Vista Antivirus Security 2012 Removal

I noticed that something was wrong with my computer yesterday. It started acting weirdly and this program "Vista Antivirus Security 2012" wanted permission to scan my computer. My mother tried running BitDefender Total Security on this program, and now BitDefender is completely gone. Please help.

OS: Windows Vista
Antivirus/Suite: BitDefender TS 2011

The OTL, Extras, aswMBR and Security Check will be attached, since the post is apparently too long to post even with just the OTL log.

OTL LOG PT #1

OTL logfile created on: 8/18/2011 4:17:32 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.87 Mb Total Physical Memory | 521.99 Mb Available Physical Memory | 54.49% Memory free
2.12 Gb Paging File | 1.80 Gb Available in Paging File | 84.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.42 Gb Total Space | 20.47 Gb Free Space | 30.82% Space Free | Partition Type: NTFS
Drive D: | 8.11 Gb Total Space | 1.72 Gb Free Space | 21.21% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/18 16:15:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.com
PRC - [2011/08/17 23:17:16 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Users\User\AppData\Local\ofb.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 13:36:42 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/19 00:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\HelpPane.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/05/25 07:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) [Auto | Stopped] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/24 06:33:53 | 000,594,600 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxdvcoms.exe -- (lxdv_device)
SRV - [2008/07/24 06:33:43 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 00:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 00:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/08/18 15:51:51 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{02C0C725-C02A-4DEF-B4ED-19749126F136}\MpKsl282d244b.sys -- (MpKsl282d244b)
DRV - [2011/08/17 23:33:41 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{02C0C725-C02A-4DEF-B4ED-19749126F136}\MpKsl9cd0738d.sys -- (MpKsl9cd0738d)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/09 19:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C160(UVC)
DRV - [2010/11/09 19:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/22 15:46:42 | 003,482,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/02/09 00:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2008/12/04 02:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/03 13:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/05/03 18:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/21 17:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/15 09:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/12/21 22:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {3862f31b-b7b2-0854-cd54-ea4726c86127} - C:\Program Files\Relief Network LP4\Helper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {b2b46577-0217-4ec5-a467-7a1e8d0d7b71}:3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}:4.3.0.00
FF - prefs.js..extensions.enabledItems: {574be437-25ae-4010-a53e-8c63b6ae02ff}:1.0.0.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=20&systemid=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/16 23:27:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/01 21:06:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles/6keug2vu.default\extensions\ffox@bandoo.com [2011/08/08 23:21:15 | 000,000,000 | ---D | M]

[2011/06/28 18:33:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2011/08/08 23:21:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6keug2vu.default\extensions
[2011/06/29 13:45:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6keug2vu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/04 18:34:02 | 000,000,000 | ---D | M] (Simppull Toolbar) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6keug2vu.default\extensions\{5806fa2d-e338-4a24-a20c-5da56ba3b2ad}
[2011/08/01 17:39:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6keug2vu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/08 23:15:07 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6keug2vu.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/06/29 13:44:35 | 000,000,000 | ---D | M] (eGames Toolbar) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6keug2vu.default\extensions\{b2b46577-0217-4ec5-a467-7a1e8d0d7b71}
[2011/06/28 18:33:18 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6keug2vu.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2011/08/08 23:21:15 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6keug2vu.default\extensions\ffox@bandoo.com
[2011/08/04 18:34:08 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6keug2vu.default\extensions\plugin@yontoo.com
[2011/06/21 15:50:19 | 000,001,919 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6keug2vu.default\searchplugins\bing-zugo.xml
[2009/10/29 07:48:56 | 000,000,690 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6keug2vu.default\searchplugins\egames.xml
[2011/08/08 23:14:40 | 000,002,501 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6keug2vu.default\searchplugins\SearchResults.xml
[2011/08/01 17:29:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/25 13:42:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/16 16:17:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/16 23:27:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/06/29 13:48:21 | 000,002,012 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/08/08 23:14:40 | 000,002,501 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files\egamestoolbar\egamestoolbar.dll ()
O2 - BHO: (simppulltoolbar) - {5806fa2d-e338-4a24-a20c-5da56ba3b2ad} - C:\Program Files\simppulltoolbar\w3itemplateX.dll ()
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (Relief Network LP4) - {8AC531C5-DBDA-A484-B590-11ACB177FE33} - C:\Program Files\Relief Network LP4\Toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Security Helper {A6BCD8FE-436D-4ad3-A5C5-A3DFCD61568A}) - {A6BCD8FE-436D-4ad3-A5C5-A3DFCD61568A} - C:\Program Files\egamestoolbar\auxi\egamesb.dll (Visicom Media)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (eGames Toolbar) - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files\egamestoolbar\egamestoolbar.dll ()
O3 - HKLM\..\Toolbar: (simppulltoolbar) - {5806fa2d-e338-4a24-a20c-5da56ba3b2ad} - C:\Program Files\simppulltoolbar\w3itemplateX.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [CamserviceOG] C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe (Guillemot Corporation S.A.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [lxdvamon] C:\Program Files\Lexmark X5400 Series\lxdvamon.exe ()
O4 - HKLM..\Run: [lxdvmon.exe] C:\Program Files\Lexmark X5400 Series\lxdvmon.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\WINDOWS\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [2574125309] C:\Users\User\AppData\Local\ofb.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
O20 - AppInit_DLLs: (c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll) - c:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (c:\progra~1\bearsh~1\mediabar\datamngr\iebho.dll) - c:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/29 23:43:24 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{3b8343c2-9d30-11e0-ab11-001b243b0d58}\Shell - "" = AutoRun
O33 - MountPoints2\{3b8343c2-9d30-11e0-ab11-001b243b0d58}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{460b50f0-9f9c-11e0-9029-001b243b0d58}\Shell - "" = AutoRun
O33 - MountPoints2\{460b50f0-9f9c-11e0-9029-001b243b0d58}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{97dca20f-8d6f-11e0-a09b-001b243b0d58}\Shell - "" = AutoRun
O33 - MountPoints2\{97dca20f-8d6f-11e0-a09b-001b243b0d58}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Users\User\AppData\Local\ofb.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Users\User\AppData\Local\ofb.exe" -a "%1" %* (Microsoft Corporation)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/17 23:17:15 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Users\User\AppData\Local\ofb.exe
[2011/08/16 22:52:50 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/08/16 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Facebook
[2011/08/10 23:35:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Bandoo
[2011/08/09 18:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/08/09 00:23:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Ilivid Player
[2011/08/08 23:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandoo
[2011/08/08 23:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Bandoo
[2011/08/08 23:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bandoo
[2011/08/08 23:16:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9CD61942-8DA1-4781-925C-4FE1471E0820}
[2011/08/08 23:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
[2011/08/08 23:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011/08/08 23:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2011/08/04 18:48:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Mixxx
[2011/08/04 18:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital DJ Pro
[2011/08/04 18:33:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Relief Network LP4
[2011/08/04 18:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2011/08/04 18:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/08/04 18:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Surf Canyon
[2011/08/04 18:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/08/04 18:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\simppulltoolbar
[2011/08/04 18:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Relief Network LP4
[2011/08/01 20:21:52 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My ooVoo
[2011/08/01 01:50:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Logitech
[2011/07/23 17:26:27 | 000,505,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2011/07/23 17:26:26 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2011/07/23 17:26:23 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
[2011/07/23 17:26:23 | 000,028,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxmlr.dll
[2011/07/23 17:26:23 | 000,026,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlinst.exe
[2011/07/23 17:26:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2011/07/23 17:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2011/06/21 14:26:35 | 000,184,320 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2011/06/21 14:26:34 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2009/10/02 11:12:38 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDVhcp.dll
[2009/10/02 11:12:37 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdvinpa.dll
[2009/10/02 11:12:37 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdviesc.dll
[2009/10/02 11:12:36 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdvserv.dll
[2009/10/02 11:12:36 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\lxdvusb1.dll
[2009/10/02 11:12:36 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdvpmui.dll
[2009/10/02 11:12:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdvprox.dll
[2009/10/02 11:12:35 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdvlmpm.dll
[2009/10/02 11:12:34 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdvih.exe
[2009/10/02 11:12:33 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdvhbn3.dll
[2009/10/02 11:12:31 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomc.dll
[2009/10/02 11:12:31 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdvcoms.exe
[2009/10/02 11:12:31 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomm.dll
[2009/10/02 11:12:30 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdvcfg.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/18 16:07:12 | 000,011,408 | -HS- | M] () -- C:\Users\User\AppData\Local\xg8shguv7607kn64a2w87mxyir8kq047c05361r124hu
[2011/08/18 16:07:12 | 000,011,408 | -HS- | M] () -- C:\ProgramData\xg8shguv7607kn64a2w87mxyir8kq047c05361r124hu
[2011/08/18 16:05:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/18 15:54:44 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/08/18 15:54:42 | 000,076,976 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/08/18 15:52:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/18 15:52:00 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/08/18 15:51:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/18 15:51:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/18 08:43:54 | 000,002,601 | ---- | M] () -- C:\Users\Public\Desktop\HP Help and Support.lnk
[2011/08/17 23:21:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/17 23:18:32 | 000,000,000 | ---- | M] () -- C:\ProgramData\yoyx.exe
[2011/08/17 23:18:32 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\vqpu.exe
[2011/08/17 23:18:32 | 000,000,000 | ---- | M] () -- C:\ProgramData\ostj.exe
[2011/08/17 23:18:32 | 000,000,000 | ---- | M] () -- C:\ProgramData\kcgm.exe
[2011/08/17 23:18:32 | 000,000,000 | ---- | M] () -- C:\ProgramData\fnla.exe
[2011/08/17 23:18:32 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\dria.exe
[2011/08/17 23:18:32 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\domj.exe
[2011/08/17 23:18:32 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\bfus.exe
[2011/08/17 23:17:16 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Users\User\AppData\Local\ofb.exe
[2011/08/17 22:31:23 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3421163344-1924958094-2534209280-1000UA.job
[2011/08/17 19:43:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/08/17 19:31:16 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3421163344-1924958094-2534209280-1000Core.job
[2011/08/12 21:11:38 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/10 09:13:06 | 000,000,913 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/08/09 18:06:39 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/09 18:06:39 | 000,001,955 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/09 14:00:03 | 000,076,976 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/08/08 20:51:39 | 000,088,398 | ---- | M] () -- C:\Users\User\Documents\mask.jpg
[2011/08/08 17:21:24 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/08 17:21:24 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/07 23:05:38 | 000,083,902 | ---- | M] () -- C:\Users\User\Documents\mike.jpg
[2011/08/02 11:47:22 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/01 19:56:44 | 000,083,914 | ---- | M] () -- C:\Users\User\Documents\michael fingers.jpg
[2011/08/01 19:56:30 | 000,085,554 | ---- | M] () -- C:\Users\User\Documents\mkmkmk.jpg
[2011/08/01 17:29:58 | 000,000,870 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/01 17:29:58 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/01 16:37:29 | 000,082,292 | ---- | M] () -- C:\Users\User\Documents\lamp.jpg
[2011/08/01 16:32:52 | 000,083,725 | ---- | M] () -- C:\Users\User\Documents\dequan with fingers.jpg
[2011/08/01 01:59:11 | 000,061,921 | ---- | M] () -- C:\Users\User\Documents\dm tongue jizzle.jpg
[2011/08/01 01:29:49 | 000,073,188 | ---- | M] () -- C:\Users\User\Documents\lips.jpg
[2011/08/01 01:22:05 | 000,075,737 | ---- | M] () -- C:\Users\User\Documents\dm tongue.jpg
[2011/08/01 00:41:07 | 000,074,162 | ---- | M] () -- C:\Users\User\Documents\monni.jpg
[2011/08/01 00:23:11 | 000,076,672 | ---- | M] () -- C:\Users\User\Documents\pinky.jpg
[2011/08/01 00:03:02 | 000,076,384 | ---- | M] () -- C:\Users\User\Documents\dm.jpg
[2011/08/01 00:01:50 | 000,073,287 | ---- | M] () -- C:\Users\User\Documents\me and dequan.jpg
[2011/08/01 00:01:07 | 000,076,127 | ---- | M] () -- C:\Users\User\Documents\dequan.jpg
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/17 23:18:34 | 000,011,408 | -HS- | C] () -- C:\Users\User\AppData\Local\xg8shguv7607kn64a2w87mxyir8kq047c05361r124hu
[2011/08/17 23:18:34 | 000,011,408 | -HS- | C] () -- C:\ProgramData\xg8shguv7607kn64a2w87mxyir8kq047c05361r124hu
[2011/08/17 23:18:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\yoyx.exe
[2011/08/17 23:18:32 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\vqpu.exe
[2011/08/17 23:18:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\ostj.exe
[2011/08/17 23:18:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\kcgm.exe
[2011/08/17 23:18:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\fnla.exe
[2011/08/17 23:18:32 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\dria.exe
[2011/08/17 23:18:32 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\domj.exe
[2011/08/17 23:18:32 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\bfus.exe
[2011/08/16 19:26:15 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3421163344-1924958094-2534209280-1000UA.job
[2011/08/16 19:26:12 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3421163344-1924958094-2534209280-1000Core.job
[2011/08/10 09:13:06 | 000,000,913 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/08/09 18:06:39 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/09 18:06:39 | 000,001,955 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/08 23:20:28 | 001,524,112 | ---- | C] () -- C:\Windows\System32\bandoolmx.dll
[2011/08/08 20:51:38 | 000,088,398 | ---- | C] () -- C:\Users\User\Documents\mask.jpg
[2011/08/07 23:05:36 | 000,083,902 | ---- | C] () -- C:\Users\User\Documents\mike.jpg
[2011/08/04 18:52:02 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/08/01 19:56:44 | 000,083,914 | ---- | C] () -- C:\Users\User\Documents\michael fingers.jpg
[2011/08/01 19:56:29 | 000,085,554 | ---- | C] () -- C:\Users\User\Documents\mkmkmk.jpg
[2011/08/01 16:37:29 | 000,082,292 | ---- | C] () -- C:\Users\User\Documents\lamp.jpg
[2011/08/01 16:32:51 | 000,083,725 | ---- | C] () -- C:\Users\User\Documents\dequan with fingers.jpg
[2011/08/01 01:59:11 | 000,061,921 | ---- | C] () -- C:\Users\User\Documents\dm tongue jizzle.jpg
[2011/08/01 01:29:49 | 000,073,188 | ---- | C] () -- C:\Users\User\Documents\lips.jpg
[2011/08/01 01:22:04 | 000,075,737 | ---- | C] () -- C:\Users\User\Documents\dm tongue.jpg
[2011/08/01 00:41:07 | 000,074,162 | ---- | C] () -- C:\Users\User\Documents\monni.jpg
[2011/08/01 00:23:10 | 000,076,672 | ---- | C] () -- C:\Users\User\Documents\pinky.jpg
[2011/08/01 00:03:01 | 000,076,384 | ---- | C] () -- C:\Users\User\Documents\dm.jpg
[2011/08/01 00:01:50 | 000,073,287 | ---- | C] () -- C:\Users\User\Documents\me and dequan.jpg
[2011/08/01 00:01:06 | 000,076,127 | ---- | C] () -- C:\Users\User\Documents\dequan.jpg
[2011/07/23 17:26:23 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2011/07/23 17:26:23 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2011/07/23 17:26:23 | 000,035,840 | ---- | C] () -- C:\Windows\System32\comdlg32.oca
[2011/07/23 17:26:23 | 000,029,184 | ---- | C] () -- C:\Windows\System32\MSINET.oca
[2011/07/16 17:43:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\trufos.sys.gzip
[2011/07/08 09:07:23 | 000,988,608 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/06/21 15:08:27 | 000,015,144 | ---- | C] () -- C:\Windows\System32\HWLMSET2PS.dll
[2011/06/21 14:26:35 | 003,482,112 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2011/06/21 14:26:35 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2011/06/21 14:26:35 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010/11/09 19:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/11/09 19:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/09 19:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/09 19:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/12/19 18:15:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\Vocal Transformer
[2009/12/19 18:11:44 | 000,000,000 | ---- | C] () -- C:\ProgramData\User Pictures
[2009/11/19 20:09:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/19 16:49:10 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/10/19 16:49:10 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Roaming\Vocals
[2009/10/19 16:36:52 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/10/19 16:36:52 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Roaming\Utilities
[2009/10/02 11:19:07 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdvcoin.dll
[2009/10/02 11:12:57 | 000,000,060 | ---- | C] () -- C:\Windows\System32\lxdvrwrd.ini
[2009/10/02 11:12:38 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDVinst.dll
[2009/10/02 11:12:33 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdvgrd.dll
[2009/09/25 09:13:19 | 000,006,944 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2009/05/06 12:23:43 | 000,016,896 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/28 18:08:06 | 000,000,525 | ---- | C] () -- C:\ProgramData\lxdv
[2009/04/16 18:55:29 | 000,003,110 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat

OTL LOG PT #2


[2009/04/15 16:39:53 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/04/15 16:39:26 | 000,076,976 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/04/15 16:39:26 | 000,076,976 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/15 15:47:08 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/15 15:47:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/13 09:02:30 | 000,012,978 | ---- | C] () -- C:\Users\User\AppData\Roaming\nvModes.001
[2009/04/13 09:01:24 | 000,012,978 | ---- | C] () -- C:\Users\User\AppData\Roaming\nvModes.dat
[2008/07/15 23:49:37 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdvvs.dll
[2007/09/06 13:40:36 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdvdrs.dll
[2007/08/10 12:49:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdvcaps.dll
[2007/07/16 10:53:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdvcnv4.dll
[2007/04/29 23:28:23 | 000,103,489 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/02/27 13:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/12/13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,357,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/08/16 23:27:04 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/08/16 23:27:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/08/16 23:27:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/08/16 23:26:58 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/04/14 13:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2007/04/29 23:18:15 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2009/11/14 18:17:37 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/05/23 21:09:38 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6
[2009/05/07 18:16:12 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/10/19 16:33:17 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2011/08/08 23:22:10 | 000,000,000 | ---D | M] -- C:\Program Files\Bandoo
[2011/07/09 16:27:59 | 000,000,000 | ---D | M] -- C:\Program Files\BearShare Applications
[2009/11/19 19:37:54 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/07/17 09:46:18 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/04/15 16:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2007/04/29 23:31:12 | 000,000,000 | ---D | M] -- C:\Program Files\earthlink totalaccess
[2011/07/09 19:47:10 | 000,000,000 | ---D | M] -- C:\Program Files\eGames
[2011/06/19 15:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\egamestoolbar
[2011/08/04 18:33:36 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2011/08/09 18:05:49 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/06/21 15:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\Hercules
[2011/08/18 08:43:17 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/04/11 11:41:30 | 000,000,000 | ---D | M] -- C:\Program Files\Hp
[2007/04/29 23:38:32 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games
[2007/04/29 23:50:25 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ
[2011/08/08 23:17:13 | 000,000,000 | ---D | M] -- C:\Program Files\iLivid
[2011/07/23 17:20:56 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/06/15 16:02:04 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/11/19 19:41:49 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/11/19 19:43:16 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/06/16 16:16:46 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/05/23 22:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark X5400 Series
[2011/07/15 20:20:00 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/01/16 13:45:54 | 000,000,000 | ---D | M] -- C:\Program Files\MagicDisc
[2009/04/17 19:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/01/16 13:53:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/08/02 11:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2011/01/16 13:49:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2011/05/23 21:09:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/05/28 07:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/05/26 12:02:37 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/08/16 23:27:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/01/16 13:55:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011/07/08 09:54:04 | 000,000,000 | ---D | M] -- C:\Program Files\MSSOAP
[2007/04/29 23:42:41 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2007/04/29 23:32:26 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/08/15 21:12:23 | 000,000,000 | ---D | M] -- C:\Program Files\ooVoo
[2009/12/19 18:26:44 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/04/29 23:48:23 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/08/04 18:34:29 | 000,000,000 | ---D | M] -- C:\Program Files\Relief Network LP4
[2011/06/29 08:37:15 | 000,000,000 | ---D | M] -- C:\Program Files\Rhapsody
[2007/04/29 22:59:40 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2011/08/04 18:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\simppulltoolbar
[2009/09/20 12:27:04 | 000,000,000 | ---D | M] -- C:\Program Files\SiteAdvisor
[2011/05/23 21:09:48 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2011/08/04 18:33:54 | 000,000,000 | ---D | M] -- C:\Program Files\Surf Canyon
[2007/04/29 22:36:55 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2006/01/01 02:08:41 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2009/04/12 09:04:07 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/04/13 18:31:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/04/13 18:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/04/13 18:31:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2011/08/08 23:15:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows iLivid Toolbar
[2009/04/13 18:31:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/06/15 11:20:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/05/26 13:25:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/04/13 18:31:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/04/13 18:31:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/11/27 17:14:55 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2011/05/23 21:09:49 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2011/08/04 18:33:11 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo Layers Runtime


< MD5 for: AGP440.SYS >
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/04/29 23:52:45 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/04/29 23:52:45 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/04/29 23:52:45 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/11 13:37:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009/04/11 13:37:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009/04/11 13:37:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/10 23:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\WINDOWS\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/19 00:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\WINDOWS\System32\drivers\disk.sys
[2008/01/19 00:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\WINDOWS\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/19 00:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\WINDOWS\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 02:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\WINDOWS\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 00:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\System32\netlogon.dll
[2008/01/19 00:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-10 17:22:50

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/16 23:26:59 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/16 23:26:59 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/16 23:26:59 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Users\User\AppData\Local\ofb.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/08/17 23:17:16 | 000,352,768 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/16 23:27:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Users\User\AppData\Local\ofb.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/08/17 23:17:16 | 000,352,768 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 00:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 00:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 00:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Users\User\AppData\Local\ofb.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe" [2011/08/17 23:17:16 | 000,352,768 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/16 23:26:59 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/16 23:26:59 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/16 23:26:59 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Users\User\AppData\Local\ofb.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/08/17 23:17:16 | 000,352,768 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/16 23:27:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Users\User\AppData\Local\ofb.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/08/17 23:17:16 | 000,352,768 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/08/05 19:21:27 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 00:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 00:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 00:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Users\User\AppData\Local\ofb.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe" [2011/08/17 23:17:16 | 000,352,768 | ---- | M] (Microsoft Corporation)

< >
< End of report >

OTL EXTRAS LOG

OTL Extras logfile created on: 8/18/2011 4:17:32 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.87 Mb Total Physical Memory | 521.99 Mb Available Physical Memory | 54.49% Memory free
2.12 Gb Paging File | 1.80 Gb Available in Paging File | 84.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.42 Gb Total Space | 20.47 Gb Free Space | 30.82% Space Free | Partition Type: NTFS
Drive D: | 8.11 Gb Total Space | 1.72 Gb Free Space | 21.21% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- C:\Users\User\AppData\Local\ofb.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{44F41EFF-191A-4F5B-94F6-545D494A2E40}" = rport=138 | protocol=17 | dir=out | app=system |
"{4FA9A592-25DE-4425-B25D-528FE77FF1C5}" = lport=139 | protocol=6 | dir=in | app=system |
"{583EBE6D-22B3-46E4-9A75-D51E959D3C76}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{5F91231C-5D17-4BE1-9CBF-F13102EFBC95}" = rport=137 | protocol=17 | dir=out | app=system |
"{715A9FCA-E4E4-4E32-899B-BCF0D929CA56}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{778B25E5-B414-43C3-8ACA-00F21600A5A9}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{86D5FC50-9B92-4C81-9380-6BEF705D60E6}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8D59B1D8-E7EE-4C4E-B3FD-1F7E08117F51}" = lport=445 | protocol=6 | dir=in | app=system |
"{92668915-7675-47DE-9464-72ADDB64D137}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{940B8167-D21C-444F-BFE9-6AEF0B12E705}" = lport=138 | protocol=17 | dir=in | app=system |
"{95B245C5-BA33-4D87-9FBF-45C7216394C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9C65F02B-12DB-48EB-B4F5-09A3D1B993D8}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{A4D05409-C235-4BD8-A796-C1B62C62A7F5}" = lport=137 | protocol=17 | dir=in | app=system |
"{C8BF99FE-8586-424B-B42E-EAACC5FE7EFD}" = rport=139 | protocol=6 | dir=out | app=system |
"{CA60ED42-2DA3-49AC-A6A8-2D73F15290AD}" = rport=445 | protocol=6 | dir=out | app=system |
"{D0E73984-AE02-4C9C-AD05-BBBB97B9D031}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FF5D57EC-C785-4D62-96E3-6D24E9403CA0}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034F81BF-AB33-473B-894C-A27410A7C518}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0683206C-AE62-4AB6-946F-6FB96FF99EFE}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{08D165D8-3CEE-4318-ABF4-2DAAE26AE501}" = protocol=6 | dir=in | app=c:\program files\lexmark x5400 series\lxdvamon.exe |
"{096C6F46-9186-4E3E-9199-A33C64D6414F}" = protocol=17 | dir=in | app=c:\program files\lexmark x5400 series\lxdvamon.exe |
"{0D266447-8C8C-4B02-AB26-1193FD7B819B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{159CD9F1-6278-4F89-92A8-60917A7767B7}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{18F5C6BC-298A-407F-A34A-0562E8AEAEFA}" = protocol=17 | dir=in | app=c:\program files\lexmark x5400 series\lxdvmon.exe |
"{1CFF778E-162C-41B1-A590-FC95B2BA0DA9}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{1F618393-553F-4E74-9519-EB165A37C259}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{227E7752-5F3D-4607-9B45-2296B068864A}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{250C7E2C-0124-45EF-8D8B-4455C87FB2BA}" = protocol=6 | dir=in | app=c:\windows\system32\lxdvcoms.exe |
"{2EB80D87-88A9-4C82-90C4-9AEF4D208859}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3B7AEE97-8893-4D56-B30A-59C5891AB101}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{3EBA888C-79E1-4680-8DF6-98F1D121A453}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3FE9B84F-589F-4CFB-A5A2-90863097BE69}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{4847F54B-9936-4942-9D57-298BC9C46510}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4C9C06D0-1193-49B2-9222-9F2F680760BC}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdvpswx.exe |
"{4F0200F0-E972-4675-9D7D-F12481964368}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{55F25C68-EAE0-45D6-8B1E-97D9803E4F74}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdvtime.exe |
"{5F32FB7E-C342-42D7-9B9C-71E16D78C47D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6A3B5310-9011-4130-A7F0-4C3C4AC56CFC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{71A14AEA-5B6A-4988-AC21-407377B365DE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{73259CF7-E93B-4D72-9364-03A0C27705E2}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{777805B8-2786-4F99-8AB3-76A335E03CF0}" = protocol=17 | dir=in | app=c:\program files\relief network lp4\troubleshooter.exe |
"{7B8622B3-CA9D-4ED1-8E0F-48E8DFA6B44E}" = protocol=6 | dir=in | app=c:\program files\relief network lp4\troubleshooter.exe |
"{7C2F6A96-3D9C-4430-AD90-21C1AF821792}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{85F5142B-BA68-4977-861D-B761C7F07955}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8B1EFD3F-0865-45BE-ADA7-CCCC619B71D8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8EA3AED1-C1B5-4A18-AB62-8AE628E1498A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{93CD4EDC-C86C-48A6-9172-12C697ED428B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{994AF9DF-D6F9-49A8-AF1E-FFC53676A57C}" = protocol=17 | dir=in | app=c:\windows\system32\lxdvcoms.exe |
"{9BD6E2B5-F7BE-491E-ADE1-21667DCE93D9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A0CB7E82-47FF-466D-AA63-B31958AD18A7}" = protocol=17 | dir=in | app=c:\program files\lexmark x5400 series\frun.exe |
"{A6B0D777-8524-4C9D-A2FE-EB712CFD3663}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{A9251460-71C1-4F7D-B46F-8D2B3391E92E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{ADE15D3D-D0CC-41D3-A211-07F709F240BF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BAAB09F6-22CB-4881-B252-A32018A406DB}" = protocol=6 | dir=in | app=c:\program files\lexmark x5400 series\lxdvmon.exe |
"{BC94729B-53A6-4A2B-B0EA-43CA68ADF83A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C365F0EF-808A-4FB2-A458-8FBEF7163CC3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C538DD80-F064-443B-9D38-CF1DED333244}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C6B8A5BA-E15B-473F-827C-71808818F9C4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C8C91F4F-355C-49BF-8E94-862DC3D07BC9}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{CE6F04D9-04AB-4D37-B437-9FB62F1848FE}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{D2937D9F-59C9-4A90-AA69-124D40365876}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{D77F9D72-39F4-4631-B17A-71852D2E5237}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdvpswx.exe |
"{DC661E1E-B722-4A92-AABE-31E027E6B4F0}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdvtime.exe |
"{DE7CFE1A-643E-4649-A2B6-9A65B62FAC74}" = protocol=6 | dir=in | app=c:\program files\lexmark x5400 series\frun.exe |
"{DEC36C78-CAB4-4A61-AE62-8C04D43D6850}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{DFA46060-8816-4117-A497-B920881E04DF}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{E47D3268-D734-4074-BA24-C92E6FCE51EB}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
"{EE2EEC73-1312-4757-8A26-6EB7DB3E7FEA}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
"TCP Query User{2C3C2A91-71F2-440D-AEEE-B248CB76A1E0}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{A0360C00-247D-4344-B105-71FCF790DD79}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F796B887-70D7-4803-825B-4EE1E0933355}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{2AFC22D0-89E4-42B9-BCD2-0216ECB4335D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{308625B2-57A6-4CFA-88EF-896EA4D9D0C8}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{86284235-37A7-4464-AE6B-621D40990F20}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 26
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 D3
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{422D76A7-38F1-4243-A7C7-21FCA56B7FA9}" = Facebook Video Calling 1.0.0.7897
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}" = LightScribe System Software 1.10.19.1
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F86D49A-BF7B-4CC9-B809-F7F7C81C12F1}" = CSI-Miami
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{88A548E6-4B09-43E7-AD55-3C7D1B37706D}" = ESU for Microsoft Vista
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF0B98A9-F7E2-4FF5-88C7-7960EB91752B}" = HP User Guides 0041
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Hercules Deluxe Optical Glass
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"Bandoo" = Bandoo
"BearShare 2 MediaBar" = MediaBar
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"egamestoolbar" = eGames Toolbar
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"iLivid" = iLivid
"Lexmark X5400 Series" = Lexmark X5400 Series
"Logitech Vid" = Logitech Vid HD
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Relief Network LP4" = Relief Network LP4
"Rhapsody" = Rhapsody
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"simppulltoolbar" = Simppull Toolbar
"Surf Canyon" = Fast Search by Surf Canyon
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hplaptop Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/12/2011 9:05:29 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application NisSrv.exe, version 3.0.8402.0, time stamp 0x4db89a7b,
faulting module NisSrv.exe, version 3.0.8402.0, time stamp 0x4db89a7b, exception
code 0xc0000005, fault offset 0x00019784, process id 0xca8, application start time
0x01cc5952562aa635.

Error - 8/13/2011 12:08:30 AM | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 5.0.1.4205 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 17f4 Start Time: 01cc59636333718f Termination Time: 2468

Error - 8/13/2011 9:42:02 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application NisSrv.exe, version 3.0.8402.0, time stamp 0x4db89a7b,
faulting module NisSrv.exe, version 3.0.8402.0, time stamp 0x4db89a7b, exception
code 0xc0000005, fault offset 0x00019784, process id 0xc90, application start time
0x01cc5a210647833e.

Error - 8/14/2011 4:21:22 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18639, time stamp
0x4db02c95, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x13600005, process id 0x56c, application start time
0x01cc5a5ae7d6fc55.

Error - 8/14/2011 10:30:22 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application NisSrv.exe, version 3.0.8402.0, time stamp 0x4db89a7b,
faulting module NisSrv.exe, version 3.0.8402.0, time stamp 0x4db89a7b, exception
code 0xc0000005, fault offset 0x00019784, process id 0xbdc, application start time
0x01cc5af0d5d07f47.

Error - 8/16/2011 1:42:10 AM | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = The program LWS.exe version 13.0.1774.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 990 Start Time: 01cc5ba5dc4a7232 Termination Time: 6

Error - 8/16/2011 12:53:46 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application NisSrv.exe, version 3.0.8402.0, time stamp 0x4db89a7b,
faulting module NisSrv.exe, version 3.0.8402.0, time stamp 0x4db89a7b, exception
code 0xc0000005, fault offset 0x00019784, process id 0xbf8, application start time
0x01cc5c322c35317c.

Error - 8/17/2011 11:06:21 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application NisSrv.exe, version 3.0.8402.0, time stamp 0x4db89a7b,
faulting module NisSrv.exe, version 3.0.8402.0, time stamp 0x4db89a7b, exception
code 0xc0000005, fault offset 0x00019784, process id 0xc20, application start time
0x01cc5d50b06a6f4a.

Error - 8/18/2011 6:56:57 PM | Computer Name = User-PC | Source = EventSystem | ID = 4609
Description =

Error - 8/18/2011 7:05:49 PM | Computer Name = User-PC | Source = EventSystem | ID = 4609
Description =


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Security Check and aswMBR Logs:

Results of screen317's Security Check version 0.99.18
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6
Adobe Flash Player 10.3.183.5
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````


aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-18 16:42:56
-----------------------------
16:42:56.796 OS Version: Windows 6.0.6001 Service Pack 1
16:42:56.796 Number of processors: 2 586 0x6801
16:42:56.812 ComputerName: USER-PC UserName: User
16:42:58.153 Initialize success
16:43:57.683 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000077
16:43:57.698 Disk 0 Vendor: Hitachi_ SB2O Size: 76319MB BusType: 6
16:43:59.726 Disk 0 MBR read successfully
16:43:59.726 Disk 0 MBR scan
16:43:59.726 Disk 0 unknown MBR code
16:43:59.742 Disk 0 scanning sectors +156296385
16:43:59.804 Disk 0 scanning C:\Windows\system32\drivers
16:44:08.322 Service scanning
16:44:09.632 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
16:44:10.381 Modules scanning
16:44:15.701 Disk 0 trace - called modules:
16:44:15.748 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys ndis.sys nvmfdx32.sys
16:44:15.763 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84dbda10]
16:44:15.779 3 CLASSPNP.SYS[867a9745] -> nt!IofCallDriver -> [0x848a11f0]
16:44:15.779 5 acpi.sys[82a116a0] -> nt!IofCallDriver -> \Device\00000077[0x848a1c90]
16:44:15.810 Scan finished successfully
16:49:06.485 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
16:49:06.516 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

Hi,

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  PRC - [2011/08/17 23:17:16 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Users\User\AppData\Local\ofb.exe
  O4 - HKCU..\Run: [2574125309] C:\Users\User\AppData\Local\ofb.exe (Microsoft Corporation)
  O4 - HKCU..\Run: [Aim6] File not found
  O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
  O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
  O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
  O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
  O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O20 - AppInit_DLLs: (c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll) - c:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
  O20 - AppInit_DLLs: (c:\progra~1\bearsh~1\mediabar\datamngr\iebho.dll) - c:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
  O33 - MountPoints2\{3b8343c2-9d30-11e0-ab11-001b243b0d58}\Shell - "" = AutoRun
  O33 - MountPoints2\{3b8343c2-9d30-11e0-ab11-001b243b0d58}\Shell\AutoRun\command - "" = F:\PcOptions.exe
  O33 - MountPoints2\{460b50f0-9f9c-11e0-9029-001b243b0d58}\Shell - "" = AutoRun
  O33 - MountPoints2\{460b50f0-9f9c-11e0-9029-001b243b0d58}\Shell\AutoRun\command - "" = F:\PcOptions.exe
  O33 - MountPoints2\{97dca20f-8d6f-11e0-a09b-001b243b0d58}\Shell - "" = AutoRun
  O33 - MountPoints2\{97dca20f-8d6f-11e0-a09b-001b243b0d58}\Shell\AutoRun\command - "" = F:\PcOptions.exe
  [2011/08/17 23:18:32 | 000,000,000 | ---- | M] () -- C:\ProgramData\yoyx.exe
  [2011/08/17 23:18:32 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\vqpu.exe
  [2011/08/17 23:18:32 | 000,000,000 | ---- | M] () -- C:\ProgramData\ostj.exe
  [2011/08/17 23:18:32 | 000,000,000 | ---- | M] () -- C:\ProgramData\kcgm.exe
  [2011/08/17 23:18:32 | 000,000,000 | ---- | M] () -- C:\ProgramData\fnla.exe
  [2011/08/17 23:18:32 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\dria.exe
  [2011/08/17 23:18:32 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\domj.exe
  [2011/08/17 23:18:32 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\bfus.exe
  [2011/08/17 23:17:16 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Users\User\AppData\Local\ofb.exe
  
  
  
  :commands
  [emptytemp]
  [resethosts]
  
  
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

--------------------------

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.