Sign in to follow this  
Originalgum@gmail.com

Please help computer infected

Recommended Posts

Last week my wife was doing a search on Google. She clicked on a link and the computer screen said "Malware on computer" all over the screen. A download progress bar also appeared. She quickly turned off the computer, but it was to late.
I started the computer in Safe Mode and did a restore point to three days before this happened. We then purchased and downloaded Ad-Aware Pro to our computer and performed a scan. The Ad-Aware screen disappeared after several hours of scanning, never revealing anything. I performed yet another scan. I told my wife to note what it found, as I was going to bed. The next day she said it found a Trojan, but she did not write down what kind. She said that Ad-Aware removed it, but I am still having problems:

1) The last full scan I did (the next day after Ad-Aware found the Trojan) took 4 hours, and then Ad-Aware disappeared.
2) Ad-Aware will not update after pressing the "Update" button
3) I pressed "Import Definitions" to try to update, and then Ad-Aware disappeared
4) I ran a scan in Safe Mode, and Ad-Aware will scan the same file for several minutes, it then disappears

I performed a HiJackThis scan, and came up with the attached.

If you would, please view my HiJackThis file and give me directions... I appreciate it! ^_^

Share this post


Link to post
Share on other sites
Hi Originalgum,

Welcome to the Lavasoft Support Forums ^_^

[list]
[*]Download [url="http://oldtimer.geekstogo.com/OTL.exe"][b][color="#FF0000"]OTL[/color][/b][/url] to your desktop.
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]When the window appears, underneath [u][b]Output[/b][/u] at the top change it to [b]Minimal Output[/b].
[*]Check the boxes beside [b]LOP Check[/b] and [b]Purity Check[/b].
[*]Click the [u][color="#0000FF"][b]Run Scan[/b][/color][/u] button. Do not change any settings unless otherwise told to do so. The scan wont take long.[list]
[*]When the scan completes, it will open two notepad windows. [b]OTL.Txt[/b] and [b]Extras.Txt[/b]. These are saved in the same location as OTL.
[*]Please copy [b](Edit->Select All, Edit->Copy)[/b] the contents of these files, one at a time, and post it with your next reply.
[/list]
[/list]

Share this post


Link to post
Share on other sites
Hello, SpySentinel... I appreciate your help...! I did as you requested, and the following reports were given:

OTL logfile created on: 3/5/2011 12:43:09 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\windeebrook\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 407.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.67 Gb Total Space | 35.19 Gb Free Space | 25.02% Space Free | Partition Type: NTFS
Drive D: | 8.38 Gb Total Space | 0.00 Gb Free Space | 0.03% Space Free | Partition Type: NTFS

Computer Name: WINDEEBROOK-PC | User Name: windeebrook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color="#E56717"]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\windeebrook\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\WINDOWS\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


[color="#E56717"]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\windeebrook\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


[color="#E56717"]========== Win32 Services (SafeList) ==========[/color]

SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\WINDOWS\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\WINDOWS\WindowsMobile\rapimgr.dll (Microsoft Corporation)


[color="#E56717"]========== Driver Services (SafeList) ==========[/color]

DRV - (SBRE) -- C:\WINDOWS\System32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (sbapifs) -- C:\WINDOWS\System32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (winusb) -- C:\WINDOWS\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)


[color="#E56717"]========== Standard Registry (SafeList) ==========[/color]


[color="#E56717"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop[/url]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.att.net/"]http://www.att.net/[/url]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/11/07 20:50:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\windeebrook\AppData\Roaming\Mozilla\Extensions
[2009/08/06 20:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\windeebrook\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\WINDOWS\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Users\windeebrook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O4 - Startup: C:\Users\windeebrook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Dogz 5 - Catz 5 Compilation Jewelcase.LNK = File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries00000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [url="http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab"]http://upload.facebook.com/controls/2008.1...toUploader5.cab[/url] (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [url="http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab"]http://download.microsoft.com/download/E/5...heckControl.cab[/url] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} [url="http://picasaweb.google.com/s/v/63.16/uploader2.cab"]http://picasaweb.google.com/s/v/63.16/uploader2.cab[/url] (UploadListView Class)
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} [url="http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab"]http://www.worldwinner.com/games/v47/solit...litairerush.cab[/url] (SolitaireRush Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} [url="https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab"]https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab[/url] (SysData Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [url="http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab"]http://cdn.smugmug.com/photos/activex/Imag....1.0-082608.cab[/url] (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [url="http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab"]http://upload.facebook.com/controls/2009.0...oUploader55.cab[/url] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} [url="http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab"]http://picture.vzw.com/activex/VerizonWire...loadControl.cab[/url] (Verizon Wireless Media Upload)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [url="http://www.worldwinner.com/games/shared/wwlaunch.cab"]http://www.worldwinner.com/games/shared/wwlaunch.cab[/url] (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_22)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} [url="http://www.shockwave.com/content/dinerdashfloonthego/sis/ddfotg.1.0.0.33.cab"]http://www.shockwave.com/content/dinerdash...tg.1.0.0.33.cab[/url] (CPlayFirstddfotgControl Object)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} [url="http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab"]http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab[/url] (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_22)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [url="http://www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab"]http://www.shockwave.com/content/insaniqua...ploader_v10.cab[/url] (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.165.129.158
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\windeebrook\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\windeebrook\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/10 12:00:25 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color="#E56717"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/03/05 12:38:18 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\windeebrook\Desktop\OTL.exe
[2011/03/04 17:00:11 | 000,000,000 | ---D | C] -- C:\Users\windeebrook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/03/04 17:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/04 16:57:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\windeebrook\HijackThis.exe
[2011/03/04 16:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011/02/23 11:44:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/23 11:39:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/02/23 11:37:40 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/02/23 11:37:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/02/23 11:37:39 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/02/23 11:37:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/02/23 11:37:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/02/23 11:37:23 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/02/23 11:37:23 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/02/23 11:37:23 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/02/23 11:37:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/02/23 11:37:21 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/02/23 11:36:50 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/02/23 11:36:49 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/02/23 11:36:49 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/02/23 11:36:49 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/02/23 11:36:48 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/02/21 22:00:28 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/02/21 21:25:35 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/02/21 21:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/02/21 20:30:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/02/20 18:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\hPiMmEe12900
[2011/02/09 15:34:18 | 000,000,000 | ---D | C] -- C:\Users\windeebrook\pmic_prod_data
[2011/02/09 15:28:17 | 000,000,000 | ---D | C] -- C:\Users\windeebrook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Physicians Mutual Quoting Software
[2011/02/09 15:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Physicians Mutual Quoting Software
[2011/02/09 15:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\PMIC
[2011/02/09 10:18:21 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/09 10:18:21 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/09 10:18:21 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/09 10:18:21 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/09 10:18:21 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/09 10:18:21 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/09 10:18:21 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/09 10:18:20 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/09 10:18:20 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/09 10:18:20 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/09 10:18:20 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/09 10:18:19 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/09 10:18:19 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/09 10:18:19 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/09 10:18:19 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/09 10:18:18 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/09 10:18:18 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/09 10:18:18 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/09 10:18:17 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/09 10:18:16 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/09 10:18:16 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/09 10:18:12 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/09 10:18:12 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/09 10:18:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/09 10:17:38 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 10:17:33 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 10:17:32 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 10:17:21 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/09 10:17:21 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 10:17:20 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 10:17:20 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 10:17:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 10:17:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 10:17:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/09 10:17:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/09 10:17:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/09 10:17:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/02/09 10:17:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/02/09 10:17:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 10:17:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 10:17:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/09 10:17:18 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 10:17:18 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/09 10:17:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/09 10:14:53 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 10:14:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[color="#E56717"]========== Files - Modified Within 30 Days ==========[/color]

[2011/03/05 12:38:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\windeebrook\Desktop\OTL.exe
[2011/03/05 12:37:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/05 11:57:44 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 11:57:44 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 10:21:13 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/03/05 09:37:39 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2011/03/05 08:04:42 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2011/03/05 08:04:42 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2011/03/05 08:04:42 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2011/03/05 07:57:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/05 07:57:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/05 07:57:35 | 938,008,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/04 18:00:03 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/03/04 17:05:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/03/04 17:00:12 | 000,001,960 | ---- | M] () -- C:\Users\windeebrook\Desktop\HiJackThis.lnk
[2011/03/04 16:57:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\windeebrook\HijackThis.exe
[2011/03/04 16:57:02 | 001,402,880 | ---- | M] () -- C:\Users\windeebrook\HiJackThis.msi
[2011/03/04 14:44:50 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B7577864-14A8-4732-B869-73A50D27BB98}.job
[2011/03/04 14:28:47 | 000,003,433 | ---- | M] () -- C:\Users\windeebrook\Documents\Supplemental Funding Request for 2011.rtf
[2011/03/01 09:54:08 | 000,013,824 | ---- | M] () -- C:\Users\windeebrook\Documents\Scrub Cleaning.xlr
[2011/03/01 09:54:08 | 000,011,300 | ---- | M] () -- C:\Users\windeebrook\AppData\Roaming\wklnhst.dat
[2011/02/28 19:52:03 | 000,022,139 | ---- | M] () -- C:\Users\windeebrook\Documents\Colorado Fair Debt Collection Practices Stautes.rtf
[2011/02/21 22:00:21 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/02/21 22:00:18 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/02/21 21:23:24 | 000,001,037 | ---- | M] () -- C:\Users\windeebrook\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/02/21 21:23:24 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/02/21 21:04:56 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/02/21 21:04:56 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/02/20 19:13:39 | 000,010,375 | ---- | M] () -- C:\Users\windeebrook\Documents\credit card suit info.rtf
[2011/02/16 15:06:58 | 000,010,752 | ---- | M] () -- C:\Users\windeebrook\Documents\Megs talk 021711.wps
[2011/02/16 14:44:37 | 000,001,779 | ---- | M] () -- C:\Users\windeebrook\Desktop\Microsoft Works Word Processor.lnk
[2011/02/11 13:10:43 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/11 13:10:43 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/10 21:32:28 | 000,368,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/10 19:58:17 | 000,001,287 | ---- | M] () -- C:\Users\windeebrook\Documents\Grassclan 2 cats.rtf
[2011/02/09 15:28:17 | 000,001,649 | ---- | M] () -- C:\Users\windeebrook\Desktop\Physicians Mutual Quoting.lnk
[2011/02/09 14:56:49 | 000,317,519 | ---- | M] () -- C:\Users\windeebrook\Desktop\Montrose App Michael.pdf
[2011/02/09 14:15:52 | 000,283,081 | ---- | M] () -- C:\Users\windeebrook\Desktop\Montrose Application.pdf
[2011/02/08 12:36:32 | 002,075,462 | ---- | M] () -- C:\Users\windeebrook\Documents\Mavis.rtf

[color="#E56717"]========== Files Created - No Company Name ==========[/color]

[2011/03/05 08:04:37 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2011/03/05 08:04:37 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2011/03/05 08:04:37 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2011/03/05 08:04:36 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2011/03/04 17:00:11 | 000,001,960 | ---- | C] () -- C:\Users\windeebrook\Desktop\HiJackThis.lnk
[2011/03/04 16:56:33 | 001,402,880 | ---- | C] () -- C:\Users\windeebrook\HiJackThis.msi
[2011/03/04 14:03:12 | 000,003,433 | ---- | C] () -- C:\Users\windeebrook\Documents\Supplemental Funding Request for 2011.rtf
[2011/03/04 12:52:18 | 938,008,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/01 09:54:08 | 000,013,824 | ---- | C] () -- C:\Users\windeebrook\Documents\Scrub Cleaning.xlr
[2011/02/28 19:00:43 | 000,022,139 | ---- | C] () -- C:\Users\windeebrook\Documents\Colorado Fair Debt Collection Practices Stautes.rtf
[2011/02/23 11:36:56 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/23 11:36:55 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/23 11:36:55 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/21 21:23:24 | 000,001,037 | ---- | C] () -- C:\Users\windeebrook\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/02/21 21:23:24 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/02/20 18:31:02 | 000,010,375 | ---- | C] () -- C:\Users\windeebrook\Documents\credit card suit info.rtf
[2011/02/16 15:06:58 | 000,010,752 | ---- | C] () -- C:\Users\windeebrook\Documents\Megs talk 021711.wps
[2011/02/16 14:44:37 | 000,001,779 | ---- | C] () -- C:\Users\windeebrook\Desktop\Microsoft Works Word Processor.lnk
[2011/02/14 19:28:22 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/02/14 19:28:21 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/02/09 15:28:17 | 000,001,649 | ---- | C] () -- C:\Users\windeebrook\Desktop\Physicians Mutual Quoting.lnk
[2011/02/09 14:56:48 | 000,317,519 | ---- | C] () -- C:\Users\windeebrook\Desktop\Montrose App Michael.pdf
[2011/02/09 14:15:51 | 000,283,081 | ---- | C] () -- C:\Users\windeebrook\Desktop\Montrose Application.pdf
[2011/02/08 16:50:52 | 000,001,287 | ---- | C] () -- C:\Users\windeebrook\Documents\Grassclan 2 cats.rtf
[2011/02/08 12:36:31 | 002,075,462 | ---- | C] () -- C:\Users\windeebrook\Documents\Mavis.rtf
[2010/08/12 15:43:35 | 000,000,000 | ---- | C] () -- C:\Windows\game.INI
[2010/06/17 06:20:31 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/06/17 06:07:45 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/10 11:33:49 | 000,000,069 | ---- | C] () -- C:\Windows\wininit.ini
[2009/11/21 14:02:52 | 000,000,106 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2009/10/06 15:28:16 | 000,000,998 | ---- | C] () -- C:\Windows\EReg515.dat
[2009/10/06 15:25:17 | 000,000,185 | ---- | C] () -- C:\Windows\disney.ini
[2009/09/28 17:56:07 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2009/09/19 07:00:54 | 000,000,022 | -H-- | C] () -- C:\Users\windeebrook\AppData\Local\xftredahs.dat
[2009/09/18 16:02:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 16:02:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/25 19:24:19 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/03/08 12:14:41 | 000,000,552 | ---- | C] () -- C:\Users\windeebrook\AppData\Local\d3d8caps.dat
[2009/03/07 16:49:51 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2009/01/02 13:18:08 | 000,000,593 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/12/06 15:39:12 | 000,081,408 | ---- | C] () -- C:\Users\windeebrook\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/06 11:22:59 | 000,011,300 | ---- | C] () -- C:\Users\windeebrook\AppData\Roaming\wklnhst.dat
[2008/12/06 10:14:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/18 12:08:17 | 000,031,007 | ---- | C] () -- C:\Users\windeebrook\AppData\Roaming\UserTile.png
[2008/11/06 04:40:12 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/05/10 11:43:11 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/05/10 11:22:23 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/05/10 11:19:48 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/05/10 11:19:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 01:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 07:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 07:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:44:53 | 000,368,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 03:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997/06/13 18:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

[color="#E56717"]========== LOP Check ==========[/color]

[2009/07/26 14:38:05 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Acoustica
[2009/07/23 16:53:34 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Canneverbe_Limited
[2010/02/08 21:55:06 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/02/24 14:44:07 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\DriverCure
[2010/02/09 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Facebook
[2009/11/08 22:46:10 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Hotbar
[2009/08/06 21:05:52 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\LimeWire
[2009/03/07 16:21:52 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\muvee Technologies
[2010/06/17 05:54:33 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Namco
[2009/08/02 14:01:34 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\NCH Swift Sound
[2009/09/17 20:10:38 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\proDAD
[2008/11/06 03:37:02 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Snapfish
[2008/12/06 11:26:17 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Template
[2010/09/17 18:41:30 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Titanium
[2010/12/30 14:15:43 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\Watchtower
[2009/11/08 22:46:06 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\WeatherDPA
[2009/02/17 17:05:45 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\WildTangent
[2008/11/07 11:46:53 | 000,000,000 | ---D | M] -- C:\Users\windeebrook\AppData\Roaming\WinBatch
[2011/03/05 08:04:42 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011/03/05 08:04:42 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011/03/05 09:37:39 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2011/03/05 08:04:42 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2011/02/02 04:17:17 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2011/03/04 18:00:03 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/05/08 03:29:03 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2011/03/04 17:05:38 | 000,032,636 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2011/03/04 14:44:50 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B7577864-14A8-4732-B869-73A50D27BB98}.job

[color="#E56717"]========== Purity Check ==========[/color]



[color="#E56717"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 76 bytes -> C:\Users\windeebrook\Documents\LittleBritchesRoxio.dmsd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\windeebrook\Documents\Carnival Cruise The Elation.dmsd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\windeebrook\Documents\anniversary gift 10109.dmsd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\windeebrook\Documents\3xc.dmsd:Roxio EMC Stream
@Alternate Data Stream - 64 bytes -> C:\Users\windeebrook\Desktop\LBRodeoMusic1.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\windeebrook\Desktop\iasn_E_126.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\windeebrook\Desktop\iasn_E_027.mp3:TOC.WMV
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:FAC5BCF5
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:522EA216
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1CD23587

< End of report >

OTL Extras logfile created on: 3/5/2011 12:43:09 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\windeebrook\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 407.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.67 Gb Total Space | 35.19 Gb Free Space | 25.02% Space Free | Partition Type: NTFS
Drive D: | 8.38 Gb Total Space | 0.00 Gb Free Space | 0.03% Space Free | Partition Type: NTFS

Computer Name: WINDEEBROOK-PC | User Name: windeebrook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color="#E56717"]========== Extra Registry (SafeList) ==========[/color]


[color="#E56717"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[color="#E56717"]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color="#E56717"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color="#E56717"]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color="#E56717"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


[color="#E56717"]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20D4B5DE-9DEA-4AC0-B277-A1F65F7E6C85}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{327F3783-D9B2-4356-8153-B98D07508821}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8C8F3A82-C6DB-4376-8D75-B68F51871533}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C416B2E-C997-44E8-85D3-3458713DD7AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE56B8AA-88F1-4D6F-A67D-FB146EE507C7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BDD272AB-DA58-4383-83FB-D0FB98CA98CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D85B96CE-5441-4D36-9684-FD922818252C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FE18083F-BFCC-4E05-B09B-18A8938A89D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

[color="#E56717"]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050EF8A8-5B40-42DB-8053-1F34617439BA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0BAA5EED-C417-4FFE-A098-E2C8B5FADDA2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0EEB178F-1537-4FBA-AAC8-E6F047654F02}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{21C042E9-8F4D-4046-980E-4F45283AC8F2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{46C2C152-FAA4-4884-B309-2AF9A03DB09B}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{50A23EED-45A3-43BD-A4F2-A437B4984E3E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5D25158C-88FB-4D52-BFE3-F10F6F6EEF4E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5E970ADA-6874-424E-BB5E-2CD7EED3DCCD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5F492DF9-3E76-42E6-973A-8083AE42F792}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{61D8597E-437D-43DD-89CC-62F487F13081}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6A3B31DE-424F-42C1-972E-84FF1D4A13DF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{72E3E79A-7A06-4D50-8174-3579CDF03F12}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{77070086-7902-4B9D-8FD1-42191BA4FD61}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{7E503ED5-6D54-4F93-AE61-81ACA3E2E9D7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9128E1E3-4108-43B9-BBE2-C092D072CF22}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{9E7F0753-4625-48B1-9F31-78740E8D2B3B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A38BFD50-6D38-4631-B38E-E0E65CE16D35}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A87C3932-FD90-48E1-9D6E-2A0623B880CB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B2FA3E1F-C8D0-4D2F-B73A-F9F54C993B5A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B5A2AFAE-0C20-4895-BE6B-D71D22D0A280}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B82921CB-E57D-4E9E-AADF-71E261A9A6FC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B93622F6-00DB-42A1-8EE3-A099B56D0FF3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C39C9369-DF78-4BA3-B71E-AAEBCCC33157}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C62E556D-FDDB-4D11-BBD0-27EB345024E6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CFE6DE30-FE46-4C60-B0B7-09C12C3214F0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D0382548-599B-4EC3-AA72-4FF911238652}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D0FCCFD1-B4B6-4490-8EF9-03772980ADCF}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{D7C9C8B1-27C4-4B3A-B867-D92303B5BBE1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E6281A08-83AE-4E62-8A1A-2C189B8D1BE7}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E7D0E1A0-4980-4EA4-988B-91535C98AEB9}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{F16C0BF0-249F-49AC-8DD9-D0ABEC0356E7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F96DE96F-5DF9-4A3F-B6A5-60D2EDFD6073}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FF72B9C4-AC99-49D5-A34D-FC57E67792B2}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{FFAB5D2B-46FE-4A16-B379-DAAD861458F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{041019FA-75F9-474A-9FAA-70D9D09AD572}C:\program files\namo\webeditor 5\bin\webeditor.exe" = protocol=6 | dir=in | app=c:\program files\namo\webeditor 5\bin\webeditor.exe |
"TCP Query User{365CE1A5-A5AD-4B7D-8CC0-D99CAA99876F}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{54C990AE-7E50-47FF-A22B-BAEF1122E2E6}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{AF822F73-6789-40F8-90AD-5923AC0DE504}C:\program files\namo\webeditor 5\bin\webeditor.exe" = protocol=6 | dir=in | app=c:\program files\namo\webeditor 5\bin\webeditor.exe |
"UDP Query User{1CA052BD-FC25-4560-94BA-51FA71822E48}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{59694A48-2F3A-47F4-85A2-E5932FA03EA5}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{AC178D74-2902-4ECE-BD33-9DDBF7FA2509}C:\program files\namo\webeditor 5\bin\webeditor.exe" = protocol=17 | dir=in | app=c:\program files\namo\webeditor 5\bin\webeditor.exe |
"UDP Query User{D4BBDBE1-8EC5-4E77-804D-214BDF1009CA}C:\program files\namo\webeditor 5\bin\webeditor.exe" = protocol=17 | dir=in | app=c:\program files\namo\webeditor 5\bin\webeditor.exe |

[color="#E56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00160409-78E1-11D2-B60F-006097C998E7}" = Microsoft Outlook 2000 SR-1
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02609F1D-B398-4208-BE36-46323A1404F8}" = RapidFetcher
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(tm) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(tm) 6 Update 3
"{331F15D5-490D-4280-BDE6-5C0F295D8EE1}" = Rosetta Stone Homeschool
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ABB4D92-0682-4887-A0BC-CE5F920DDD23}" = Watchtower Library 2009 - English
"{4EF6FDB0-3B11-4820-9860-8E08E9965195}" = Snapfish Media Detector
"{57729BE1-DE2C-45DB-9FFA-5C1949679B3E}" = Watchtower Library 2010 - English
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D34E42-4C6F-11D5-A76D-006008D256FF}" = Nancy Drew: Treasure in the Royal Tower
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7530020-7237-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0696CA8-CD01-4E27-BB5E-702CA0A9ED29}" = Namo WebEditor 5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D85517-6EAC-496A-965A-FA349036E74E}" = RehanFX Shader Transitions and Effects (ShaderTFX)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F75C4CC4-BF03-4002-BF9D-04D332BA4DC8}" = Zoo Vet
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5
"Acoustica Virtual Instrument Pianos" = Acoustica Virtual Instrument Pianos
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Aleks 3.11" = Aleks 3.11
"Aleks 3.9" = Aleks 3.9
"Audacity_is1" = Audacity 1.2.6
"Cakewalk Music Creator 2003" = Cakewalk Music Creator 2003
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Dell TM WLAN Card" = Dell TM WLAN Card
"Disney Toontown Online" = Disney Toontown Online
"DreamStation DXi2" = DreamStation DXi2
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Inform 7" = Inform 7
"iSong" = iSong
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Pet Vet" = Pet Vet (remove only)
"Pharaoh" = Pharaoh
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"Sierra Utilities" = Sierra Utilities
"Switch" = Switch Sound File Converter
"TCVWIN32.exe" = Treasure Cove! CD
"Typing Arcade" = Typing Arcade
"WildTangent hpdesktop Master Uninstall" = My HP Games
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
"Zoo Tycoon 2" = Zoo Tycoon 2

[color="#E56717"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

[color="#E56717"]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 6/9/2010 4:07:47 PM | Computer Name = windeebrook-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/9/2010 7:05:35 PM | Computer Name = windeebrook-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/9/2010 7:36:10 PM | Computer Name = windeebrook-PC | Source = System Restore | ID = 8193
Description =

Error - 6/9/2010 7:36:10 PM | Computer Name = windeebrook-PC | Source = System Restore | ID = 8210
Description =

Error - 6/9/2010 7:41:34 PM | Computer Name = windeebrook-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/9/2010 8:21:14 PM | Computer Name = windeebrook-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/10/2010 8:42:53 PM | Computer Name = windeebrook-PC | Source = Google Update | ID = 20
Description =

Error - 6/10/2010 9:11:58 PM | Computer Name = windeebrook-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 6/11/2010 2:27:05 AM | Computer Name = windeebrook-PC | Source = Google Update | ID = 20
Description =

Error - 6/11/2010 3:27:05 AM | Computer Name = windeebrook-PC | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 3/4/2011 8:11:12 PM | Computer Name = windeebrook-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 3/4/2011 8:13:48 PM | Computer Name = windeebrook-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/5/2011 2:55:21 AM | Computer Name = windeebrook-PC | Source = DCOM | ID = 10010
Description =

Error - 3/5/2011 10:57:39 AM | Computer Name = windeebrook-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:55:53 PM on 3/4/2011 was unexpected.

Error - 3/5/2011 10:58:20 AM | Computer Name = windeebrook-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/5/2011 10:58:20 AM | Computer Name = windeebrook-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/5/2011 10:58:20 AM | Computer Name = windeebrook-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/5/2011 11:02:04 AM | Computer Name = windeebrook-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/5/2011 11:04:31 AM | Computer Name = windeebrook-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 3/5/2011 11:07:44 AM | Computer Name = windeebrook-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

Once again, I appreciate your help! ^_^

Share this post


Link to post
Share on other sites
Hi Originalgum,

You're welcome :)


[b]Run OTL.exe[/b][list]
[*]Under the [color="#0000FF"][b]Custom Scans/Fixes[/b][/color] box at the bottom, paste in the following
[code]&#58;OTL
O4 - HKLM..\Run&#58; &#91;&#93; File not found
O4 - HKCU..\RunOnce&#58; &#91;Shockwave Updater&#93; File not found
O4 - Startup&#58; C&#58;\Users\windeebrook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Dogz 5 - Catz 5 Compilation Jewelcase.LNK = File not found
@Alternate Data Stream - 127 bytes -> C&#58;\ProgramData\TEMP&#58;FAC5BCF5
@Alternate Data Stream - 121 bytes -> C&#58;\ProgramData\TEMP&#58;522EA216
@Alternate Data Stream - 111 bytes -> C&#58;\ProgramData\TEMP&#58;1CD23587

&#58;Commands
&#91;purity&#93;
&#91;resethosts&#93;
&#91;emptytemp&#93;
&#91;EMPTYFLASH&#93;
&#91;CREATERESTOREPOINT&#93;
&#91;Reboot&#93;[/code]
[*]Then click the [color="#FF0000"][b]Run Fix[/b][/color] button at the top
[*]Let the program run unhindered, reboot when it is done
[/list]

Share this post


Link to post
Share on other sites
Hello, SpySentinel... Hope your day went well. I performed the fix as instructed, and rebooted my machine. I am not sure, I guess, what I am to look for to know if my machine is fixed.
If you don't mind, I have a couple of questions:

1) What was your diagnosis based on the OTL scan I ran and reports posted?

2) Did you see an infection when you reviewed those reports?

3) Is there any specific resolution that I should be able to see after running the prescribed fix?

4) After running the fix, I rebooted the machine. I then rebooted the machine in Safe Mode and did another full scan with Ad-Aware. The scan took over four hours. I have run full scans before on the same type of computers, and they took no where near four hours. Is there a reason for this lengthy scan?

5) Would you recommend I un-install Ad-Aware and down load again?

6) Please find below posted the results of Ad-Aware's last full scan which I mentioned above:

Logfile created: 3/6/2011 15:17:10
Ad-Aware version: 9.0.2
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: windeebrook

*********************** Definitions database information ***********************
Lavasoft definition file: 150.310
Genotype definition file version: 2011/03/03 17:00:35
Extended engine definition file: 8613.0

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 293442
Objects detected: 17


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 17
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408826 Family ID: 0
Description: *ads.pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408927 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *apmebf* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409163 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *fastclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408869 Family ID: 0
Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
Description: *mediaplex* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408991 Family ID: 0
Description: *server.iad.liveperson* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409131 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *trafficmp* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408787 Family ID: 0

Scan and cleaning complete: Finished correctly after 14931 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: strict, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Mon Feb 21 21:25:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Mon Feb 21 03:25:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Mon Feb 21 09:25:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Mon Feb 21 15:25:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Mon Feb 21 21:25:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: true
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple

Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: modules, enabled:1
ID: processprotection, enabled:0, value: true
ID: onaccessprotection, enabled:0, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true


****************************** System information ******************************
Computer name: WINDEEBROOK-PC
Processor name: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
Processor identifier: x86 Family 15 Model 107 Stepping 1
Processor speed: ~1908MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 27393, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3,3DNow]
Physical memory available: 489132032 bytes
Physical memory total: 937238528 bytes
Virtual memory available: 1862811648 bytes
Virtual memory total: 2147352576 bytes
Memory load: 47%
Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
Windows startup mode:

Running processes:
PID: 348 name: C:\WINDOWS\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 480 name: C:\WINDOWS\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 516 name: C:\WINDOWS\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 524 name: C:\WINDOWS\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
PID: 568 name: C:\WINDOWS\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 600 name: C:\WINDOWS\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 612 name: C:\WINDOWS\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 620 name: C:\WINDOWS\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 768 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 824 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 864 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 944 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 972 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1012 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1056 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1072 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1192 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1252 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1416 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1636 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1720 name: C:\WINDOWS\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1884 name: C:\WINDOWS\explorer.exe owner: windeebrook domain: windeebrook-PC
PID: 656 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: windeebrook domain: windeebrook-PC
PID: 1876 name: C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1412 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: windeebrook domain: windeebrook-PC

Startup items:
Name: Windows Defender
imagepath: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
Name: hpsysdrv
imagepath: c:\hp\support\hpsysdrv.exe
Name: OsdMaestro
imagepath: "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
Name: RtHDVCpl
imagepath: RtHDVCpl.exe
Name: SnapfishMediaDetector
imagepath: C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
Name: Launcher
imagepath: %WINDIR%\SMINST\launcher.exe
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
imagepath: C:\Program Files\Microsoft Office\Office\OSA9.EXE
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
imagepath: C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: BFE
displayname: Base Filtering Engine
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: Eventlog
displayname: Windows Event Log
Name: IKEEXT
displayname: IKE and AuthIP IPsec Keying Modules
Name: LanmanWorkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: MpsSvc
displayname: Windows Firewall
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List Service
Name: NlaSvc
displayname: Network Location Awareness
Name: nsi
displayname: Network Store Interface Service
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPsec Policy Agent
Name: ProfSvc
displayname: User Profile Service
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: WinDefend
displayname: Windows Defender
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: wudfsvc
displayname: Windows Driver Foundation - User-mode Driver Framework


I know you must be busy, SpySentinel, but this computer is the one my daughter does all of her schoolwork on, and my wife does all the financial stuff on, so we really appreciate your help! Take care, :)

Share this post


Link to post
Share on other sites
... bye the way, when Ad-Aware begins a scan, it begins scanning with "rootkits" with no objects being scanned. It spnds some time scanning "rootkits." I have not seen that before... is that part of my problem? Thanks.

Share this post


Link to post
Share on other sites
Sorry for the delay. I will be getting to your log later today.

Share this post


Link to post
Share on other sites
Please download [url="http://www.malwarebytes.org/mbam-download.php"][color="#2E8B57"][b]Malwarebytes' Anti-Malware[/color][/b][/url]

Double Click mbam-setup.exe to install the application.[list]
[*]Make sure a checkmark is placed next to [b]Update Malwarebytes' Anti-Malware[/b] and [b]Launch Malwarebytes' Anti-Malware[/b], then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select "[b]Perform Quick Scan[/b]", then click [b]Scan[/b].
[*]The scan may take some time to finish, so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that [b]everything is checked[/b], and click [b]Remove Selected[/b].
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
[/list]Extra Note:
[color="#2E8B57"][b]If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.[/b][/color]




Go to [url="http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html"][b][color="red"]Kaspersky website[/color][/b][/url] and perform an online antivirus scan.
[list=1]
[*]Read through the requirements and privacy statement and click on [b]Accept[/b] button.
[*]It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click [b]Run[/b].
[*]When the downloads have finished, click on [b]Settings[/b].
[*]Make sure these boxes are checked (ticked). If they are not, please tick them and click on the [b]Save[/b] button: [list][color="red"]Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases[/color]
[/list]
[*]Click on [b]My Computer[/b] under [b]Scan[/b].
[*]Once the scan is complete, it will display the results. Click on [b]View Scan Report[/b].
[*]You will see a list of infected items there. Click on [b]Save Report As...[/b].
[*]Save this report to a convenient place. Change the [b]Files of type[/b] to [b]Text file (.txt)[/b] before clicking on the [b]Save[/b] button.
[/list]

Share this post


Link to post
Share on other sites
Hello, SpySentinel... OK. Ran the Malwarebytes... here is the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6037

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/12/2011 3:06:28 PM
mbam-log-2011-03-12 (15-06-28).txt

Scan type: Quick scan
Objects scanned: 155242
Time elapsed: 19 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 17
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar (Adware.Hotbar) -> Delete on reboot.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\weather_xml (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weather_xml (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\weatherdpa (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\Hotbar\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\Hotbar\bin\11.0.78.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\Hotbar\bin\11.0.78.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\Hotbar\bin\11.0.78.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\Hotbar\bin\11.0.78.0\firefox\extensions\components (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] (Adware.GamesVance) -> Delete on reboot.
c:\Users\windeebrook\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components (Adware.GamesVance) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\history (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherstartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\Links (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\radar-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\radar-small (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\satellite-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\satellite-small (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\weatherpreferences (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\weather_xml\Display (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\weather_xml\Loading (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weatherdpa\weather_xml\screen2 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weather_xml\Default (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weather_xml\Genera1 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Hotbar\Weather\weather_xml\General (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HotbarSA\hotbarsa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\Hotbar\bin\11.0.78.0\copyright.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\Hotbar\bin\11.0.78.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\Hotbar\bin\11.0.78.0\firefox\extensions\components\npclntax.xpt (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\install.rdf (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome\gvtextlinks.jar (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\Users\windeebrook\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\gvtlf.xpt (Adware.GamesVance) -> Quarantined and deleted successfully.


Getting ready to run Kaspersky... will post when done. Have a good day! :mellow:

Share this post


Link to post
Share on other sites
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this