• Content Count

    5
  • Joined

  • Last visited

Community Reputation

0 Neutral

About [email protected]

  • Rank
    Newbie
  1. Hello, SpySentinel... OK. Ran the Malwarebytes... here is the log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6037 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 3/12/2011 3:06:28 PM mbam-log-2011-03-12 (15-06-28).txt Scan type: Quick scan Objects scanned: 155242 Time elapsed: 19 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 17 Files Infected: 25 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar (Adware.Hotbar) -> Delete on reboot. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\weather_xml (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weather_xml (Adware.Hotbar) -> Quarantined and deleted successfully. c:\programdata\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files\Hotbar\bin (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files\Hotbar\bin\11.0.78.0 (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files\Hotbar\bin\11.0.78.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files\Hotbar\bin\11.0.78.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files\Hotbar\bin\11.0.78.0\firefox\extensions\components (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] (Adware.GamesVance) -> Delete on reboot. c:\Users\windeebrook\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome (Adware.GamesVance) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components (Adware.GamesVance) -> Quarantined and deleted successfully. Files Infected: c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\history (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherstartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\Links (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\radar-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\radar-small (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\satellite-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\satellite-small (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\weatherpreferences (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\weather_xml\Display (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\weather_xml\Loading (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\weather_xml\screen2 (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weather_xml\Default (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weather_xml\Genera1 (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weather_xml\General (Adware.Hotbar) -> Quarantined and deleted successfully. c:\programdata\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully. c:\programdata\HotbarSA\hotbarsaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully. c:\programdata\HotbarSA\hotbarsaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully. c:\programdata\HotbarSA\hotbarsaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully. c:\programdata\HotbarSA\hotbarsa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files\Hotbar\bin\11.0.78.0\copyright.txt (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files\Hotbar\bin\11.0.78.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files\Hotbar\bin\11.0.78.0\firefox\extensions\components\npclntax.xpt (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\install.rdf (Adware.GamesVance) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome\gvtextlinks.jar (Adware.GamesVance) -> Quarantined and deleted successfully. c:\Users\windeebrook\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\gvtlf.xpt (Adware.GamesVance) -> Quarantined and deleted successfully. Getting ready to run Kaspersky... will post when done. Have a good day!
  2. ... bye the way, when Ad-Aware begins a scan, it begins scanning with "rootkits" with no objects being scanned. It spnds some time scanning "rootkits." I have not seen that before... is that part of my problem? Thanks.
  3. Hello, SpySentinel... Hope your day went well. I performed the fix as instructed, and rebooted my machine. I am not sure, I guess, what I am to look for to know if my machine is fixed. If you don't mind, I have a couple of questions: 1) What was your diagnosis based on the OTL scan I ran and reports posted? 2) Did you see an infection when you reviewed those reports? 3) Is there any specific resolution that I should be able to see after running the prescribed fix? 4) After running the fix, I rebooted the machine. I then rebooted the machine in Safe Mode and did another full scan with Ad-Aware. The scan took over four hours. I have run full scans before on the same type of computers, and they took no where near four hours. Is there a reason for this lengthy scan? 5) Would you recommend I un-install Ad-Aware and down load again? 6) Please find below posted the results of Ad-Aware's last full scan which I mentioned above: Logfile created: 3/6/2011 15:17:10 Ad-Aware version: 9.0.2 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: windeebrook *********************** Definitions database information *********************** Lavasoft definition file: 150.310 Genotype definition file version: 2011/03/03 17:00:35 Extended engine definition file: 8613.0 ******************************** Scan results: ********************************* Scan profile name: Full Scan (ID: full) Objects scanned: 293442 Objects detected: 17 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 0 Folders.........: 0 LSPs............: 0 Cookies.........: 17 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0 Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0 Description: *pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408826 Family ID: 0 Description: *ads.pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408927 Family ID: 0 Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0 Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0 Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0 Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0 Description: *apmebf* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409163 Family ID: 0 Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0 Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0 Description: *fastclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408869 Family ID: 0 Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0 Description: *mediaplex* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408991 Family ID: 0 Description: *server.iad.liveperson* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409131 Family ID: 0 Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 Description: *trafficmp* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408787 Family ID: 0 Scan and cleaning complete: Finished correctly after 14931 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Full Scan ID: folderstoscan, enabled:1, value: C:\,D:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: strict, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Mon Feb 21 21:25:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Mon Feb 21 03:25:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Mon Feb 21 09:25:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Mon Feb 21 15:25:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Mon Feb 21 21:25:00 2011 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: true ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: true ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple Realtime protection settings: ID: realtime, enabled:1 ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: maintainbackup, enabled:1, value: true ID: modules, enabled:1 ID: processprotection, enabled:0, value: true ID: onaccessprotection, enabled:0, value: true ID: registryprotection, enabled:0, value: true ID: networkprotection, enabled:0, value: true ****************************** System information ****************************** Computer name: WINDEEBROOK-PC Processor name: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ Processor identifier: x86 Family 15 Model 107 Stepping 1 Processor speed: ~1908MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 27393, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3,3DNow] Physical memory available: 489132032 bytes Physical memory total: 937238528 bytes Virtual memory available: 1862811648 bytes Virtual memory total: 2147352576 bytes Memory load: 47% Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002) Windows startup mode: Running processes: PID: 348 name: C:\WINDOWS\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 480 name: C:\WINDOWS\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 516 name: C:\WINDOWS\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 524 name: C:\WINDOWS\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY PID: 568 name: C:\WINDOWS\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 600 name: C:\WINDOWS\System32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 612 name: C:\WINDOWS\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 620 name: C:\WINDOWS\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY PID: 768 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 824 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 864 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 944 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 972 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1012 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1056 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1072 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1192 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1252 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1416 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1636 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 1720 name: C:\WINDOWS\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY PID: 1884 name: C:\WINDOWS\explorer.exe owner: windeebrook domain: windeebrook-PC PID: 656 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: windeebrook domain: windeebrook-PC PID: 1876 name: C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe owner: SYSTEM domain: NT AUTHORITY PID: 1412 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: windeebrook domain: windeebrook-PC Startup items: Name: Windows Defender imagepath: %ProgramFiles%\Windows Defender\MSASCui.exe -hide Name: hpsysdrv imagepath: c:\hp\support\hpsysdrv.exe Name: OsdMaestro imagepath: "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" Name: RtHDVCpl imagepath: RtHDVCpl.exe Name: SnapfishMediaDetector imagepath: C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe Name: Launcher imagepath: %WINDIR%\SMINST\launcher.exe Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini Name: location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk imagepath: C:\Program Files\Microsoft Office\Office\OSA9.EXE Name: location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk imagepath: C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: BFE displayname: Base Filtering Engine Name: CryptSvc displayname: Cryptographic Services Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: Dnscache displayname: DNS Client Name: Eventlog displayname: Windows Event Log Name: IKEEXT displayname: IKE and AuthIP IPsec Keying Modules Name: LanmanWorkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: lmhosts displayname: TCP/IP NetBIOS Helper Name: MpsSvc displayname: Windows Firewall Name: Netman displayname: Network Connections Name: netprofm displayname: Network List Service Name: NlaSvc displayname: Network Location Awareness Name: nsi displayname: Network Store Interface Service Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPsec Policy Agent Name: ProfSvc displayname: User Profile Service Name: RpcSs displayname: Remote Procedure Call (RPC) Name: WinDefend displayname: Windows Defender Name: Winmgmt displayname: Windows Management Instrumentation Name: wudfsvc displayname: Windows Driver Foundation - User-mode Driver Framework I know you must be busy, SpySentinel, but this computer is the one my daughter does all of her schoolwork on, and my wife does all the financial stuff on, so we really appreciate your help! Take care,
  4. Hello, SpySentinel... I appreciate your help...! I did as you requested, and the following reports were given: OTL logfile created on: 3/5/2011 12:43:09 PM - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\windeebrook\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 894.00 Mb Total Physical Memory | 407.00 Mb Available Physical Memory | 46.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 140.67 Gb Total Space | 35.19 Gb Free Space | 25.02% Space Free | Partition Type: NTFS Drive D: | 8.38 Gb Total Space | 0.00 Gb Free Space | 0.03% Space Free | Partition Type: NTFS Computer Name: WINDEEBROOK-PC | User Name: windeebrook | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color="#E56717"]========== Processes (SafeList) ==========[/color] PRC - C:\Users\windeebrook\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\WINDOWS\WindowsMobile\wmdcBase.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) [color="#E56717"]========== Modules (SafeList) ==========[/color] MOD - C:\Users\windeebrook\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) [color="#E56717"]========== Win32 Services (SafeList) ==========[/color] SRV - (LiveUpdate Notice Ex) -- File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\WINDOWS\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\WINDOWS\WindowsMobile\rapimgr.dll (Microsoft Corporation) [color="#E56717"]========== Driver Services (SafeList) ==========[/color] DRV - (SBRE) -- C:\WINDOWS\System32\drivers\SBREDrv.sys (Sunbelt Software) DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (sbapifs) -- C:\WINDOWS\System32\drivers\sbapifs.sys (Sunbelt Software) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (winusb) -- C:\WINDOWS\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) [color="#E56717"]========== Standard Registry (SafeList) ==========[/color] [color="#E56717"]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.att.net/"]http://www.att.net/[/url] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [2010/11/07 20:50:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\windeebrook\AppData\Roaming\Mozilla\Extensions [2009/08/06 20:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\windeebrook\AppData\Roaming\Mozilla\Extensions\[email protected] O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.) O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe () O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\WINDOWS\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks) O4 - HKCU..\RunOnce: [Shockwave Updater] File not found O4 - Startup: C:\Users\windeebrook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 () O4 - Startup: C:\Users\windeebrook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Dogz 5 - Catz 5 Compilation Jewelcase.LNK = File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries00000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [url="http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab"]http://upload.facebook.com/controls/2008.1...toUploader5.cab[/url] (Facebook Photo Uploader 5 Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [url="http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab"]http://download.microsoft.com/download/E/5...heckControl.cab[/url] (Windows Genuine Advantage Validation Tool) O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} [url="http://picasaweb.google.com/s/v/63.16/uploader2.cab"]http://picasaweb.google.com/s/v/63.16/uploader2.cab[/url] (UploadListView Class) O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} [url="http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab"]http://www.worldwinner.com/games/v47/solit...litairerush.cab[/url] (SolitaireRush Control) O16 - DPF: {49232000-16E4-426C-A231-62846947304B} [url="https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab"]https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab[/url] (SysData Class) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [url="http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab"]http://cdn.smugmug.com/photos/activex/Imag....1.0-082608.cab[/url] (Image Uploader Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [url="http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab"]http://upload.facebook.com/controls/2009.0...oUploader55.cab[/url] (Facebook Photo Uploader 5 Control) O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} [url="http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab"]http://picture.vzw.com/activex/VerizonWire...loadControl.cab[/url] (Verizon Wireless Media Upload) O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [url="http://www.worldwinner.com/games/shared/wwlaunch.cab"]http://www.worldwinner.com/games/shared/wwlaunch.cab[/url] (Wwlaunch Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_22) O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} [url="http://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab"]http://www.shockwave.com/content/dinerdash...tg.1.0.0.33.cab[/url] (CPlayFirstddfotgControl Object) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} [url="http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab"]http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab[/url] (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_22) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [url="http://www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab"]http://www.shockwave.com/content/insaniqua...ploader_v10.cab[/url] (PopCapLoader Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.165.129.158 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\windeebrook\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\windeebrook\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/05/10 12:00:25 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color="#E56717"]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/03/05 12:38:18 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\windeebrook\Desktop\OTL.exe [2011/03/04 17:00:11 | 000,000,000 | ---D | C] -- C:\Users\windeebrook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011/03/04 17:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011/03/04 16:57:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\windeebrook\HijackThis.exe [2011/03/04 16:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis [2011/02/23 11:44:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011/02/23 11:39:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011/02/23 11:37:40 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011/02/23 11:37:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011/02/23 11:37:39 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011/02/23 11:37:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011/02/23 11:37:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011/02/23 11:37:23 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011/02/23 11:37:23 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011/02/23 11:37:23 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011/02/23 11:37:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011/02/23 11:37:21 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011/02/23 11:36:50 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011/02/23 11:36:49 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011/02/23 11:36:49 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011/02/23 11:36:49 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011/02/23 11:36:48 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011/02/21 22:00:28 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011/02/21 21:25:35 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2011/02/21 21:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011/02/21 20:30:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} [2011/02/20 18:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\hPiMmEe12900 [2011/02/09 15:34:18 | 000,000,000 | ---D | C] -- C:\Users\windeebrook\pmic_prod_data [2011/02/09 15:28:17 | 000,000,000 | ---D | C] -- C:\Users\windeebrook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Physicians Mutual Quoting Software [2011/02/09 15:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Physicians Mutual Quoting Software [2011/02/09 15:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\PMIC [2011/02/09 10:18:21 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011/02/09 10:18:21 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011/02/09 10:18:21 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011/02/09 10:18:21 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011/02/09 10:18:21 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011/02/09 10:18:21 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011/02/09 10:18:21 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011/02/09 10:18:20 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011/02/09 10:18:20 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011/02/09 10:18:20 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011/02/09 10:18:20 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011/02/09 10:18:19 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011/02/09 10:18:19 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011/02/09 10:18:19 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011/02/09 10:18:19 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011/02/09 10:18:18 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011/02/09 10:18:18 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011/02/09 10:18:18 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011/02/09 10:18:17 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011/02/09 10:18:16 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011/02/09 10:18:16 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011/02/09 10:18:12 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011/02/09 10:18:12 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011/02/09 10:18:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011/02/09 10:17:38 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/02/09 10:17:33 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011/02/09 10:17:32 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011/02/09 10:17:21 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/02/09 10:17:21 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/02/09 10:17:20 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011/02/09 10:17:20 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/02/09 10:17:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/02/09 10:17:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/02/09 10:17:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/02/09 10:17:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/02/09 10:17:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/02/09 10:17:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/02/09 10:17:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/02/09 10:17:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/02/09 10:17:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/02/09 10:17:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/02/09 10:17:18 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/02/09 10:17:18 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/02/09 10:17:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/02/09 10:14:53 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011/02/09 10:14:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [color="#E56717"]========== Files - Modified Within 30 Days ==========[/color] [2011/03/05 12:38:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\windeebrook\Desktop\OTL.exe [2011/03/05 12:37:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/03/05 11:57:44 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/03/05 11:57:44 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/03/05 10:21:13 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011/03/05 09:37:39 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2011/03/05 08:04:42 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2011/03/05 08:04:42 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job [2011/03/05 08:04:42 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2011/03/05 07:57:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/03/05 07:57:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/03/05 07:57:35 | 938,008,576 | -HS- | M] () -- C:\hiberfil.sys [2011/03/04 18:00:03 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job [2011/03/04 17:05:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011/03/04 17:00:12 | 000,001,960 | ---- | M] () -- C:\Users\windeebrook\Desktop\HiJackThis.lnk [2011/03/04 16:57:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\windeebrook\HijackThis.exe [2011/03/04 16:57:02 | 001,402,880 | ---- | M] () -- C:\Users\windeebrook\HiJackThis.msi [2011/03/04 14:44:50 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B7577864-14A8-4732-B869-73A50D27BB98}.job [2011/03/04 14:28:47 | 000,003,433 | ---- | M] () -- C:\Users\windeebrook\Documents\Supplemental Funding Request for 2011.rtf [2011/03/01 09:54:08 | 000,013,824 | ---- | M] () -- C:\Users\windeebrook\Documents\Scrub Cleaning.xlr [2011/03/01 09:54:08 | 000,011,300 | ---- | M] () -- C:\Users\windeebrook\AppData\Roaming\wklnhst.dat [2011/02/28 19:52:03 | 000,022,139 | ---- | M] () -- C:\Users\windeebrook\Documents\Colorado Fair Debt Collection Practices Stautes.rtf [2011/02/21 22:00:21 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011/02/21 22:00:18 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2011/02/21 21:23:24 | 000,001,037 | ---- | M] () -- C:\Users\windeebrook\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk [2011/02/21 21:23:24 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011/02/21 21:04:56 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011/02/21 21:04:56 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011/02/20 19:13:39 | 000,010,375 | ---- | M] () -- C:\Users\windeebrook\Documents\credit card suit info.rtf [2011/02/16 15:06:58 | 000,010,752 | ---- | M] () -- C:\Users\windeebrook\Documents\Megs talk 021711.wps [2011/02/16 14:44:37 | 000,001,779 | ---- | M] () -- C:\Users\windeebrook\Desktop\Microsoft Works Word Processor.lnk [2011/02/11 13:10:43 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/02/11 13:10:43 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/02/10 21:32:28 | 000,368,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/02/10 19:58:17 | 000,001,287 | ---- | M] () -- C:\Users\windeebrook\Documents\Grassclan 2 cats.rtf [2011/02/09 15:28:17 | 000,001,649 | ---- | M] () -- C:\Users\windeebrook\Desktop\Physicians Mutual Quoting.lnk [2011/02/09 14:56:49 | 000,317,519 | ---- | M] () -- C:\Users\windeebrook\Desktop\Montrose App Michael.pdf [2011/02/09 14:15:52 | 000,283,081 | ---- | M] () -- C:\Users\windeebrook\Desktop\Montrose Application.pdf [2011/02/08 12:36:32 | 002,075,462 | ---- | M] () -- C:\Users\windeebrook\Documents\Mavis.rtf [color="#E56717"]========== Files Created - No Company Name ==========[/color] [2011/03/05 08:04:37 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2011/03/05 08:04:37 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2011/03/05 08:04:37 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job [2011/03/05 08:04:36 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2011/03/04 17:00:11 | 000,001,960 | ---- | C] () -- C:\Users\windeebrook\Desktop\HiJackThis.lnk [2011/03/04 16:56:33 | 001,402,880 | ---- | C] () -- C:\Users\windeebrook\HiJackThis.msi [2011/03/04 14:03:12 | 000,003,433 | ---- | C] () -- C:\Users\windeebrook\Documents\Supplemental Funding Request for 2011.rtf [2011/03/04 12:52:18 | 938,008,576 | -HS- | C] () -- C:\hiberfil.sys [2011/03/01 09:54:08 | 000,013,824 | ---- | C] () -- C:\Users\windeebrook\Documents\Scrub Cleaning.xlr [2011/02/28 19:00:43 | 000,022,139 | ---- | C] () -- C:\Users\windeebrook\Documents\Colorado Fair Debt Collection Practices Stautes.rtf [2011/02/23 11:36:56 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011/02/23 11:36:55 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011/02/23 11:36:55 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011/02/21 21:23:24 | 000,001,037 | ---- | C] () -- C:\Users\windeebrook\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk [2011/02/21 21:23:24 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011/02/20 18:31:02 | 000,010,375 | ---- | C] () -- C:\Users\windeebrook\Documents\credit card suit info.rtf [2011/02/16 15:06:58 | 000,010,752 | ---- | C] () -- C:\Users\windeebrook\Documents\Megs talk 021711.wps [2011/02/16 14:44:37 | 000,001,779 | ---- | C] () -- C:\Users\windeebrook\Desktop\Microsoft Works Word Processor.lnk [2011/02/14 19:28:22 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011/02/14 19:28:21 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011/02/09 15:28:17 | 000,001,649 | ---- | C] () -- C:\Users\windeebrook\Desktop\Physicians Mutual Quoting.lnk [2011/02/09 14:56:48 | 000,317,519 | ---- | C] () -- C:\Users\windeebrook\Desktop\Montrose App Michael.pdf [2011/02/09 14:15:51 | 000,283,081 | ---- | C] () -- C:\Users\windeebrook\Desktop\Montrose Application.pdf [2011/02/08 16:50:52 | 000,001,287 | ---- | C] () -- C:\Users\windeebrook\Documents\Grassclan 2 cats.rtf [2011/02/08 12:36:31 | 002,075,462 | ---- | C] () -- C:\Users\windeebrook\Documents\Mavis.rtf [2010/08/12 15:43:35 | 000,000,000 | ---- | C] () -- C:\Windows\game.INI [2010/06/17 06:20:31 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010/06/17 06:07:45 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2009/12/10 11:33:49 | 000,000,069 | ---- | C] () -- C:\Windows\wininit.ini [2009/11/21 14:02:52 | 000,000,106 | ---- | C] () -- C:\Windows\TLCAPPS.INI [2009/10/06 15:28:16 | 000,000,998 | ---- | C] () -- C:\Windows\EReg515.dat [2009/10/06 15:25:17 | 000,000,185 | ---- | C] () -- C:\Windows\disney.ini [2009/09/28 17:56:07 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe [2009/09/19 07:00:54 | 000,000,022 | -H-- | C] () -- C:\Users\windeebrook\AppData\Local\xftredahs.dat [2009/09/18 16:02:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/09/18 16:02:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/08/25 19:24:19 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/03/08 12:14:41 | 000,000,552 | ---- | C] () -- C:\Users\windeebrook\AppData\Local\d3d8caps.dat [2009/03/07 16:49:51 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe [2009/01/02 13:18:08 | 000,000,593 | ---- | C] () -- C:\Windows\SIERRA.INI [2008/12/06 15:39:12 | 000,081,408 | ---- | C] () -- C:\Users\windeebrook\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/12/06 11:22:59 | 000,011,300 | ---- | C] () -- C:\Users\windeebrook\AppData\Roaming\wklnhst.dat [2008/12/06 10:14:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/11/18 12:08:17 | 000,031,007 | ---- | C] () -- C:\Users\windeebrook\AppData\Roaming\UserTile.png [2008/11/06 04:40:12 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2007/05/10 11:43:11 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat [2007/05/10 11:22:23 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe [2007/05/10 11:19:48 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll [2007/05/10 11:19:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll [2007/03/06 01:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2007/01/12 07:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2007/01/12 07:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 05:44:53 | 000,368,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 03:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 03:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1997/06/13 18:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [color="#E56717"]========== LOP Check ==========[/color] [2009/07/26 14:38:05 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Acoustica [2009/07/23 16:53:34 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Canneverbe_Limited [2010/02/08 21:55:06 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009/02/24 14:44:07 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\DriverCure [2010/02/09 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Facebook [2009/11/08 22:46:10 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Hotbar [2009/08/06 21:05:52 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\LimeWire [2009/03/07 16:21:52 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\muvee Technologies [2010/06/17 05:54:33 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Namco [2009/08/02 14:01:34 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\NCH Swift Sound [2009/09/17 20:10:38 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\proDAD [2008/11/06 03:37:02 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Snapfish [2008/12/06 11:26:17 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Template [2010/09/17 18:41:30 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Titanium [2010/12/30 14:15:43 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Watchtower [2009/11/08 22:46:06 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\WeatherDPA [2009/02/17 17:05:45 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\WildTangent [2008/11/07 11:46:53 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\WinBatch [2011/03/05 08:04:42 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job [2011/03/05 08:04:42 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job [2011/03/05 09:37:39 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job [2011/03/05 08:04:42 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job [2011/02/02 04:17:17 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job [2011/03/04 18:00:03 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job [2010/05/08 03:29:03 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job [2011/03/04 17:05:38 | 000,032,636 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT [2011/03/04 14:44:50 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B7577864-14A8-4732-B869-73A50D27BB98}.job [color="#E56717"]========== Purity Check ==========[/color] [color="#E56717"]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 76 bytes -> C:\Users\windeebrook\Documents\LittleBritchesRoxio.dmsd:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\windeebrook\Documents\Carnival Cruise The Elation.dmsd:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\windeebrook\Documents\anniversary gift 10109.dmsd:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\windeebrook\Documents\3xc.dmsd:Roxio EMC Stream @Alternate Data Stream - 64 bytes -> C:\Users\windeebrook\Desktop\LBRodeoMusic1.wav:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\windeebrook\Desktop\iasn_E_126.mp3:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\windeebrook\Desktop\iasn_E_027.mp3:TOC.WMV @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:FAC5BCF5 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:522EA216 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1CD23587 < End of report > OTL Extras logfile created on: 3/5/2011 12:43:09 PM - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\windeebrook\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 894.00 Mb Total Physical Memory | 407.00 Mb Available Physical Memory | 46.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 140.67 Gb Total Space | 35.19 Gb Free Space | 25.02% Space Free | Partition Type: NTFS Drive D: | 8.38 Gb Total Space | 0.00 Gb Free Space | 0.03% Space Free | Partition Type: NTFS Computer Name: WINDEEBROOK-PC | User Name: windeebrook | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color="#E56717"]========== Extra Registry (SafeList) ==========[/color] [color="#E56717"]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [color="#E56717"]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color="#E56717"]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color="#E56717"]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color="#E56717"]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) [color="#E56717"]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{20D4B5DE-9DEA-4AC0-B277-A1F65F7E6C85}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{327F3783-D9B2-4356-8153-B98D07508821}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8C8F3A82-C6DB-4376-8D75-B68F51871533}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9C416B2E-C997-44E8-85D3-3458713DD7AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AE56B8AA-88F1-4D6F-A67D-FB146EE507C7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{BDD272AB-DA58-4383-83FB-D0FB98CA98CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D85B96CE-5441-4D36-9684-FD922818252C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FE18083F-BFCC-4E05-B09B-18A8938A89D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | [color="#E56717"]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{050EF8A8-5B40-42DB-8053-1F34617439BA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{0BAA5EED-C417-4FFE-A098-E2C8B5FADDA2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0EEB178F-1537-4FBA-AAC8-E6F047654F02}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{21C042E9-8F4D-4046-980E-4F45283AC8F2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{46C2C152-FAA4-4884-B309-2AF9A03DB09B}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "{50A23EED-45A3-43BD-A4F2-A437B4984E3E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5D25158C-88FB-4D52-BFE3-F10F6F6EEF4E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5E970ADA-6874-424E-BB5E-2CD7EED3DCCD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{5F492DF9-3E76-42E6-973A-8083AE42F792}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{61D8597E-437D-43DD-89CC-62F487F13081}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{6A3B31DE-424F-42C1-972E-84FF1D4A13DF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{72E3E79A-7A06-4D50-8174-3579CDF03F12}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{77070086-7902-4B9D-8FD1-42191BA4FD61}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe | "{7E503ED5-6D54-4F93-AE61-81ACA3E2E9D7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9128E1E3-4108-43B9-BBE2-C092D072CF22}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe | "{9E7F0753-4625-48B1-9F31-78740E8D2B3B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A38BFD50-6D38-4631-B38E-E0E65CE16D35}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A87C3932-FD90-48E1-9D6E-2A0623B880CB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B2FA3E1F-C8D0-4D2F-B73A-F9F54C993B5A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B5A2AFAE-0C20-4895-BE6B-D71D22D0A280}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B82921CB-E57D-4E9E-AADF-71E261A9A6FC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{B93622F6-00DB-42A1-8EE3-A099B56D0FF3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C39C9369-DF78-4BA3-B71E-AAEBCCC33157}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{C62E556D-FDDB-4D11-BBD0-27EB345024E6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CFE6DE30-FE46-4C60-B0B7-09C12C3214F0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{D0382548-599B-4EC3-AA72-4FF911238652}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D0FCCFD1-B4B6-4490-8EF9-03772980ADCF}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe | "{D7C9C8B1-27C4-4B3A-B867-D92303B5BBE1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E6281A08-83AE-4E62-8A1A-2C189B8D1BE7}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{E7D0E1A0-4980-4EA4-988B-91535C98AEB9}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "{F16C0BF0-249F-49AC-8DD9-D0ABEC0356E7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F96DE96F-5DF9-4A3F-B6A5-60D2EDFD6073}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FF72B9C4-AC99-49D5-A34D-FC57E67792B2}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe | "{FFAB5D2B-46FE-4A16-B379-DAAD861458F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{041019FA-75F9-474A-9FAA-70D9D09AD572}C:\program files\namo\webeditor 5\bin\webeditor.exe" = protocol=6 | dir=in | app=c:\program files\namo\webeditor 5\bin\webeditor.exe | "TCP Query User{365CE1A5-A5AD-4B7D-8CC0-D99CAA99876F}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | "TCP Query User{54C990AE-7E50-47FF-A22B-BAEF1122E2E6}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | "TCP Query User{AF822F73-6789-40F8-90AD-5923AC0DE504}C:\program files\namo\webeditor 5\bin\webeditor.exe" = protocol=6 | dir=in | app=c:\program files\namo\webeditor 5\bin\webeditor.exe | "UDP Query User{1CA052BD-FC25-4560-94BA-51FA71822E48}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | "UDP Query User{59694A48-2F3A-47F4-85A2-E5932FA03EA5}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | "UDP Query User{AC178D74-2902-4ECE-BD33-9DDBF7FA2509}C:\program files\namo\webeditor 5\bin\webeditor.exe" = protocol=17 | dir=in | app=c:\program files\namo\webeditor 5\bin\webeditor.exe | "UDP Query User{D4BBDBE1-8EC5-4E77-804D-214BDF1009CA}C:\program files\namo\webeditor 5\bin\webeditor.exe" = protocol=17 | dir=in | app=c:\program files\namo\webeditor 5\bin\webeditor.exe | [color="#E56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00160409-78E1-11D2-B60F-006097C998E7}" = Microsoft Outlook 2000 SR-1 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02609F1D-B398-4208-BE36-46323A1404F8}" = RapidFetcher "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive "{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure "{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(tm) 6 Update 22 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(tm) 6 Update 3 "{331F15D5-490D-4280-BDE6-5C0F295D8EE1}" = Rosetta Stone Homeschool "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4ABB4D92-0682-4887-A0BC-CE5F920DDD23}" = Watchtower Library 2009 - English "{4EF6FDB0-3B11-4820-9860-8E08E9965195}" = Snapfish Media Detector "{57729BE1-DE2C-45DB-9FFA-5C1949679B3E}" = Watchtower Library 2010 - English "{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0 "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92D34E42-4C6F-11D5-A76D-006008D256FF}" = Nancy Drew: Treasure in the Royal Tower "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7530020-7237-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.0 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin "{F0696CA8-CD01-4E27-BB5E-702CA0A9ED29}" = Namo WebEditor 5.5 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1D85517-6EAC-496A-965A-FA349036E74E}" = RehanFX Shader Transitions and Effects (ShaderTFX) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F75C4CC4-BF03-4002-BF9D-04D332BA4DC8}" = Zoo Vet "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "Acoustica Effects Pack" = Acoustica Effects Pack "Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5 "Acoustica Virtual Instrument Pianos" = Acoustica Virtual Instrument Pianos "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Aleks 3.11" = Aleks 3.11 "Aleks 3.9" = Aleks 3.9 "Audacity_is1" = Audacity 1.2.6 "Cakewalk Music Creator 2003" = Cakewalk Music Creator 2003 "Carbonite Setup Lite" = Carbonite Online Backup Setup "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP "Dell TM WLAN Card" = Dell TM WLAN Card "Disney Toontown Online" = Disney Toontown Online "DreamStation DXi2" = DreamStation DXi2 "Google Chrome" = Google Chrome "Google Updater" = Google Updater "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Photosmart Essential" = HP Photosmart Essential 2.0 "Inform 7" = Inform 7 "iSong" = iSong "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools "Pet Vet" = Pet Vet (remove only) "Pharaoh" = Pharaoh "Picasa 3" = Picasa 3 "RealPlayer 12.0" = RealPlayer "Sierra Utilities" = Sierra Utilities "Switch" = Switch Sound File Converter "TCVWIN32.exe" = Treasure Cove! CD "Typing Arcade" = Typing Arcade "WildTangent hpdesktop Master Uninstall" = My HP Games "Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection "Zoo Tycoon 2" = Zoo Tycoon 2 [color="#E56717"]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In [color="#E56717"]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 6/9/2010 4:07:47 PM | Computer Name = windeebrook-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 6/9/2010 7:05:35 PM | Computer Name = windeebrook-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 6/9/2010 7:36:10 PM | Computer Name = windeebrook-PC | Source = System Restore | ID = 8193 Description = Error - 6/9/2010 7:36:10 PM | Computer Name = windeebrook-PC | Source = System Restore | ID = 8210 Description = Error - 6/9/2010 7:41:34 PM | Computer Name = windeebrook-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 6/9/2010 8:21:14 PM | Computer Name = windeebrook-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 6/10/2010 8:42:53 PM | Computer Name = windeebrook-PC | Source = Google Update | ID = 20 Description = Error - 6/10/2010 9:11:58 PM | Computer Name = windeebrook-PC | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 6/11/2010 2:27:05 AM | Computer Name = windeebrook-PC | Source = Google Update | ID = 20 Description = Error - 6/11/2010 3:27:05 AM | Computer Name = windeebrook-PC | Source = Google Update | ID = 20 Description = [ System Events ] Error - 3/4/2011 8:11:12 PM | Computer Name = windeebrook-PC | Source = Service Control Manager | ID = 7024 Description = Error - 3/4/2011 8:13:48 PM | Computer Name = windeebrook-PC | Source = Service Control Manager | ID = 7022 Description = Error - 3/5/2011 2:55:21 AM | Computer Name = windeebrook-PC | Source = DCOM | ID = 10010 Description = Error - 3/5/2011 10:57:39 AM | Computer Name = windeebrook-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 11:55:53 PM on 3/4/2011 was unexpected. Error - 3/5/2011 10:58:20 AM | Computer Name = windeebrook-PC | Source = Service Control Manager | ID = 7000 Description = Error - 3/5/2011 10:58:20 AM | Computer Name = windeebrook-PC | Source = Service Control Manager | ID = 7000 Description = Error - 3/5/2011 10:58:20 AM | Computer Name = windeebrook-PC | Source = Service Control Manager | ID = 7026 Description = Error - 3/5/2011 11:02:04 AM | Computer Name = windeebrook-PC | Source = Service Control Manager | ID = 7022 Description = Error - 3/5/2011 11:04:31 AM | Computer Name = windeebrook-PC | Source = Service Control Manager | ID = 7024 Description = Error - 3/5/2011 11:07:44 AM | Computer Name = windeebrook-PC | Source = Service Control Manager | ID = 7022 Description = < End of report > Once again, I appreciate your help!
  5. Last week my wife was doing a search on Google. She clicked on a link and the computer screen said "Malware on computer" all over the screen. A download progress bar also appeared. She quickly turned off the computer, but it was to late. I started the computer in Safe Mode and did a restore point to three days before this happened. We then purchased and downloaded Ad-Aware Pro to our computer and performed a scan. The Ad-Aware screen disappeared after several hours of scanning, never revealing anything. I performed yet another scan. I told my wife to note what it found, as I was going to bed. The next day she said it found a Trojan, but she did not write down what kind. She said that Ad-Aware removed it, but I am still having problems: 1) The last full scan I did (the next day after Ad-Aware found the Trojan) took 4 hours, and then Ad-Aware disappeared. 2) Ad-Aware will not update after pressing the "Update" button 3) I pressed "Import Definitions" to try to update, and then Ad-Aware disappeared 4) I ran a scan in Safe Mode, and Ad-Aware will scan the same file for several minutes, it then disappears I performed a HiJackThis scan, and came up with the attached. If you would, please view my HiJackThis file and give me directions... I appreciate it!