Jump to content

Problem running a malwarebytes scan


Recommended Posts

Hi all,

I ended up getting the AV Security Suite virus last night and on recommendation from another board I tried using Malwarebytes to remove it. I followed the instructions and downloaded everything and it went pretty smooth. I then tried to run a scan and after 3 seconds of scanning Malwarebytes shutdown. I then tried getting back into Malwarebytes but got this messege:

"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item".

I cleared everything, restarted my computer, and downloaded malwarebytes again but still ended up with the same result.

I don't have any anti virus software other then windows defender and windows firewall and turned both of them off. I'm also running in safe mode with networking.

Thanks in advance for the help.

Link to post
Share on other sites

Hello ,

And :D My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Link to post
Share on other sites

Thanks for the reply Elise. Here are the log files

-------------------

OTL logfile created on: 6/30/2010 2:31:51 PM - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Dad\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 520.00 Mb Available Physical Memory | 51.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free

Paging file location(s): c:\pagefile.sys 300 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289.39 Gb Total Space | 191.30 Gb Free Space | 66.10% Space Free | Partition Type: NTFS

Drive D: | 8.70 Gb Total Space | 1.15 Gb Free Space | 13.17% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive K: | 76.33 Gb Total Space | 63.13 Gb Free Space | 82.71% Space Free | Partition Type: NTFS

Computer Name: DESKTOP

Current User Name: Dad

Logged in as Administrator.

Current Boot Mode: SafeMode with Networking

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/30 14:31:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/06/30 14:31:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe

MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/05/28 12:10:43 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2009/09/13 18:39:00 | 003,396,432 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2010/03/30 21:14:15 | 000,070,600 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva343.sys -- (XDva343)

DRV - [2009/04/11 00:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)

DRV - [2008/09/26 12:30:54 | 000,651,264 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\netr28u.sys -- (netr28u)

DRV - [2008/03/25 16:44:24 | 002,307,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2008/03/25 16:44:24 | 002,307,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)

DRV - [2007/07/11 06:21:00 | 001,793,880 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/03/05 17:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2006/12/07 11:04:40 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)

DRV - [2006/12/07 11:04:26 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)

DRV - [2006/12/07 11:03:32 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)

DRV - [2006/11/28 12:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-949922698-2352759578-4006019004-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-949922698-2352759578-4006019004-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-949922698-2352759578-4006019004-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-949922698-2352759578-4006019004-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-949922698-2352759578-4006019004-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/27 13:40:04 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKU\S-1-5-21-949922698-2352759578-4006019004-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKU\S-1-5-21-949922698-2352759578-4006019004-1000\..\Toolbar\WebBrowser: (no name) - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - No CLSID value found.

O3 - HKU\S-1-5-21-949922698-2352759578-4006019004-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKU\S-1-5-21-949922698-2352759578-4006019004-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe File not found

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [sunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-949922698-2352759578-4006019004-1000..\Run: [lmdeauai] C:\Users\Dad\AppData\Local\hgpuunaix\mjfcarhtssd.exe ()

O4 - HKU\S-1-5-21-949922698-2352759578-4006019004-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-949922698-2352759578-4006019004-1000..\Run: [RTHDBPL] C:\Users\Dad\AppData\Roaming\SystemProc\lsass.exe File not found

O4 - HKU\S-1-5-21-949922698-2352759578-4006019004-1000..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)

O7 - HKU\S-1-5-21-949922698-2352759578-4006019004-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-949922698-2352759578-4006019004-1000\..Trusted Domains: ameritrade.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-949922698-2352759578-4006019004-1000\..Trusted Domains: ar15.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-949922698-2352759578-4006019004-1000\..Trusted Domains: tdameritrade.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-949922698-2352759578-4006019004-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...20Installer.cab (Support.com Configuration Class)

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Reg Error: Value error.)

O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlcm.cab (Reg Error: Value error.)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/...NPUplden-us.cab (MSN Photo Upload Tool)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {8C2D1BF0-5364-403C-9968-E6E348C6B4FB} http://www.iradiopop.com/IRD/pages/VBIRDPlayer.CAB (VBIRDPlayer.Player)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photo...NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img23.jpg

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img23.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/08/11 11:26:47 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008/01/29 20:55:58 | 000,000,000 | ---- | M] () - K:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{41440b5d-1c18-11de-a4cb-001b2f34cf93}\Shell - "" = AutoRun

O33 - MountPoints2\{41440b5d-1c18-11de-a4cb-001b2f34cf93}\Shell\AutoRun\command - "" = N:\MuzeeApp.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/30 14:31:05 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe

[2010/06/29 18:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\MAM

[2010/06/29 01:46:54 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\hgpuunaix

[2010/06/23 03:00:52 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010/06/23 03:00:52 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010/06/23 03:00:52 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010/06/10 19:30:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2010/06/10 19:30:56 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/06/10 19:30:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010/06/10 19:30:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010/06/10 19:30:49 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2010/06/10 19:30:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/06/10 19:30:49 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/06/10 19:30:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/06/10 19:30:48 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010/06/10 19:30:48 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/06/10 19:30:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2010/06/10 19:30:48 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2010/06/10 19:30:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2010/06/10 19:30:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2010/06/10 19:30:48 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2010/06/10 19:30:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010/06/10 19:30:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/06/10 19:30:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010/06/10 19:29:53 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/06/03 19:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client

[2010/05/31 23:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/30 14:31:33 | 003,932,160 | -HS- | M] () -- C:\Users\Dad\ntuser.dat

[2010/06/30 14:31:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe

[2010/06/29 22:26:45 | 000,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat

[2010/06/29 21:36:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/06/29 21:36:06 | 000,000,000 | ---- | M] () -- C:\Windows\win32k.sys

[2010/06/29 21:33:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/29 21:33:07 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010/06/29 21:32:53 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/06/29 21:32:53 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/06/29 21:32:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/06/29 21:28:58 | 000,524,288 | -HS- | M] () -- C:\Users\Dad\ntuser.dat{5951bb74-fa1b-11dc-962a-001b2f34cf93}.TMContainer00000000000000000001.regtrans-ms

[2010/06/29 21:28:58 | 000,065,536 | -HS- | M] () -- C:\Users\Dad\ntuser.dat{5951bb74-fa1b-11dc-962a-001b2f34cf93}.TM.blf

[2010/06/29 20:23:13 | 000,001,356 | ---- | M] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat

[2010/06/29 18:44:47 | 000,363,520 | ---- | M] () -- C:\Users\Dad\Desktop\eXplorer.exe

[2010/06/29 01:05:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/19 17:01:15 | 000,020,992 | ---- | M] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/11 18:51:35 | 000,022,016 | ---- | M] () -- C:\Users\Dad\Documents\fnx9.doc

[2010/06/11 07:26:25 | 000,336,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/06/09 06:57:15 | 000,020,992 | ---- | M] () -- C:\Users\Dad\Documents\THIRD ANNUAL WINE TRIP SENECA LAKE.doc

[2010/06/03 19:40:23 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/29 22:26:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat

[2010/06/29 18:44:43 | 000,363,520 | ---- | C] () -- C:\Users\Dad\Desktop\eXplorer.exe

[2010/06/11 18:51:34 | 000,022,016 | ---- | C] () -- C:\Users\Dad\Documents\fnx9.doc

[2010/06/09 06:57:15 | 000,020,992 | ---- | C] () -- C:\Users\Dad\Documents\THIRD ANNUAL WINE TRIP SENECA LAKE.doc

[2010/06/03 19:40:23 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

[2010/02/22 05:36:05 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2009/11/21 23:08:26 | 000,000,000 | ---- | C] () -- C:\Windows\win32k.sys

[2009/09/19 10:57:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/08/31 21:06:31 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2008/09/28 15:02:31 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2008/03/25 21:55:31 | 000,000,192 | ---- | C] () -- C:\Windows\winamp.ini

[2008/03/25 16:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll

[2007/08/11 11:00:01 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1277.dll

[2007/08/11 10:53:13 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll

[2007/08/11 10:53:13 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll

[2007/05/14 08:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 04:43:04 | 000,061,952 | ---- | C] () -- C:\Windows\System32\cngaudit.dll

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2003/09/08 02:56:36 | 000,880,640 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll

[2003/09/08 02:56:35 | 000,974,848 | ---- | C] () -- C:\Windows\System32\vorbis.dll

[2003/09/08 02:56:35 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ogg.dll

[2002/01/11 14:25:05 | 000,765,952 | ---- | C] () -- C:\Windows\System32\tvqenc.dll

[1999/01/22 06:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

-------------------------------

OTL Extras logfile created on: 6/30/2010 2:31:51 PM - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Dad\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 520.00 Mb Available Physical Memory | 51.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free

Paging file location(s): c:\pagefile.sys 300 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289.39 Gb Total Space | 191.30 Gb Free Space | 66.10% Space Free | Partition Type: NTFS

Drive D: | 8.70 Gb Total Space | 1.15 Gb Free Space | 13.17% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive K: | 76.33 Gb Total Space | 63.13 Gb Free Space | 82.71% Space Free | Partition Type: NTFS

Computer Name: DESKTOP

Current User Name: Dad

Logged in as Administrator.

Current Boot Mode: SafeMode with Networking

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exeirewallPolicy\StandardProfile\AuthorizedApplications\List -- File not found

"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0010FE6A-73AB-45F9-95ED-53C63B3AE669}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{134FBD21-892B-4655-BA27-02511866CD3E}" = rport=139 | protocol=6 | dir=out | app=system |

"{2340F380-3D37-4A82-A15F-4CBBE5ACE124}" = rport=137 | protocol=17 | dir=out | app=system |

"{2C8AA477-A5C9-43DA-B4C4-8CD0CD3B7416}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{50967AE7-E74C-4105-BEF4-A59812B69625}" = lport=445 | protocol=6 | dir=in | app=system |

"{525D72DD-CEE5-41DA-BA86-B4769E208590}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{5F521790-4273-4053-9A74-3E50176072C9}" = lport=138 | protocol=17 | dir=in | app=system |

"{6626CAC1-52A7-4323-8A29-A436C5480F56}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |

"{6E9810BA-CB87-460E-A970-87811DB4BC46}" = lport=139 | protocol=6 | dir=in | app=system |

"{8A9DC46B-2545-4293-B306-57C80BFF1F85}" = lport=137 | protocol=17 | dir=in | app=system |

"{995B60A7-B465-4801-B3D2-CA8859C225DB}" = rport=445 | protocol=6 | dir=out | app=system |

"{A9D293CD-6866-44C2-A399-24DBA31056CA}" = rport=138 | protocol=17 | dir=out | app=system |

"{E25B4424-8ABE-4FD2-AAB3-F6B7AFC2012E}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08AB21B9-F728-4C9D-AA1B-B62D0791ED34}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{0C8E556E-97B6-4DC8-B635-CC825EEFCE5D}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |

"{0D61D7A5-6E52-442E-99DF-D1FA2DC112B1}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"{1352B3D4-1285-4DFC-820A-0D0128943D33}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{20CF327F-99F9-4ED2-96AD-17C47337E7DF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{2728247A-05F5-4156-987E-00F70AC9BA66}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |

"{274044F6-D61F-42D6-AB85-E0EB3BDBD237}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |

"{2B9F9EA4-A151-42B8-A5B6-B78195F96761}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{2D5C23EA-BA66-4F96-8E36-3C8C6C821C3E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{2FDC13C8-D672-486B-817B-219DF43AEDE9}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |

"{32AA3778-7F74-4541-9DD0-0FBB53F25CEB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{3306A663-BDBA-4FE6-B539-2E02F228CB00}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{3AB2A9F5-6654-4392-9DFB-07AC665631E0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"{4D5B5F19-90DF-4A81-86B6-CD65A5C8D858}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{4DF9D94C-3510-498B-AE54-7BBCF5AE59C5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"{4FC7319F-FD65-488B-82A2-4AA82E6DF033}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{5059C14C-F2AF-4CBD-91AA-F0A11068D37B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |

"{52E7E541-3D4F-4EF8-A52A-F63FF7E4DFD1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |

"{5574FF18-16B4-423A-845F-65A9863D75C8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{55A53E1A-BDA8-4104-91D5-C4497EBA68E2}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{5D9D5456-81BF-4DF3-811E-88A76AEC529F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{6164D789-C503-445B-859E-D0A1B423BAC8}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{6BBC983B-C9E2-45EE-8BCA-342FF62E4BDE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{72D73C97-EFE7-4887-BF65-21904CC49EA9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{753D3104-B3AE-4E7D-AFD0-8E67CCDC1A9D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{75AD9AED-22BD-44D5-B8F7-F03E94671657}" = protocol=17 | dir=in | app=c:\users\dad\appdata\local\temp\7zsde6c.tmp\symnrt.exe |

"{7CD5ACE8-F294-47C9-A256-352B906EBD37}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{80E437D0-73CE-4553-AF70-0162C517F5E9}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{820FB5F7-9A52-4322-8E59-1B47D5B8B3E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |

"{834F49DE-2024-4A77-B14D-78488670CE76}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |

"{87E72B37-A6B5-41E8-9CD4-ABE3ACCF2869}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{8C29FF65-4D13-464C-985F-8448182AC7DC}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |

"{8E38E6D2-8309-4935-9AAD-42E4A8C14DE7}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |

"{8F2C2AB9-A430-4664-82EA-6E274254A422}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"{91CCA53A-9118-4C9A-9C30-F1006FE36D18}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |

"{922F8329-186E-46A8-8EF3-6E71966B9764}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |

"{94D97FF6-1A4F-4EA1-8AD3-14E47B6DD34F}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{9A73E524-148F-424B-BADA-F2C8363AB4D8}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |

"{9BA1F151-F573-4636-B454-0C4F1D7A2926}" = dir=in | app=e:\setup\hpznui01.exe |

"{9DAAA228-3666-4E00-B4C7-D35E7A0BABBA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{AA80D3EA-FEDB-49BF-B08C-F341185FFE3F}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |

"{AC2478EB-25D3-49A7-8705-EB5E7DB28F64}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |

"{AF828FFF-DB4B-426D-A409-DEEB312E63EF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{B11E4036-5F27-4977-80E7-C7F9A92A92C4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{B1818B65-45DA-4985-9027-5DB000F261BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |

"{B2A8F737-B2AF-4498-83B6-FA5976180002}" = protocol=6 | dir=in | app=c:\users\dad\appdata\local\temp\7zsde6c.tmp\symnrt.exe |

"{B50E5A6B-37EF-4C97-91EA-138676C6A506}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |

"{B577A4E6-8781-4C49-A7B3-7E4676527323}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{B919E3D4-E05E-4FFB-BFC5-FE2375813A9D}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |

"{BAE1FF1D-F91D-4F19-9E42-01D4F54AE57D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |

"{C36961A2-A823-497F-9217-59509D4C8987}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |

"{C4278AB1-C17E-48AD-B0E2-B36BD43FD64A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |

"{C6ECF554-460D-44D2-AA6B-F919EF658C9A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |

"{C909D339-15B2-4C55-8DEB-17C991E4E773}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |

"{CAA04570-69BA-4CC8-BDFF-2836A7DAF1B2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{CE6BF6DD-93C4-4AEB-AB1E-E6E4AEBE49F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |

"{DA46974F-C9CC-4F0A-B0FE-ACCC2D408385}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |

"{E4411F06-5202-4BB8-92B4-88257D82EF31}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{E5114449-68FB-49DF-99A5-907A54FA4001}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{F083BBE9-A411-49DA-B99E-B13D9617E7FB}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{F32E0B8C-5E2F-48AB-A6A8-B44E7B1D238E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |

"{F39EFD49-80F5-46CA-99C8-609BA062AFAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |

"{F4768109-915A-4192-96E1-D009B0AD634E}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{FBD3FA55-62B6-4E33-9C12-13726F9930DF}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"{FC6B850B-938B-4489-9D7A-7864D102A497}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"TCP Query User{149B6690-DDB4-4B55-9DA7-6854A7067184}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{39C5F9F8-9526-4F9D-B700-AFC9E274ACDD}C:\program files\steam\steamapps\marlwalker\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\marlwalker\counter-strike source\hl2.exe |

"TCP Query User{5319F6BC-C8C1-4C42-AD7E-E41E9A6749EF}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

"TCP Query User{784476F0-7354-4217-88A8-784EBE9F431B}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |

"TCP Query User{82AFD53F-FA90-456B-9FCC-A5A7387B96F8}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |

"TCP Query User{D8E00753-AEED-4C6A-B0D9-2C33AF3CC58C}C:\program files\usarmy\america's army 3\binaries\aa3game.exe" = protocol=6 | dir=in | app=c:\program files\usarmy\america's army 3\binaries\aa3game.exe |

"TCP Query User{EA6762F4-7D4B-4A80-A8D1-74A178C86A2C}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |

"TCP Query User{F601FC65-00AF-4489-AB04-8C17C777861D}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |

"UDP Query User{03C0A5FC-0698-4373-9103-B7CE957E6B3F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |

"UDP Query User{13B62368-825B-4B1E-A385-56C1DE622D9F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |

"UDP Query User{2E34E7F3-E234-4652-9992-5E4809ED1AF2}C:\program files\steam\steamapps\marlwalker\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\marlwalker\counter-strike source\hl2.exe |

"UDP Query User{4072F722-4215-4752-9791-D61D9F2EB51D}C:\program files\usarmy\america's army 3\binaries\aa3game.exe" = protocol=17 | dir=in | app=c:\program files\usarmy\america's army 3\binaries\aa3game.exe |

"UDP Query User{411CAA9F-C82E-414B-8FBC-CB491A4F771B}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |

"UDP Query User{4AE02A02-8BB9-4B2C-B385-843C75553229}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

"UDP Query User{535B9119-4BF1-46F4-8F58-3EB17564B2B1}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |

"UDP Query User{AF0CCF14-8E14-452A-A45B-EBA985945257}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m

"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5

"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library

"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help

"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.4

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A

"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module

"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext

"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{7E820A0C-8CD6-44A2-9963-A243B224CDB4}" = TurboTax 2008 wpaiper

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime

"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6

"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements

"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5

"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software

"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper

"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport

"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network

"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource

"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min

"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport

"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio

"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1

"AVS Audio Editor_is1" = AVS Audio Editor version 5.2

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3

"AXIS Camera Server Control" = AXIS Camera Server Control

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP

"Cross Fire_is1" = Cross Fire En

"Easy CD Ripper" = Easy CD Ripper 2.37

"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)

"Fraps" = Fraps

"Free Mp3/Wma/Ogg Converter_is1" = Free Mp3/Wma/Ogg Converter 6.0.1

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Print Projects" = HP Print Projects 1.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HPOCR" = HP OCR Software 8.0

"IrfanView" = IrfanView (remove only)

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSNINST" = MSN

"OfficeTrial" = Microsoft Office Home and Student 60 day trial

"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator

"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools

"PunkBusterSvc" = PunkBuster Services

"RealPlayer 12.0" = RealPlayer

"Shop for HP Supplies" = Shop for HP Supplies

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SopCast" = SopCast 3.2.4

"Steam App 240" = Counter-Strike: Source

"Switch" = Switch Sound File Converter

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE

"TurboTax 2008" = TurboTax 2008

"TurboTax Deluxe 2007" = TurboTax Deluxe 2007

"Verizon High Speed Internet_is1" = Verizon High Speed Internet

"Verizon Online DSL_is1" = Verizon Online DSL

"WildTangent hp Master Uninstall" = My HP Games

"Winamp" = Winamp

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Search Defender" = Yahoo! Search Protection

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-949922698-2352759578-4006019004-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Options 360

Link to post
Share on other sites

Hello again,

GMER is known to crash often, so lets skip it for now.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

I got this messege a few times while I was running it: "Acess Denied. Administrator permissions are needed to use the selected options. Use an administrator command prompt to complete these tasks."

Here's my combofix log:

ComboFix 10-06-29.04 - Dad 06/30/2010 16:11:48.1.2 - x86 NETWORK

Microsoft

Link to post
Share on other sites

Hello again,

First of all, I want to know if the following site is known to you: www.wiselogic.co.kr

It appears you have some software related to them running.

Please run also the following script:

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>

Registry::
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDBPL"=-

File::
c:\users\Dad\AppData\Roaming\SystemProc\lsass.exe
C:\kwldapoc.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

In that case lets just get rid of it :)

Please run the following as a CFScript and post me the log when done (instructions the same as in my last post).

Driver::
XDva327
XDva336
XDva337
XDva341
XDva342
XDva343
XDva345
XDva346
XDva347
XDva348
XDva349

File::
c:\windows\system32\XDva343.sys

Link to post
Share on other sites

Hey Elise,

It appears that the AV security suite virus is gone. Thanks for all your help!

Here's the mbam scan log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4265

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

7/1/2010 5:57:38 PM

mbam-log-2010-07-01 (17-57-38).txt

Scan type: Full scan (C:\|D:\|K:\|)

Objects scanned: 357900

Time elapsed: 1 hour(s), 53 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Qoobox\Quarantine\C\Users\Dad\AppData\Local\hgpuunaix\mjfcarhtssd.exe.vir (Rogue.AVSecuritySuite) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\System32\cngaudit.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hello again,

I will give instructions for OTL/Combofix removal once I'm sure everything is fine :) Until then they should stay, since uninstalling them flushes System Restore and who knows, we might need it.

INSTALL ANTIVIRUS

---------------------------

I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Please do a full scan with the Antivirus program you just installed and post me the results.

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.