerLWW) [On_Demand | Stopped] -- C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe -- (LWWLicenseService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/06/02 09:49:52 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 09:49:51 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/14 21:07:40 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/09/15 07:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 07:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/15 07:55:09 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2008/07/03 18:03:48 | 002,152,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/22 15:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 06:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 06:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 06:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/20 22:23:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/07 11:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/12/07 11:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/11/17 15:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 11:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/06/01 01:11:28 | 000,252,416 | R--- | M] (Belkin Corporation. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BLKWGU.sys -- (BELKIN)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MySpace\Toolbar\1.0.72.0\ [2010/06/02 07:09:36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\tbPage.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Christine Gauze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergys...om/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Christine Gauze\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Christine Gauze\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/20 03:22:49 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{06352e57-b2c6-11dd-80ab-001fc672a13f}\Shell\access\command - "" = F:\_Encryption_Data_Do_Not_Delete_\autorun.exe -- File not found
O33 - MountPoints2\{06352e57-b2c6-11dd-80ab-001fc672a13f}\Shell\AutoRun\command - "" = F:\_Encryption_Data_Do_Not_Delete_\autorun.exe -- File not found
O33 - MountPoints2\{72ad68d2-b524-11dd-a114-001fc672a13f}\Shell\AutoRun\command - "" = F:\PortableVault.exe -- File not found
O33 - MountPoints2\{eff2ea20-f999-11de-8cb0-001fc672a13f}\Shell\access\command - "" = F:\_Encryption_Data_Do_Not_Delete_\autorun.exe -- File not found
O33 - MountPoints2\{eff2ea20-f999-11de-8cb0-001fc672a13f}\Shell\AutoRun\command - "" = F:\_Encryption_Data_Do_Not_Delete_\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\C) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 22:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/06/21 07:19:13 | 000,000,000 | ---D | C] -- C:\Users\Christine Gauze\Desktop\Logs
[2010/06/21 07:13:39 | 000,000,000 | ---D | C] -- C:\Users\Christine Gauze\Desktop\Geeks
[2010/06/21 07:12:05 | 000,000,000 | ---D | C] -- C:\Users\Christine Gauze\AppData\Roaming\Malwarebytes
[2010/06/21 07:11:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/21 07:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/21 07:11:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/21 07:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/21 07:10:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/21 07:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/21 03:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/06/17 07:00:36 | 000,000,000 | ---D | C] -- C:\Users\Christine Gauze\Documents\HealBot_3.3.5.0.rc5[1]
[2010/05/25 03:36:50 | 000,000,000 | ---D | C] -- C:\Users\Christine Gauze\Desktop\[bleep]
[2010/05/25 03:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/05/25 03:18:51 | 000,000,000 | ---D | C] -- C:\Users\Christine Gauze\AppData\Roaming\IObit
[2010/05/25 03:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/05/19 22:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/05/19 22:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage
[2010/05/19 22:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Client
[2010/05/19 22:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2010/04/17 18:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/17 18:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/17 18:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/17 18:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/17 18:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/04 09:07:02 | 000,000,000 | ---D | C] -- C:\Users\Christine Gauze\AppData\Local\Yahoo
[2010/03/30 16:18:24 | 000,000,000 | ---D | C] -- C:\Windows\Cached EMS Install Files
[2010/03/26 05:24:12 | 000,000,000 | ---D | C] -- C:\Users\Christine Gauze\AppData\Roaming\Google
[2010/03/25 21:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

========== Files - Modified Within 90 Days ==========

[2010/06/21 07:56:19 | 002,359,296 | -HS- | M] () -- C:\Users\Christine Gauze\ntuser.dat
[2010/06/21 07:27:25 | 000,001,631 | ---- | M] () -- C:\Users\Christine Gauze\Desktop\AVG Free User Interface.lnk
[2010/06/21 07:16:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/21 07:06:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/21 07:06:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/21 07:06:08 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/21 07:06:03 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/21 07:05:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/21 07:05:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/21 07:05:25 | 2011,594,752 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/21 07:04:40 | 000,524,288 | -HS- | M] () -- C:\Users\Christine Gauze\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/06/21 07:04:40 | 000,065,536 | -HS- | M] () -- C:\Users\Christine Gauze\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/21 06:46:08 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/21 06:46:08 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/21 06:46:08 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/21 04:27:09 | 002,236,152 | -H-- | M] () -- C:\Users\Christine Gauze\AppData\Local\IconCache.db
[2010/06/21 03:11:18 | 061,263,123 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/06/20 12:53:10 | 000,176,818 | ---- | M] () -- C:\Users\Christine Gauze\Documents\chassis.pdf
[2010/06/20 12:52:50 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E4821509-F0E6-46DA-ACFE-7F23CD212952}.job
[2010/06/10 23:47:11 | 000,619,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/08 07:59:32 | 000,243,424 | ---- | M] () -- C:\Users\Christine Gauze\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/05 13:24:44 | 000,524,288 | -HS- | M] () -- C:\Users\Christine Gauze\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/02 09:49:52 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/02 09:49:51 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/30 20:29:23 | 000,065,949 | ---- | M] () -- C:\Users\Christine Gauze\Documents\2010%20STREET%20STOCK%20RULES.pdf
[2010/05/25 03:26:16 | 000,000,867 | ---- | M] () -- C:\Users\Christine Gauze\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/05/25 03:18:56 | 000,001,004 | ---- | M] () -- C:\Users\Christine Gauze\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/05/25 03:18:56 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/05/19 18:23:37 | 000,013,340 | ---- | M] () -- C:\Users\Christine Gauze\Documents\odstudy.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/17 18:45:50 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2010/06/21 07:27:25 | 000,001,631 | ---- | C] () -- C:\Users\Christine Gauze\Desktop\AVG Free User Interface.lnk
[2010/06/20 12:53:10 | 000,176,818 | ---- | C] () -- C:\Users\Christine Gauze\Documents\chassis.pdf
[2010/05/30 20:29:23 | 000,065,949 | ---- | C] () -- C:\Users\Christine Gauze\Documents\2010%20STREET%20STOCK%20RULES.pdf
[2010/05/25 03:26:16 | 000,000,867 | ---- | C] () -- C:\Users\Christine Gauze\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/05/25 03:19:07 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2010/05/25 03:18:56 | 000,001,004 | ---- | C] () -- C:\Users\Christine Gauze\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/05/25 03:18:56 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/05/19 18:23:37 | 000,013,340 | ---- | C] () -- C:\Users\Christine Gauze\Documents\odstudy.pdf
[2010/04/17 18:45:50 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/09/10 23:00:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/11 01:52:20 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/01/11 20:17:25 | 000,000,065 | ---- | C] () -- C:\Windows\PrintWorkShop2008LE.ini
[2008/11/08 01:01:27 | 000,375,296 | ---- | C] () -- C:\Windows\System32\tx32.dll
[2008/11/08 01:01:25 | 000,000,202 | ---- | C] () -- C:\Windows\System32\IC32.INI
[2008/11/08 00:59:34 | 000,000,092 | ---- | C] () -- C:\Windows\CMAdvDVD.ini
[2008/11/08 00:55:35 | 000,000,053 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/11/08 00:55:32 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2008/03/20 03:23:04 | 000,000,068 | ---- | C] () -- C:\Windows\System32\Compaq_Demo.ini
[2008/03/20 03:02:48 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/03/20 03:02:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/06/21 03:48:47 | 000,000,000 | ---D | M] -- C:\Users\Christine Gauze\AppData\Roaming\IObit
[2008/11/17 23:55:55 | 000,000,000 | ---D | M] -- C:\Users\Christine Gauze\AppData\Roaming\Template
[2008/11/07 01:14:28 | 000,000,000 | ---D | M] -- C:\Users\Christine Gauze\AppData\Roaming\WinBatch
[2010/06/21 07:06:03 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/06/21 07:04:23 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/20 12:52:50 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E4821509-F0E6-46DA-ACFE-7F23CD212952}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/03/20 03:22:49 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/03/20 03:53:35 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/11/19 01:37:42 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT
[2010/06/21 07:05:25 | 2011,594,752 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/28 11:11:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/28 11:11:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/21 07:05:21 | 2325,487,616 | -HS- | M] () -- C:\pagefile.sys
[2008/11/07 01:34:59 | 000,000,574 | ---- | M] () -- C:\RHDSetup.log
[2008/11/21 02:13:11 | 000,001,013 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 22:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< End of report >


OTL Extras logfile created on: 6/21/2010 7:56:04 AM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Christine Gauze\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.59 Gb Total Space | 136.12 Gb Free Space | 60.88% Space Free | Partition Type: NTFS
Drive D: | 9.29 Gb Total Space | 1.26 Gb Free Space | 13.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTINEGAU-PC
Current User Name: Christine Gauze
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01487D8B-DA67-40B2-B6D2-5AD25A917B70}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{04A86BAA-E3BE-4CF3-A413-4566244F0578}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0A9B692E-740D-4AD1-8EDE-15C4DA46DA11}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0C879781-7406-4450-A22B-798DA9820316}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{147B55A5-E604-4647-A82D-FB9D1D9D47E7}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{1A5B7586-983D-45BA-8266-AA2B5E079CF8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{231FB257-A3FA-4928-A64B-71114133AE59}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27B2FC9F-449E-4FA5-821C-BC440BAB87FA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{35FFB8B5-219D-41BB-B23A-DA24ED1F7BA0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3899FD2F-1F3D-403A-884B-7412475A50D8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46BE90A7-9ACD-4EC1-9D08-30E5F21DAACF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4918E763-A783-4EC5-B00B-2C0FF7B3025E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56B1DF03-0EFD-46DE-AC15-AB366B0D68D3}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader |
"{56DEB9B4-8B96-4DDB-906F-64B7DB616D1A}" = lport=10244 | protocol=6 | dir=in | app=system |
"{5997575F-0AB7-4275-8447-7E29CAA6D189}" = lport=3390 | protocol=6 | dir=in | app=system |
"{5AA8E7BA-2C0D-45DF-8544-C3E0637786A4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{703FED0D-2F19-4E79-997C-DE4A54EAA62A}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{74095970-4618-4AC0-8652-F25F74EC0496}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B519118-82AF-46BB-97FB-A2AB1128E46B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7CF93ABA-27AD-4897-88F9-CADAF82CCEA0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81361F1D-2733-4786-B6E0-DE9A61E26081}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{846E6EE7-11AE-41C6-A91B-3F425DA56EF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84BB2F36-B6E1-417D-A9F2-420F17B2D86D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{860013F2-C2F9-49DE-9ABE-B435A4B6F982}" = lport=10244 | protocol=6 | dir=in | app=system |
"{86B8C544-53C5-41F7-AF7B-6A91A2D82892}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A812056-F939-4AE6-81B3-A6AA23FC6114}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B04505BE-9A9E-4A61-A9CD-BE1BF6851E51}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B248064B-95CD-442D-BF6F-FA8596731BAC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B76F0E5E-C4FE-4143-AF76-1F3AE268B34E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C0E42AD9-DC59-4442-B849-84E1EC8736BD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C15D0D1A-F4D3-40B6-949C-8D94411AF600}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C485D259-2CC7-403A-8C19-CEA97A10545F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4C36EAB-43CD-4F5F-89E6-1C4FD6124638}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE0C55A4-EE97-4413-B2EF-29248652FA54}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D02440B0-CC62-4871-8CCF-5BAE07959B53}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D135A3B9-C574-4C2A-9790-48C99A8C0E3A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{D45E08E1-8CC0-4BB8-8EEC-BA51EBA572D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DD375F84-828A-471F-B3AA-3AD40193E45E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E51C3D37-BDA9-4F2E-A275-CB6C8D46583A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F24FD15A-4E22-44F1-9306-173C506698E3}" = rport=10244 | protocol=6 | dir=out | app=system |
"{F39E7CC5-9E34-4F71-A5FD-5F454F64CD18}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017D9525-3A6A-40F5-90DE-82BCB50EF62C}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{0FBFC776-1FDC-4C6B-B3C4-4124EE01665A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1A07C808-69C0-41DE-A7DC-4FAD436E0A36}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{20CE3CCB-D115-4FBE-9CF2-B254E5BBC0DF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{2F52E32D-87B6-4E5D-B692-4F66B4D8ADD2}" = protocol=6 | dir=out | app=system |
"{3102B6ED-B074-4681-9860-97FED77915EC}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{3135557E-6026-49B2-B720-CCC09D1A2E74}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{4316F030-042F-4545-B2DA-4CE2CAEBE74D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{462F3A18-FBDF-4CAE-937B-41CD00225C35}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{46E40728-AC01-44F4-A3E1-1CE162454B02}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{47DA494D-4EEB-41A7-A90B-CBA10BE6551B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4FAD26B6-C0E6-41A2-8A07-1D574CA128CF}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5015D73D-5F7E-4BB6-853E-EF67F01E9EB5}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{54A8183D-90E0-4B7B-BA7B-FB7CD3919332}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5F65AAE9-CD3B-46C5-9F26-03D57A4BCC23}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{644FFF03-AA85-415F-957C-97D87B90FFB8}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{66D981F5-EE27-4895-9E77-5E6FADEC71DE}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{66F35966-5815-47CE-9105-8A291B206A37}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{6A9941BA-CD00-4EFA-94AD-33FE6D2D230D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{6DE79F9C-613F-476A-9262-9352C289538F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{709A4C6C-570A-4565-9BBD-76D4F190363D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{809D2924-109B-48A9-A797-C2AB137F6CD1}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{90BAA24B-FF6B-44D8-9068-D9B45AA4E37E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{93822C9C-7D7A-4CE0-B1CB-A9ABAF22E0F3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{96C74C75-6A7A-4B92-BB2A-503D2061BC58}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{98308D5A-BA7B-417D-8236-6796D3E4096A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{99BC6EE4-7F4E-4E72-9101-E5BD9EC65BC0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9AFBCC9D-432D-4C61-9D42-DC0355240672}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{A11C77FF-9C7D-4399-91A3-4B58AA1E0367}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{A746C31E-4B9D-4636-8A8F-26610F727F98}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{B14E97C5-B5CB-413F-8CCD-2B82BAD59BDC}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B3BCF88A-9784-4FAB-88A9-C10A1038F50B}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{B7BE2980-4707-41A5-94B5-97BA1C0DAE88}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{C0D2BD64-0ABB-4D31-91F8-2A73982686D1}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{C3338B90-BF5E-4A0A-A7CB-DF6B24564AC6}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{C3D0AC7F-D688-4E3B-B6E6-D733B3B6B9F0}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{C44B4E38-C670-4E66-B735-0473B7FC2B26}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C88A35B4-AA02-4BEE-8231-9A3B62B377BC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{CA8D4E0B-83D4-4DFA-87F8-C8D6058F3C61}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{D189EF8F-894F-4907-AD07-DCE1BBF26286}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{D32C56D6-3911-4FC7-89B6-20DE32D49146}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{D3C077FC-A04C-4B17-867F-FF9091C244F1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{D3C5D35F-5C9D-49D1-92EA-35115A8E1014}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D844D587-258D-4190-981D-AA8AEE36BC48}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{D9801A28-8F27-4B8C-9EE3-2C0F079B3A08}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{E158CDFF-D39C-48C8-A276-C0F37D57628B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{EA0096CB-7F85-4D7D-B647-537772E246BA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{ED801470-8577-4156-A6F0-5F975A78F1B1}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F14AE23B-C4F6-48C5-89BD-7128BDBF0081}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F476F2D3-9AC5-444D-BDAF-8FC07F6D5F85}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{F4F0E3B5-CBC4-4109-9846-C360DC54DE85}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{FACB6E69-A18A-44E2-AD02-0FB6F09CB7FC}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"TCP Query User{0783B75E-9C57-4597-83CD-BA16A4933D24}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"TCP Query User{108B12ED-AE0B-4D4F-B397-882F5F47E238}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{16CEC78B-84B8-4C04-A27C-AD44E176E605}C:\users\christine gauze\appdata\local\temp\blizzard launcher temporary - 5266f880\launcher.exe" = protocol=6 | dir=in | app=c:\users\christine gauze\appdata\local\temp\blizzard launcher temporary - 5266f880\launcher.exe |
"TCP Query User{36584B9D-F5FD-41FA-B3AB-6A7F9826B1AB}C:\users\christine gauze\appdata\local\temp\blizzard launcher temporary - c505b078\launcher.exe" = protocol=6 | dir=in | app=c:\users\christine gauze\appdata\local\temp\blizzard launcher temporary - c505b078\launcher.exe |
"TCP Query User{4003B05E-9876-4C1F-B6CB-27F3202EB959}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"TCP Query User{4C17D19B-E304-4BFA-991C-4D2B55E41578}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{77E126DD-E1E9-44AF-A3D9-C06E8BD989A7}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{A0F72251-F6CE-4C26-9429-5435DD837EAC}C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe |
"TCP Query User{D85B9A63-29BF-4B39-AEA4-1365903F5FF3}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{EAB1679F-29C6-4A05-8DED-6A8DDF324CA4}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{226C24C9-47BB-47AF-AC40-4EB49B9B4068}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{2DCAECB1-CB91-4820-A820-E430B2240B94}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{52801F74-5E4B-4E87-9B1A-319F1252CA0E}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{5497EFBC-6D2A-4C29-9B4D-9795F927F2FC}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"UDP Query User{9306AE10-FDF6-48EF-B814-FE484B0D2E2A}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{BE4FBE31-71FD-4304-ADF6-4CAEA3B1E65E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CEABE3E7-78A7-4553-877E-952F7DA4FF57}C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe |
"UDP Query User{E1EDFC80-B23C-4859-A3D1-536C9E1ADC62}C:\users\christine gauze\appdata\local\temp\blizzard launcher temporary - c505b078\launcher.exe" = protocol=17 | dir=in | app=c:\users\christine gauze\appdata\local\temp\blizzard launcher temporary - c505b078\launcher.exe |
"UDP Query User{F5DC87BF-A9D4-4E65-8200-349FA863A3CF}C:\users\christine gauze\appdata\local\temp\blizzard launcher temporary - 5266f880\launcher.exe" = protocol=17 | dir=in | app=c:\users\christine gauze\appdata\local\temp\blizzard launcher temporary - 5266f880\launcher.exe |
"UDP Query User{F80DB476-655E-4B6C-9666-089EAAD9D267}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{11F27647-5229-4508-9056-D4ECB7FF8303}" = Eagle CUDA 240 S/GPS Demo
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{7F2B6338-4C07-49A0-BDF0-AD92E3124A7E}" = Compaq Demo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C03FBE-4492-4133-BBAB-421CD88ADA32}" = OpenOffice.org 2.3
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9203C715-E2EC-4C64-B98D-6DA48426FD9E}" = Eagle FishElite 480 Demo
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BC3BE1DB-7DD0-4064-97AE-F57BE15FB491}" = Print Workshop 2008 LE
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D593C72C-435B-4171-8106-9CA8AA34D716}" = Belkin Wireless Driver
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"avast!" = avast! Antivirus
"AVG9Uninstall" = AVG Free 9.0
"Bejeweled Twist 1.0" = Bejeweled Twist 1.0
"Celestia_is1" = Celestia 1.6.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MySpaceIM" = MySpaceIM
"MySpaceToolbar" = MySpace Toolbar
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PageRage Toolbar" = PageRage Toolbar
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Uninstaller_B5223000_Stedman's Plus Spellchecker 2008 Standard Edition" = Stedman's Plus Spellchecker 2008 Standard Edition (Shared Components)
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/17/2009 1:59:26 AM | Computer Name = ChristineGau-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 11/17/2009 1:59:26 AM | Computer Name = ChristineGau-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 11/17/2009 1:59:31 AM | Computer Name = ChristineGau-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

[ Application Events ]
Error - 6/17/2010 5:44:02 AM | Computer Name = ChristineGau-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/17/2010 3:44:30 PM | Computer Name = ChristineGau-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/18/2010 5:50:29 AM | Computer Name = ChristineGau-PC | Source = EventSystem | ID = 4621
Description =

Error - 6/18/2010 3:35:18 PM | Computer Name = ChristineGau-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2010 4:19:39 AM | Computer Name = ChristineGau-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2010 12:23:15 PM | Computer Name = ChristineGau-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2010 5:17:58 PM | Computer Name = ChristineGau-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/19/2010 6:36:34 PM | Computer Name = ChristineGau-PC | Source = Windows Search Service | ID = 3024
Description =

Error - 6/20/2010 10:42:36 AM | Computer Name = ChristineGau-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/20/2010 12:46:01 PM | Computer Name = ChristineGau-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 3/17/2010 10:54:07 PM | Computer Name = ChristineGau-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 3/17/2010 10:55:06 PM | Computer Name = ChristineGau-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 3/17/2010 10:57:15 PM | Computer Name = ChristineGau-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 3/17/2010 10:57:41 PM | Computer Name = ChristineGau-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 3/17/2010 10:58:06 PM | Computer Name = ChristineGau-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 3/17/2010 10:58:40 PM | Computer Name = ChristineGau-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 3/17/2010 11:01:58 PM | Computer Name = ChristineGau-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 3/17/2010 11:02:26 PM | Computer Name = ChristineGau-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 3/17/2010 11:02:49 PM | Computer Name = ChristineGau-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 3/17/2010 11:03:23 PM | Computer Name = ChristineGau-PC | Source = Mcx2Svc | ID = 301
Description =

[ System Events ]
Error - 6/21/2010 4:50:13 AM | Computer Name = ChristineGau-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/21/2010 4:50:13 AM | Computer Name = ChristineGau-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/21/2010 6:46:05 AM | Computer Name = ChristineGau-PC | Source = DCOM | ID = 10010
Description =

Error - 6/21/2010 7:05:08 AM | Computer Name = ChristineGau-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 6/21/2010 7:05:24 AM | Computer Name = ChristineGau-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 6/21/2010 7:06:44 AM | Computer Name = ChristineGau-PC | Source = DCOM | ID = 10005
Description =

Error - 6/21/2010 7:07:01 AM | Computer Name = ChristineGau-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/21/2010 7:07:01 AM | Computer Name = ChristineGau-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/21/2010 7:07:01 AM | Computer Name = ChristineGau-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/21/2010 7:07:01 AM | Computer Name = ChristineGau-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Edited by Ruth7R, 22 June 2010 - 12:52 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP
Not use how much we can do for you if you don't have admin rights. Hopefully you can sweet talk her into typing in the password when we need to Run A Administrator.

What usually happens is the malware sets up a proxy on your computer. Then it forces IE or Firefox to send all traffic going to the internet to the proxy. Since it's a malware proxy it picks and chooses what goes to the internet and keeps you from going to certain anti-malware sites and perhaps sends copies of interesting traffic like passwords and credit cards to another address for harvesting. MBAM or your anti-malware software knows the proxy software is malware so removes it but doesn't realize that it's also a proxy so doesn't change the proxy settings on IE and FF. So now IE or Firefox still sends traffic to the proxy but there is no proxy so it doesn't go anywhere and you have lost connectivity to the internet.

To fix it:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

Whether the above helps or not:


You did not remove AVG. It is still running. Also you installed an obsolete version of Avast.

Get your wife to download the latest version of Avast from
http://www.avast.com...avast-home.html
and save it to the desktop. Then download the avg removal tool:
http://download.avg..../avgremover.exe
and save it. Disconnect from the internet. Now have her go into (Settings, )Control Panel, Programs and Features and uninstall both AVG and Avast. Run the avg removal tool and then reboot if it doesn't do it for you.

Now install Avast (by right clicking and Run As Administrator) reconnect to the internet when it wants to reboot and make sure you register it and let it update then let it do a full scan.

When it finishes:

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator to start.

* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Right click on george and Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Right click on IE and Run As Administrator then do the
BitDefender scan

http://www.bitdefend...nline/free.html


Ron
  • 0

#3
Ruth7R

Ruth7R

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
This is "The Wife" previously mentioned in the above post as I am the Admin and will be responding from here on out. Apologies for not responding sooner.

Our net connection on his side is working and the logs were posted here before AVG had been fully removed. AVG has been removed, the newest version of Avast downloaded and a full system scan performed, no threats were present during or after completition of the scan. Here is the latest MBM Scan. I am alittle bit weary of combofix, would you mind explaining exactly what it does to the system? I'm just abit paranoid but will be happy to run it once I have some idea of what it will be doing considering I am required to disable all antiviral protection beforehand. And what is Bitdefender? Thanks for the responses and your patience.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4219

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

6/28/2010 5:49:51 AM
mbam-log-2010-06-28 (05-49-51).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 296829
Time elapsed: 1 hour(s), 40 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP
Combofix is our best anti-malware tool. The reason we tell you to turn off your anti-virus is because many of them will eat parts of Combofix. Even if they don't, having the anti-virus running will slow down Combofix. Usually it will only take about 10 minutes to run.

Bitdefender is an anti-virus company. They provide a free online scan which is very good. I'm not sure how long it will take to run. Depends on how many files you have. Maybe an hour.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP