helpless in miami

Hello Jelly Bean, and thank you for the help. After I left this forum, I ran another scan on my computer (DriverRobot) that found Conexant was present. When I attempted to download the drivers from the HP site you sent, I got error message "Driver Installation Failed: Could not find the device for this driver." I think the problem is bigger and not something I can deal with. Someone on an HP thread mentioned the same problem and said that a usb audio headphones allowed him to at least hear sound from his computer. Hopefully that will work, but I am not hopeful there is any other solution short of changing out the motherboard or some such mess. Thanks again for your help. helpless in miami

Hello there: For several hours I have tried navigating my way all over the internet and this forum looking for a solution to my problem(s). I'm sorry to trouble you all, but none of the posts I've seen have exactly fit mine so I have to post a new thread. I believe the following issues are related, but I don't know how or how to fix them. The sound on my computer started going out while playing a netflix movie. When I refreshed the page, the problem would resolve sometimes for a while, sometimes permanently. This morning when I started my computer, I had a red X over my sound icon and the message in this thread's title. I went to my Control Panel, then to Device Manager, and looked for the Sound, Gaming, etc. option, but it was not there. It has completely disappeared! And only a couple of days ago, I checked it and everything was working properly. I restored my system to a previous date, but that did not get my sound or its driver back. I attempted/completed a download of DriverUpdate, which was supposed to have installed some 9 drivers that its scan found my computer lacked, including some sound and network things; I cannot find the history to tell me what exactly I downloaded. None of it helped at all. At around the same time the sound started having problems, my computer stopped connecting to the internet through a cable and will only connect wirelessly (again, I am not so sure the problems are related). I would download as many audio drivers as I can find on the internet, but I am not sure which one(s) I am supposed to have for this HP Pavillion dv9925nr Notebook PC and now I cannot trust these websites that promise to fix drivers because I've paid one site $30 not to fix the problem and do not want to risk that again. Do you have any advice for me? Thank you for your time.

Hi again Starbuck, Below is a copy of the OTL fix report. I was removing Java at the same time I was running OTL until I got a message telling me to close Java. I hope it didn't cause a problem (it doesn't seem to have). Thank you so much for all of your help; it is truly wonderous to have my computer back and with an addition that may prevent this problem in the future. You may have hit the nail exactly on the head regarding the older versions of Java, since I kept noticing a Java pop-up during the megavideo streaming. Anyway, here is the OTL fix report: All processes killed ========== OTL ========== No active process named Program Files was found! Error: No service named LiveUpdate was found to stop! Service\Driver key LiveUpdate not found. File c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE not found. Error: No service named Automatic LiveUpdate Scheduler was found to stop! Service\Driver key Automatic LiveUpdate Scheduler not found. File c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe not found. Service SymIMMP stopped successfully! Service SymIMMP deleted successfully! File C:\Windows\SysNative\DRIVERS\SymIM.sys File not found not found. Service SymIM stopped successfully! Service SymIM deleted successfully! File C:\Windows\SysNative\DRIVERS\SymIM.sys File not found not found. Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr @mywebsearch.com not found. File C:\Program Files (x86)\MyWebSearch\bar\firefox not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616} C:\Windows\Downloaded Program Files\DivXPlugin.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found. Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} C:\Windows\Downloaded Program Files\popcaploader.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Starting removal of ActiveX control CabBuilder Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\CabBuilder\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3f7e38d-1eee-11df-b7fc-001e68cbff03}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3f7e38d-1eee-11df-b7fc-001e68cbff03}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3f7e38d-1eee-11df-b7fc-001e68cbff03}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3f7e38d-1eee-11df-b7fc-001e68cbff03}\ not found. File H:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\LaunchU3.exe not found. C:\Users\owner\AppData\Local\smhbbmgnl folder moved successfully. C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully. ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: owner ->Temp folder emptied: 842078500 bytes ->Temporary Internet Files folder emptied: 826257961 bytes ->Java cache emptied: 70085575 bytes ->Flash cache emptied: 1269660 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 173394620 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 1796 bytes Total Files Cleaned = 1,825.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: owner ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.9.0 log created on 07132010_202142 Files\Folders moved on Reboot... C:\Users\owner\AppData\Local\Temp\ehmsas.txt moved successfully. File\Folder C:\Users\owner\AppData\Local\Temp\~DFD74C.tmp not found! File\Folder C:\Users\owner\AppData\Local\Temp\~DFDE9A.tmp not found! File\Folder C:\Users\owner\AppData\Local\Temp\~DFDEF8.tmp not found! File\Folder C:\Users\owner\AppData\Local\Temp\~DFDF04.tmp not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SRCMYH7R\ads[3].htm not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SRCMYH7R\signin[1].htm not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NEK3L22Z\10061-malware-infiltration-alert-cannot-access-files-internet[1].html not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NEK3L22Z\jdk-6u21-windows-x64[1].exe not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NEK3L22Z\ViewFilteredProducts-SingleVariationTypeFilter;pgid=yYdgaHqkkjVSR0EUPIQsoQ3D0000eRs7J2X5;sid=o_xkvq8K-IdkvuM3p-TtQL-45afhKNo9dAsgYWJgWxuWvqAp6OI=[1].htm not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C3ZWYFS8\im0l[1].js not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C3ZWYFS8\im0p[1].js not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C3ZWYFS8\i_next_page_disable[1].gif not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C3ZWYFS8\Jeep_Brand_1x1[1].gif not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C3ZWYFS8\jquery.event.special.sonar.min[1].js not found! File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...

Starbuck, Thanks so much for the scan and instructions you sent. I ran it and here are the results for OTL and Extras: OTL OTL logfile created on: 7/11/2010 12:45:48 PM - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\owner\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 219.92 Gb Total Space | 166.88 Gb Free Space | 75.88% Space Free | Partition Type: NTFS Drive D: | 12.96 Gb Total Space | 2.45 Gb Free Space | 18.90% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-PC Current User Name: owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.) PRC - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation) PRC - c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\owner\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (LiveUpdate) -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (Com4Qlb) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (wanatw) WAN Miniport (ATW) -- C:\Windows\SysNative\DRIVERS\wanatw64.sys File not found DRV:64bit: - (SymIMMP) -- C:\Windows\SysNative\DRIVERS\SymIM.sys File not found DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIM.sys File not found DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software) DRV:64bit: - (hcw72DTV) -- C:\Windows\SysNative\DRIVERS\hcw72DTV.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hcw72ATV) -- C:\Windows\SysNative\DRIVERS\hcw72ATV.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hcw72ADFilter) -- C:\Windows\SysNative\DRIVERS\hcw72ADFilter.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation) DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (uts_mdm) -- C:\Windows\SysNative\DRIVERS\uts_mdm.sys (MCCI) DRV:64bit: - (uts_serd) UTStarcom USB Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\DRIVERS\uts_serd.sys (MCCI) DRV:64bit: - (uts_bus) UTStarcom USB Composite Device driver (WDM) -- C:\Windows\SysNative\DRIVERS\uts_bus.sys (MCCI) DRV:64bit: - (uts_mdfl) -- C:\Windows\SysNative\DRIVERS\uts_mdfl.sys (MCCI Corporation) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\CHDART64.sys (Conexant Systems Inc.) DRV:64bit: - (HpqRemHid) -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant) DRV - (WinPhlash) -- C:\SWSetup\SP39466\Winphlash64\PhlashNT.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL IE - HKLM\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/13 11:16:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\firefox\ O1 HOSTS File: ([2010/03/03 21:31:59 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (D-Link Toolbar Loader) - {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (D-Link Toolbar) - {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (D-Link Toolbar) - {61874DFA-9ADF-44E5-8E61-F3913707E7D7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\system32\NvCpl.DLL File not found O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\system32\NvMcTray.DLL File not found O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Athan] C:\Program Files (x86)\Athan\Athan.exe (IslamicFinder: Accurate Prayer Times, Athan (Azan), Mosques (Masjids), Islamic Center, Muslim Owned Businesses, Hijri Calendar, Islamic Directory worldwide.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [Quran_AR] C:\Program Files (x86)\Quran_AR\Quran_AR.exe (Search Truth Technologies) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [uCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe File not found O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class) O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab (BatchDownloader Class) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (RealPlayer G2 Control) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games-uk.pogo.com/online2/pogo/zuma/popcaploader_v5.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (ows\S) - File not found O30 - LSA: Authentication Packages - (ows\S) - File not found O30:64bit: - LSA: Security Packages - (T2㐀�㠵ᘨ 協歰⹧汤l<��뻯㠵ᘨ㢘杆&) - File not found O30:64bit: - LSA: Security Packages - (頶) - File not found O30 - LSA: Security Packages - (T2㐀�㠵ᘨ 協歰⹧汤l<��뻯㠵ᘨ㢘杆&) - File not found O30 - LSA: Security Packages - (頶) - File not found O30 - LSA: Security Packages - (ᘨ㢘杆&) - Fi) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{d3f7e38d-1eee-11df-b7fc-001e68cbff03}\Shell - "" = AutoRun O33 - MountPoints2\{d3f7e38d-1eee-11df-b7fc-001e68cbff03}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010/07/11 12:42:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe [2010/07/10 23:38:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN [2010/07/10 23:38:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN [2010/07/10 23:38:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES [2010/07/10 23:38:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES [2010/07/10 23:38:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES [2010/07/10 23:38:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES [2010/07/10 23:05:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/07/10 23:05:36 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/07/10 22:56:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2010/07/10 22:27:21 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Mozilla [2010/07/10 16:56:14 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes [2010/07/10 16:55:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010/07/10 16:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/07/10 16:48:34 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2010/07/10 12:40:06 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\smhbbmgnl [2010/07/01 12:14:42 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr [2010/06/27 22:01:16 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\MakeDiscVideo [2010/06/27 21:51:24 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\PCM4Everio [2010/06/27 21:48:32 | 000,000,000 | ---D | C] -- C:\MyWorks [2010/06/24 07:59:35 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2010/06/24 07:59:35 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010/06/24 07:59:35 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2010/06/24 07:59:35 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010/06/24 07:59:35 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2010/06/24 07:59:35 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010/06/24 07:59:35 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010/06/24 07:59:35 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2010/06/23 08:03:03 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2010/06/23 08:03:02 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2010/06/23 08:03:02 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll [2010/06/23 08:03:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll [2010/06/23 08:03:01 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll [2010/06/23 08:02:59 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2010/06/22 11:46:10 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\ChessJam.808D34EF1AE2806F00104989FE66F8BDE6B323D7.1 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/07/11 12:47:30 | 004,718,592 | -HS- | M] () -- C:\Users\owner\ntuser.dat [2010/07/11 12:41:03 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/07/11 12:41:03 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/07/11 12:41:03 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/07/11 12:40:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe [2010/07/11 11:59:20 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/11 11:59:20 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/11 08:00:55 | 000,000,264 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010/07/11 07:59:47 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/07/11 07:59:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/11 07:59:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/11 07:58:43 | 4025,929,728 | -HS- | M] () -- C:\hiberfil.sys [2010/07/10 23:55:39 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{10fe0cc7-8c96-11df-9ebd-001e68cbff03}.TMContainer00000000000000000001.regtrans-ms [2010/07/10 23:55:39 | 000,065,536 | -HS- | M] () -- C:\Users\owner\ntuser.dat{10fe0cc7-8c96-11df-9ebd-001e68cbff03}.TM.blf [2010/07/10 23:55:25 | 001,191,261 | -H-- | M] () -- C:\Users\owner\AppData\Local\IconCache.db [2010/07/10 23:43:28 | 000,413,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/07/10 23:41:05 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{10fe0cc7-8c96-11df-9ebd-001e68cbff03}.TMContainer00000000000000000002.regtrans-ms [2010/07/10 23:05:41 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/10 23:01:34 | 000,000,328 | ---- | M] () -- C:\Windows\SysWow64\UnifiedToolbarCleanup.bat [2010/07/10 23:01:04 | 000,000,563 | ---- | M] () -- C:\Windows\SysWow64\KiweeChatbarCleanup.bat [2010/07/10 22:49:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010/07/10 22:34:54 | 000,524,288 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms [2010/07/10 22:34:54 | 000,065,536 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2010/07/10 22:33:45 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010/07/01 09:27:58 | 000,020,480 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr [2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2010/06/28 16:37:56 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2010/06/28 16:37:36 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2010/06/28 16:33:17 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2010/06/28 16:33:00 | 000,061,008 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2010/06/28 16:32:36 | 000,020,048 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/07/10 23:05:41 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/10 23:01:34 | 000,000,328 | ---- | C] () -- C:\Windows\SysWow64\UnifiedToolbarCleanup.bat [2010/07/10 23:01:04 | 000,000,563 | ---- | C] () -- C:\Windows\SysWow64\KiweeChatbarCleanup.bat [2010/07/10 22:44:35 | 000,524,288 | -HS- | C] () -- C:\Users\owner\ntuser.dat{10fe0cc7-8c96-11df-9ebd-001e68cbff03}.TMContainer00000000000000000002.regtrans-ms [2010/07/10 22:44:34 | 000,524,288 | -HS- | C] () -- C:\Users\owner\ntuser.dat{10fe0cc7-8c96-11df-9ebd-001e68cbff03}.TMContainer00000000000000000001.regtrans-ms [2010/07/10 22:44:34 | 000,065,536 | -HS- | C] () -- C:\Users\owner\ntuser.dat{10fe0cc7-8c96-11df-9ebd-001e68cbff03}.TM.blf [2010/07/10 21:01:22 | 4025,929,728 | -HS- | C] () -- C:\hiberfil.sys [2010/02/07 13:56:43 | 000,033,907 | ---- | C] () -- C:\Windows\Irremote.ini [2010/02/07 13:51:33 | 000,003,549 | ---- | C] () -- C:\Windows\HCWPNP.INI [2009/12/08 17:48:05 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini [2009/09/17 14:43:46 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/09/17 14:39:52 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/02/03 21:03:08 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll [2009/02/03 21:03:08 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll [2008/12/04 09:39:06 | 000,000,109 | ---- | C] () -- C:\Windows\TmProxy.ini [2008/11/07 15:42:08 | 000,000,483 | ---- | C] () -- C:\Windows\ODBC.INI [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006/02/19 17:34:54 | 000,237,568 | --S- | C] () -- C:\Windows\SysWow64\FontDown.dll ========== LOP Check ========== [2009/02/14 14:46:17 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\agi [2010/06/22 11:46:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ChessJam.808D34EF1AE2806F00104989FE66F8BDE6B323D7.1 [2009/07/21 16:12:40 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Image Zone Express [2009/08/06 00:56:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PeerNetworking [2008/12/19 22:13:43 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Printer Info Cache [2008/12/30 22:37:02 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Smith Micro [2008/11/05 10:31:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Template [2010/05/20 09:40:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\YouSendIt [2010/07/10 23:55:31 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007/01/13 01:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:B623B5B8 < End of report > Extras OTL Extras logfile created on: 7/11/2010 12:45:48 PM - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\owner\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 219.92 Gb Total Space | 166.88 Gb Free Space | 75.88% Space Free | Partition Type: NTFS Drive D: | 12.96 Gb Total Space | 2.45 Gb Free Space | 18.90% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-PC Current User Name: owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 1C 3E 5E DB AB 20 CB 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) "C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{357471F9-4420-4840-9C09-B06339EBE72C}" = lport=2869 | protocol=6 | dir=in | app=system | "{53D00E70-16B4-4480-A155-246F27CA957E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{F7861CD8-3C2D-4D08-98ED-40282D02E351}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{035C2826-F84C-4998-963A-C8A2BB9523BE}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.1\waol.exe | "{049DBCC1-CD11-4C4A-BC5D-1079AEBC217E}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.1\waol.exe | "{12147133-8AA0-416E-AA67-343146C27D2F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{14179D55-D077-4E9C-BA72-4EC4A666637C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{1796DA31-BE10-42E5-85C4-1E72E76823FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{1C1B85B3-E9D5-4990-A3AB-80C4755EE85C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{1DA12D29-D199-4DF4-836A-45424BBAA157}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{1EC9CA24-3769-48C3-B126-111C0003C2DA}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{26E866B2-AFAA-4F6B-8C75-8CB117D32B0C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{29EA17F2-F5FA-4527-B29A-201BFF556CB9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{3BCCB8F2-0CA6-429D-9443-C82912B09112}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{3D3D88FA-F1FE-4928-8B6C-C5F28E203E0B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{512DFD9E-3258-4F1E-A9BF-B8004535F5A5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{58A63BA4-FF1F-4520-B25E-A983BE1E26D3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{58B3666C-0C79-4773-82E2-3D7D84DCABBA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{63FC313B-855F-4B52-A9E6-0A961B381B21}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{6435A5BE-2566-42D4-8C75-B3C3EEF67587}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{71B241DA-CF4A-4703-937C-5A7DF975456D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{7253B6F7-6BBE-4DA8-9215-4CB97C5EFB06}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe | "{83A77C5F-0E9F-496B-AF62-50BE529FCF94}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe | "{879F1893-663F-44CD-81BC-3BB67AFD0B51}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector express\pdx.exe | "{A08F9AFF-E862-497A-BF4C-7ACE4FFB49E7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{A26C5F0B-AD42-4CB0-B7F6-EE7255674430}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{A5B9E76D-4083-41A6-99AF-3D109B4CB64D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1233269124\ee\aolsoftware.exe | "{AD1609AF-66C2-45E7-995F-3B876CC5B990}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{B44C6DB9-A4EF-42AF-9EFE-5C05371ADD41}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1233269124\ee\aolsoftware.exe | "{B6982748-BC72-48E2-9EA6-CD3F67BA49BC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{BFFDA56B-C37B-4980-AA7D-9C36C980EFC9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{C1E7F158-FD8E-4CDD-94AE-8727D72F66C5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{C3AC23E4-7B65-474E-AA3C-43134C2C3E7D}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{C70598E3-B15E-4DCC-88A4-17EDA0BBA04B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{D00FD6CC-F220-48E5-8932-61495AB620F0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{DB28D26E-8D8F-4A7F-9E65-8C8FDBB0F8CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{ED0A3DF8-B609-44E1-B2B9-1A9E6B3D6C3E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{F591845E-23EF-4DA2-84E5-C9A34FA0BC15}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{F709EF75-EABF-45B2-8DC1-70F8ED48A811}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{FB260703-AC2E-4D86-A41E-976E0D81ADDD}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{025E6CD3-A8F6-45FC-81AA-5E1BC6A58D23}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{1F3A461E-4A46-4C7E-9CF0-87FF2AD5A39C}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{6823ED79-8D08-415B-88F3-9EE7D7C44472}C:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\macromedia\flash player\http://www.macromedia.com\bin\octoshape\octoshape.exe | "TCP Query User{6AFAE4C2-79A6-4067-A5AD-5D3C7D267636}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{28CCD9AF-8D10-406D-B96D-2D1A7F258EFC}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{734B9F9D-336F-4739-A28D-DE3BB31B41B5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{CC81417C-BAB1-45DC-A89C-77E4B0BD3D93}C:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\macromedia\flash player\http://www.macromedia.com\bin\octoshape\octoshape.exe | "UDP Query User{FC4C7112-D2C9-4546-8D3B-0D5F443D9C36}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{11192F89-510C-4E23-A62A-D3BEA9139596}" = HP QuickTouch 1.00 C3 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BA1035C7-14DE-4857-8285-4ACFC74172EC}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "SynTPDeinstKey" = Synaptics Pointing Device Driver "UTStarcom USB Modem" = UTStarcom USB Modem Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 13 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar) "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2 "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6 "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{63E0F15B-EB78-4BE9-AC36-BF853192B180}" = KFC PHQ "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar) "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088 "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar) "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro "{AC76BA86-1033-0000-7760-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951 "{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation) "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar) "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0 "Athan" = Athan Basic 3.4 "avast5" = avast! Free Antivirus "Canon iP2600 series User Registration" = Canon iP2600 series User Registration "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "D-Link Toolbar" = D-Link Toolbar "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "ENTERPRISE" = Microsoft Office Enterprise 2007 "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.27022) "Hauppauge WinTV 7" = Hauppauge WinTV 7 "Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation) "QuickLink Mobile" = QuickLink Mobile "Quran_AR" = Quran Auto Reciter 2.3 "RealPlayer 12.0" = RealPlayer "SoftwareUpdUtility" = Download Updater (AOL LLC) "ViewpointMediaPlayer" = Viewpoint Media Player "WinLiveSuite_Wave3" = Windows Live Essentials "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/2/2009 2:37:35 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/2/2009 2:59:43 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/2/2009 3:31:33 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/2/2009 9:37:59 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/3/2009 8:43:48 AM | Computer Name = owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/3/2009 3:07:06 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/3/2009 6:36:57 PM | Computer Name = owner-PC | Source = EventSystem | ID = 4621 Description = Error - 6/3/2009 8:33:50 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/4/2009 8:24:42 AM | Computer Name = owner-PC | Source = EventSystem | ID = 4621 Description = Error - 6/4/2009 8:55:42 AM | Computer Name = owner-PC | Source = WinMgmt | ID = 10 Description = [ Media Center Events ] Error - 2/7/2010 3:11:43 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/7/2010 3:11:44 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/7/2010 3:11:44 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/7/2010 3:11:45 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/7/2010 3:13:51 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/7/2010 3:13:53 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/20/2010 10:32:34 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/20/2010 10:32:35 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/22/2010 9:18:58 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/22/2010 9:19:00 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = [ System Events ] Error - 7/10/2010 9:52:20 PM | Computer Name = owner-PC | Source = HTTP | ID = 15016 Description = Error - 7/10/2010 10:09:15 PM | Computer Name = owner-PC | Source = HTTP | ID = 15016 Description = Error - 7/10/2010 10:15:21 PM | Computer Name = owner-PC | Source = HTTP | ID = 15016 Description = Error - 7/10/2010 10:33:33 PM | Computer Name = owner-PC | Source = HTTP | ID = 15016 Description = Error - 7/10/2010 10:44:19 PM | Computer Name = owner-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.0.103 for the Network Card with network address 00210047C9A6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). Error - 7/10/2010 10:44:57 PM | Computer Name = owner-PC | Source = WinDefend | ID = 2004 Description = Error - 7/10/2010 10:48:30 PM | Computer Name = owner-PC | Source = HTTP | ID = 15016 Description = Error - 7/10/2010 10:49:33 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7022 Description = Error - 7/10/2010 11:32:47 PM | Computer Name = owner-PC | Source = DCOM | ID = 10010 Description = Error - 7/11/2010 7:59:24 AM | Computer Name = owner-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.0.100 for the Network Card with network address 00210047C9A6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). < End of report > Thanks again Starbuck, helpless in Miami

Dear Goku and "member of Alliance...", Thanks for your repsonse. I am sorry I was not able to respond to your reply sooner. After I restored the system to a previous day, I ran the anti-malware stuff again, found some infected files, removed them and restarted. The program informed that there was difficulty removing one item, but I don't know what happened to that one. This morning when I started up, everything was absolutely back to "normal," meaning that I can access files the same as before the infection and can access internet through explorer.

Prior post was incomplete, but my editing was not quick enough to post: I happily report it seems the problem is partially solved and I am back into my files again, but I cannot access internet through explorer now. When I try to access any page (e.g., aol), it says "internet explorer cannot display the webpage." When I diagnose connection problems, i get the message that "www.aol.com is not set up to establish a connection on port 'world wide web service (HTTP)' with this computer and the only option is to verify the current proxy server connection. Will I have to restore my whole system in order to get things back to normal?

Dear BeeCeeBee, I was completely successful in starting the computer in safe mode and running the anti-malware from the desktop (thankfully was able to install from memory stick, just could not run in normal mode). The program detected something like 240 infected files and removed them all. I have restarted the computer as the mbam requested, and now am not seeing any of the old messages. I happily report it seems the problem is solved and I am back into my files again. Since I have the malwarebytes software, will I be able to avoid this problem in the future? Thank you, thank you, thank you BeeCeeBee and PC Help Forum for giving me back my computer in less than 12 hours!

malware - "Infiltration Alert" - cannot access files or internet Thanks so much for responding so quickly. The megavideo was at tvshack.cc, with which I have never had a problem. I ran the scan and found one infected file, which I deleted and then turned off the computer. I turned it back on about an hour later, only to find that I cannot open anything without getting the same "application infected" message. I tried downloading the anti-malware software mbam (from malwarebytes.org) onto a memory stick and opening it using the misbehaving computer; it installed, but then I got the same message "Application cannot be executed. The file mbam.exe is infected. Do you want to activate your antivirus software now?"

OS: Windows Vista Home Premium Make/Model: HP/Pavillion Notebook (I have cut and pasted a previous post because I am experiencing the same problem and the person who posted before me (delevy 12/2009) described the situation perfectly, but for one or two of my own amendments.) Today, after watching a megavideo and attempting to return to my home screen on internet explorer, "...a security warning appears application can not be executed. the file wltuser.exe is infected, do u want to acivate your anti-virus software now with the options yes or no. when i press no it repeatedly pops up, there is also a pop-up appearing from the bottom tool bar with a grey white and black shield icon which looks like its imitating the windows shield it also reads the same as above. there is also two red and white pop-ups appearing one in the middle of the screen the other at the bottom right corner. the one at the bottom reads infultration alert your computer is being attacked by an internet virus, it could be a password stealing attack a trojon dropper or similar. details attack from : 228.221.206.39, port 51627 attacked port: 28558 threat: banker fox or 132/nugel.E do you want to block this attack..." I keep selecting "no" when asked if I "want to block this attack," "to activate my antivirus software," or "to upgrade to full version of antivirus software." My antivirus software is Avast! I received one "threat has been detected" message from Avast with a "malware blocked, no further action required" message five or ten minutes before a window looking like Windows Security alert box popped up. Besides continually getting requests to activate antivirus software or to block this attack, this thing also keeps trying to open internet explorer. I disabled my internet connection for now and am running a full Avast scan of my computer. I am afraid to reboot my computer or even to turn it off, for fear that I will make permanent whatever is happening. I have access to the internet on the other computer in the house. Please help me to fix my computer... Thanks, helpless in Miami