sings2high

Members
 View Profile  See their activity

  • Content Count

    6

  • Joined

  • Last visited

Community Reputation

0 Neutral

About sings2high

  • Rank
    Newbie
  1. sings2high
    I still can't run dds, but I was able to run aswMBR and am posting the log. aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-12-16 20:42:10 ----------------------------- 20:42:10.435 OS Version: Windows 6.0.6002 Service Pack 2 20:42:10.435 Number of processors: 2 586 0x6802 20:42:10.437 ComputerName: RUTH-PC UserName: Ruth 20:42:25.453 Initialize success 20:43:13.461 AVAST engine defs: 11121603 20:43:48.127 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 20:43:48.131 Disk 0 Vendor: ST9200827AS 3.BHA Size: 190782MB BusType: 3 20:43:50.189 Disk 0 MBR read successfully 20:43:50.193 Disk 0 MBR scan 20:43:50.201 Disk 0 unknown MBR code 20:43:50.212 Disk 0 scanning sectors +390721952 20:43:51.959 Disk 0 scanning C:\Windows\system32\drivers 20:44:21.372 Service scanning 20:44:22.988 Modules scanning 20:44:29.685 Disk 0 trace - called modules: 20:44:29.705 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 20:44:29.710 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854366c8] 20:44:29.716 3 CLASSPNP.SYS[89fb08b3] -> nt!IofCallDriver -> [0x852798c8] 20:44:30.088 5 acpi.sys[8060e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85221958] 20:44:31.133 AVAST engine scan C:\Windows 20:44:33.510 AVAST engine scan C:\Windows\system32 20:48:23.011 AVAST engine scan C:\Windows\system32\drivers 20:48:37.644 AVAST engine scan C:\Users\Ruth 20:52:22.896 AVAST engine scan C:\ProgramData 20:55:38.590 Scan finished successfully 20:57:36.175 Disk 0 MBR has been saved successfully to "C:\Users\Ruth\Documents\MBR.dat" 20:57:36.184 The log file has been saved successfully to "C:\Users\Ruth\Documents\aswMBR.txt" aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-12-17 23:57:17 ----------------------------- 23:57:17.026 OS Version: Windows 6.0.6002 Service Pack 2 23:57:17.026 Number of processors: 2 586 0x6802 23:57:17.026 ComputerName: RUTH-PC UserName: Ruth 23:57:30.957 Initialize success 23:58:49.195 AVAST engine defs: 11121702 00:28:06.815 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 00:28:06.815 Disk 0 Vendor: ST9200827AS 3.BHA Size: 190782MB BusType: 3 00:28:08.875 Disk 0 MBR read successfully 00:28:08.890 Disk 0 MBR scan 00:28:08.890 Disk 0 unknown MBR code 00:28:08.906 Disk 0 scanning sectors +390721952 00:28:10.497 Disk 0 scanning C:\Windows\system32\drivers 00:28:20.387 Service scanning 00:28:21.729 Modules scanning 00:28:26.830 Disk 0 trace - called modules: 00:28:26.846 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 00:28:26.846 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858b8ac8] 00:28:26.846 3 CLASSPNP.SYS[89fb28b3] -> nt!IofCallDriver -> [0x8523d620] 00:28:27.361 5 acpi.sys[806096bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8527eb98] 00:28:28.016 AVAST engine scan C:\Windows 00:28:29.716 AVAST engine scan C:\Windows\system32 00:30:41.084 AVAST engine scan C:\Windows\system32\drivers 00:30:51.083 AVAST engine scan C:\Users\Ruth 00:32:50.221 AVAST engine scan C:\ProgramData 00:35:40.027 Scan finished successfully 00:40:35.943 Disk 0 MBR has been saved successfully to "C:\Users\Ruth\Documents\MBR.dat" 00:40:36.005 The log file has been saved successfully to "C:\Users\Ruth\Documents\aswMBR.txt"
  2. sings2high
    I've tried several times now, I can't get DDS to run. The hash marks go 3/4 of the way across the cmd window, then it stops. And everything stops. Then the only thing I can do is reboot. Is there another program I could use to scan it?
  3. sings2high
    Blade81 said: "Disable any script blocker, and then double click [b]dds file [/b]to run the tool." What are common names of script blockers? I am not sure what I have on this PC, was recently gifted to me.
  4. sings2high
    OTL Extras logfile created on: 12/17/2011 10:21:30 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ruth\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.87 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 47.84% Memory free 5.98 Gb Paging File | 4.73 Gb Available in Paging File | 79.24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 174.56 Gb Total Space | 106.86 Gb Free Space | 61.22% Space Free | Partition Type: NTFS Drive D: | 11.75 Gb Total Space | 1.97 Gb Free Space | 16.79% Space Free | Partition Type: NTFS Computer Name: RUTH-PC | User Name: Ruth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E32E79F-B75D-4F46-8563-60EAA6FC3694}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{11C8DC70-3736-4C5E-AA43-D49EAA46E75F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{11CF649A-B94A-4777-BBC2-B29FB89F961F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{1A5BC666-76F9-45E1-B4A7-4F82413A64FA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | "{2AE634D4-27B7-4ADC-ACE1-96E289E1A198}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{2E958892-613C-4401-9CB3-CC9A7A0ADD84}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{42FD1E9F-F740-4B28-9BBC-769ECFF092B0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | "{44DDAD75-8618-4ADC-8ED4-BB8261C28154}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{546AD6B1-720F-4731-A43C-0AA4E91742E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{5932C836-EDA5-4B52-8CE1-AA890058431A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{5D18A62D-113D-44B6-A906-B5238E2C66FA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{6435A5D5-321F-405F-AB32-F4CDD8884A4F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6449F940-E7BB-428E-976F-DE2C5DB233F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{68A7C35A-1F30-426F-BEC0-F2E2B8EC7C08}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{6B64F4F8-8A8D-48C4-8223-E5EBD0797141}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{71E69720-498E-4AC0-B143-D5C5E53EA1E4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{7DAAA77D-D339-4C00-A7D1-42881E692799}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{7EB085B8-344E-41CB-9D92-AB651F064199}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{7FB92001-4300-448E-9852-D2C639F9E4F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | "{863CC31C-3ACF-46D7-A987-7197A9FC264B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{882F142B-4C6F-4030-A893-17A3B5AC6677}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{8F03B19C-9297-4543-A09D-DE0F1BCA6733}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{93E83362-AA29-4059-A36B-D86D15B9079D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{9DA3012F-9B5C-4848-BAD4-8A261642E055}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | "{A79AA8F3-E437-42A4-8E8B-24D664449233}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | "{AF92B6E9-02ED-485F-8196-528D4296F852}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{B45744D4-86A4-4417-A215-719ED5DE9E9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{C6FD301A-F0B6-4269-95B2-C61EF5CA4226}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | "{CEB005FC-A593-403D-9E0F-B5D6D6CB7B01}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{D1D6E669-9DD7-4B12-8B84-4A3DF994AD90}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{DB761B37-344A-40E3-AD4B-33B7B9BED77B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{DF8163C0-25E8-48CA-A995-5C089558E008}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{F5FD2F6C-4959-4877-8963-91D77D16EACE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{F9FD7FDF-0D86-48DC-AAA8-A6DB5F810E12}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{FBB57381-1251-41E6-9DF0-DF14AD195C37}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "TCP Query User{970ACBAA-36DE-475A-AA72-D178CE7160FB}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{AF39A75C-C956-4F48-A9A7-8C41AD507805}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{1451479C-2331-43E3-A8C5-5D388EBE8969}" = EBSCO Publishing Download Manager "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1 "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player "{1D643CD0-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1 "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1 "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware "{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087 "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4 "{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C64E149-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95C2FBF3-4462-41E3-89DC-0F784387BD53}" = Family Lawyer 2004 "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1 "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor "{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant "{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1 "{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m "{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link "{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AIM_6" = AIM 6 "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149) "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MozBackup" = MozBackup 1.5.1 "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US) "Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0) "NVIDIA Drivers" = NVIDIA Drivers "Password Safe" = Password Safe "Shop for HP Supplies" = Shop for HP Supplies "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TomTom HOME" = TomTom HOME 2.8.2.2264 "ViewpointMediaPlayer" = Viewpoint Media Player "WildTangent hp Master Uninstall" = My HP Games "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 12/8/2011 3:36:52 PM | Computer Name = Ruth-PC | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 12/12/2011 9:19:41 PM | Computer Name = Ruth-PC | Source = Application Error | ID = 1000 Description = Faulting application hpqgpc01.exe, version 130.0.14.16, time stamp 0x49dd90d9, faulting module hpqgpc01.exe, version 130.0.14.16, time stamp 0x49dd90d9, exception code 0xc0000005, fault offset 0x0000a267, process id 0x1644, application start time 0x01ccaef715bd2918. Error - 12/13/2011 1:09:38 AM | Computer Name = Ruth-PC | Source = Application Hang | ID = 1002 Description = The program thunderbird.exe version 8.0.0.4326 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1044 Start Time: 01ccb3641d055238 Termination Time: 136 Error - 12/13/2011 3:42:47 PM | Computer Name = Ruth-PC | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 8.0.0.4325 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 680 Start Time: 01ccb87b20b05910 Termination Time: 339 Error - 12/16/2011 12:58:32 AM | Computer Name = Ruth-PC | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 12/16/2011 4:02:09 AM | Computer Name = Ruth-PC | Source = Windows Search Service | ID = 3006 Description = Error - 12/16/2011 4:02:10 AM | Computer Name = Ruth-PC | Source = Windows Search Service | ID = 3007 Description = Error - 12/16/2011 4:34:15 AM | Computer Name = Ruth-PC | Source = WinMgmt | ID = 10 Description = Error - 12/16/2011 3:17:32 PM | Computer Name = Ruth-PC | Source = WinMgmt | ID = 10 Description = Error - 12/16/2011 7:44:10 PM | Computer Name = Ruth-PC | Source = Application Error | ID = 1000 Description = Faulting application SDUpdate.exe, version 1.6.0.12, time stamp 0x2a425e19, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967, exception code 0xc0000005, fault offset 0x000bfea5, process id 0x14cc, application start time 0x01ccbc4c915d0d4f. [ System Events ] Error - 8/10/2011 12:21:54 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7000 Description = Error - 8/10/2011 12:22:20 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7009 Description = Error - 8/10/2011 12:22:20 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7000 Description = Error - 8/10/2011 12:23:07 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7009 Description = Error - 8/10/2011 12:23:07 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7000 Description = Error - 8/10/2011 12:23:53 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7009 Description = Error - 8/10/2011 12:23:53 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7000 Description = Error - 8/10/2011 9:08:34 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7000 Description = Error - 8/10/2011 9:11:13 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7011 Description = Error - 8/11/2011 11:39:08 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7000 Description = < End of report >
  5. sings2high
    OTL logfile created on: 12/17/2011 10:21:30 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ruth\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.87 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 47.84% Memory free 5.98 Gb Paging File | 4.73 Gb Available in Paging File | 79.24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 174.56 Gb Total Space | 106.86 Gb Free Space | 61.22% Space Free | Partition Type: NTFS Drive D: | 11.75 Gb Total Space | 1.97 Gb Free Space | 16.79% Space Free | Partition Type: NTFS Computer Name: RUTH-PC | User Name: Ruth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Ruth\Downloads\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\egrFltGUc9Arat.exe () PRC - C:\ProgramData\POLStitgmwobI.exe () PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\ProgramData\egrFltGUc9Arat.exe () MOD - C:\ProgramData\POLStitgmwobI.exe () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxslt.dll () MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll () MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll () MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll () MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll () MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll () MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (sbapifs) -- C:\WINDOWS\System32\drivers\sbapifs.sys (Sunbelt Software) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (CnxtHdAudService) -- C:\WINDOWS\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (athr) -- C:\WINDOWS\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.) DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC) DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wunderground.com/cgi-bin/findweather/hdfForecast?query=08312+-+Clayton%2C+NJ IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1418455&SearchSource=3&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.flylady.net/|http://classic.wunderground.com/cgi-bin/findweather/getForecast?query=08312&wuSelect=WEATHER" FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: [email protected]:4.5.2.0 FF - prefs.js..extensions.enabledItems: [email protected]:4.5 FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590 FF - prefs.js..extensions.enabledItems: [email protected]:1.2 FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101703&locale=en_US&apn_uid=73545EDE-2185-45D7-AEAD-D5E4407FAADD&apn_ptnrs=F3&apn_sauid=01E6FC1D-EC0C-4678-9645-A7743F1E55FD&apn_dtid=YYYYYYYYUS&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/24 08:41:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/09 13:36:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 21:10:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/29 19:41:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/09/01 13:08:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/24 08:41:20 | 000,000,000 | ---D | M] [2011/08/18 12:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Extensions [2011/08/18 12:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Extensions\[email protected] [2011/12/13 15:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions [2011/10/20 07:36:17 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2011/08/08 19:55:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/12/13 15:17:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/08/08 19:55:27 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2011/08/08 19:55:24 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions\[email protected] [2011/08/20 22:55:59 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions\[email protected] [2011/08/08 19:55:24 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions\[email protected] [2011/12/15 10:30:02 | 000,000,000 | ---D | M] ("Foxit PDF Creator Toolbar") -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions\[email protected] [2011/12/17 10:18:12 | 000,002,571 | ---- | M] () -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\searchplugins\askcom.xml [2007/07/21 10:23:32 | 000,002,386 | ---- | M] () -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\searchplugins\siteadvisor.xml [2011/11/09 21:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\USERS\RUTH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SG3UI63V.DEFAULT\EXTENSIONS\[email protected] [2011/11/09 21:10:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/09/19 10:39:39 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011/11/09 21:10:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [POLStitgmwobI.exe] C:\ProgramData\POLStitgmwobI.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5303E5E5-D779-49F4-B3BE-E1A7759CBAF0}: DhcpNameServer = 192.168.1.1 71.250.0.12 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp O24 - Desktop BackupWallPaper: C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/24 21:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/12/16 20:58:40 | 004,341,424 | ---- | C] (Swearware) -- C:\Users\Ruth\Desktop\ComboFix.exe [2011/12/16 18:21:59 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix [2011/12/16 18:19:06 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011/12/16 03:07:22 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/12/16 03:07:20 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/12/16 03:07:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/12/16 03:07:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/12/16 03:07:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/12/16 03:07:16 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/12/15 16:11:05 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/12/15 16:11:03 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011/12/15 16:11:01 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011/12/15 16:11:01 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011/12/15 16:10:54 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011/12/15 16:10:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011/12/12 22:13:29 | 000,000,000 | ---D | C] -- C:\Users\Ruth\Documents\My Scans [2011/11/29 19:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011/11/29 19:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011/11/29 19:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2011/11/29 19:34:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/12/17 09:43:16 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/17 09:43:16 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/17 09:11:09 | 000,001,085 | ---- | M] () -- C:\Users\Ruth\Desktop\Spybot - Search & Destroy.lnk [2011/12/17 08:32:55 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011/12/17 08:32:55 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011/12/16 22:21:06 | 000,617,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/12/16 22:21:06 | 000,108,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/12/16 21:55:46 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2011/12/16 21:43:32 | 000,135,568 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011/12/16 21:43:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/12/16 21:43:09 | 3085,815,808 | -HS- | M] () -- C:\hiberfil.sys [2011/12/16 20:58:29 | 004,341,424 | ---- | M] (Swearware) -- C:\Users\Ruth\Desktop\ComboFix.exe [2011/12/16 20:57:36 | 000,000,512 | ---- | M] () -- C:\Users\Ruth\Documents\MBR.dat [2011/12/16 18:23:42 | 000,000,456 | ---- | M] () -- C:\ProgramData\egrFltGUc9Arat [2011/12/16 18:22:01 | 000,000,304 | ---- | M] () -- C:\ProgramData\~egrFltGUc9Arat [2011/12/16 18:22:01 | 000,000,208 | ---- | M] () -- C:\ProgramData\~egrFltGUc9Aratr [2011/12/16 18:21:59 | 000,000,625 | ---- | M] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk [2011/12/16 18:21:59 | 000,000,601 | ---- | M] () -- C:\Users\Ruth\Desktop\System Fix.lnk [2011/12/16 18:21:49 | 000,350,472 | ---- | M] () -- C:\ProgramData\egrFltGUc9Arat.exe [2011/12/16 18:19:14 | 000,442,632 | ---- | M] () -- C:\ProgramData\POLStitgmwobI.exe [2011/12/16 03:33:27 | 000,333,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/12/16 03:30:22 | 000,000,042 | ---- | M] () -- C:\Users\Ruth\Documents\Home_pwsafe.plk [2011/12/12 17:25:31 | 000,000,680 | ---- | M] () -- C:\Users\Ruth\AppData\Local\d3d9caps.dat [2011/12/11 17:42:10 | 010,559,488 | ---- | M] () -- C:\Users\Ruth\Documents\My Money.mny [2011/12/03 11:04:17 | 000,008,392 | ---- | M] () -- C:\Users\Ruth\Documents\Home_pwsafe.psafe3 [2011/12/03 11:02:03 | 000,008,312 | ---- | M] () -- C:\Users\Ruth\Documents\Home_pwsafe.ibak [2011/11/29 19:49:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011/11/29 19:41:36 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011/11/23 08:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/12/16 20:57:36 | 000,000,512 | ---- | C] () -- C:\Users\Ruth\Documents\MBR.dat [2011/12/16 20:39:05 | 000,002,152 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk [2011/12/16 20:39:05 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk [2011/12/16 20:39:05 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\MSN.lnk [2011/12/16 20:39:05 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\My HP Games.lnk [2011/12/16 20:39:05 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Launch Slingbox Flash Tour.lnk [2011/12/16 20:39:05 | 000,001,907 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2011/12/16 20:39:05 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011/12/16 20:39:05 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2011/12/16 20:39:05 | 000,001,883 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird (2).lnk [2011/12/16 20:39:05 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\HP Help and Support.lnk [2011/12/16 20:39:05 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk [2011/12/16 20:39:05 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Internet & Digital Services.lnk [2011/12/16 20:39:05 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2011/12/16 20:39:05 | 000,001,614 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk [2011/12/16 20:39:05 | 000,001,537 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk [2011/12/16 20:39:05 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2011/12/16 20:39:05 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Money 2004.lnk [2011/12/16 20:39:05 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2011/12/16 20:39:05 | 000,000,943 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/12/16 20:39:05 | 000,000,938 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2011/12/16 20:39:05 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011/12/16 20:39:05 | 000,000,870 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/12/16 20:39:05 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/12/16 20:39:05 | 000,000,846 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk [2011/12/16 20:39:05 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk [2011/12/16 20:39:05 | 000,000,625 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk [2011/12/16 20:39:05 | 000,000,258 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2011/12/16 20:39:05 | 000,000,240 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2011/12/16 20:39:05 | 000,000,159 | ---- | C] () -- C:\Users\Public\Desktop\MSN Money.url [2011/12/16 20:38:55 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011/12/16 20:38:55 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011/12/16 20:38:48 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk [2011/12/16 20:38:48 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk [2011/12/16 20:38:48 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk [2011/12/16 20:38:48 | 000,001,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2011/12/16 20:38:48 | 000,001,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk [2011/12/16 20:38:48 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk [2011/12/16 20:38:48 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011/12/16 20:38:48 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011/12/16 20:38:48 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk [2011/12/16 20:38:48 | 000,001,769 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPlay Manager.lnk [2011/12/16 20:38:48 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk [2011/12/16 20:38:48 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk [2011/12/16 20:38:48 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2011/12/16 20:38:48 | 000,001,728 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPlay.lnk [2011/12/16 20:38:48 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk [2011/12/16 20:38:48 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011/12/16 20:38:48 | 000,001,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Money 2004.lnk [2011/12/16 20:38:48 | 000,001,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk [2011/12/16 20:38:48 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011/12/16 20:38:48 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk [2011/12/16 20:38:48 | 000,000,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url [2011/12/16 18:22:01 | 000,000,304 | ---- | C] () -- C:\ProgramData\~egrFltGUc9Arat [2011/12/16 18:22:01 | 000,000,208 | ---- | C] () -- C:\ProgramData\~egrFltGUc9Aratr [2011/12/16 18:21:59 | 000,000,601 | ---- | C] () -- C:\Users\Ruth\Desktop\System Fix.lnk [2011/12/16 18:21:55 | 000,000,456 | ---- | C] () -- C:\ProgramData\egrFltGUc9Arat [2011/12/16 18:21:49 | 000,350,472 | ---- | C] () -- C:\ProgramData\egrFltGUc9Arat.exe [2011/12/16 18:19:16 | 000,442,632 | ---- | C] () -- C:\ProgramData\POLStitgmwobI.exe [2011/10/29 22:53:58 | 000,000,680 | ---- | C] () -- C:\Users\Ruth\AppData\Local\d3d9caps.dat [2011/09/15 12:08:29 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2011/08/24 08:24:31 | 000,205,118 | ---- | C] () -- C:\Windows\hpwins26.dat [2011/08/10 21:26:15 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011/08/10 21:26:15 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011/08/07 20:58:10 | 000,135,568 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011/08/07 20:58:09 | 000,135,568 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011/08/07 06:50:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011/08/07 06:50:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011/08/07 01:16:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/08/18 01:31:57 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat [2008/08/21 04:05:33 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008/08/21 04:01:54 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008/04/24 21:38:18 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 07:47:37 | 000,333,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 05:33:01 | 000,617,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 05:33:01 | 000,108,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [color=#E56717]========== LOP Check ==========[/color] [2011/08/10 21:55:16 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\OpenOffice.org [2011/08/08 17:51:04 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Thunderbird [2011/08/18 11:59:58 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\TomTom [2011/08/09 19:46:14 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\WildTangent [2011/12/16 21:41:59 | 000,032,200 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 1159 bytes -> C:\Users\Ruth\Desktop\FlyLady Repost Laundry Solution Wardrobe Simplification.eml:OECustomProperty < End of report >
  6. sings2high
    My computer was infected last night with the System Fix virus. I have been trying ever since to get rid of it. What I've done so far: Unhide: Downloaded and ran this and it worked. When I updated my SpyBot, it required a restart. When I rebooted, things disappeared again, I ran unhide again, it worked but I'm still missing things from my start menu. aswMBR: downloaded and clicked on the .exe file but could not see that it did anything. Where would it put the log file if it created one? and what would it be named? Ad-aware: it updates itself every day at 1 am, but I ran an update just to be sure, ran a full scan, it found nothing. SpyBot: updated definitions file last night, and again this morning. Ran a scan and found 2 problems which it could not remove. It told me that I was not running as an administrator. However, Control Panel/User Accounts shows me as an administrator, in fact, there is only one account set up on this computer - mine and it is clearly labeled "administrator". Downloaded Combofix, but I haven't dared use it. What should I do next?