Sign in to follow this  
sings2high

System Fix virus too

Recommended Posts

My computer was infected last night with the System Fix virus. I have been trying ever since to get rid of it.
What I've done so far:

Unhide: Downloaded and ran this and it worked. When I updated my SpyBot, it required a restart. When I rebooted, things disappeared again, I ran unhide again, it worked but I'm still missing things from my start menu.

aswMBR: downloaded and clicked on the .exe file but could not see that it did anything. Where would it put the log file if it created one? and what would it be named?

Ad-aware: it updates itself every day at 1 am, but I ran an update just to be sure, ran a full scan, it found nothing.

SpyBot: updated definitions file last night, and again this morning. Ran a scan and found 2 problems which it could not remove. It told me that I was not running as an administrator. However, Control Panel/User Accounts shows me as an administrator, in fact, there is only one account set up on this computer - mine and it is clearly labeled "administrator".

Downloaded Combofix, but I haven't dared use it.

What should I do next?

Share this post


Link to post
Share on other sites
Hi,

Download DDS and save it to your desktop from [url=http://download.bleepingcomputer.com/sUBs/dds.com][b][color=seagreen]here[/color][/b][/url] or [url=http://download.bleepingcomputer.com/sUBs/dds.scr][b][color=seagreen]here[/color][/b][/url] or [url=http://www.forospyware.com/sUBs/dds][b][color=seagreen]here[/color][/b][/url].
Disable any script blocker, and then double click [b]dds file [/b]to run the tool. [list]
[*]When done, DDS will open two (2) logs: [list=1]
[*] DDS.txt
[*] Attach.txt
[/list]
[*]Save both reports to your desktop. Post them back to your topic.
[/list]

Share this post


Link to post
Share on other sites
OTL logfile created on: 12/17/2011 10:21:30 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ruth\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 47.84% Memory free
5.98 Gb Paging File | 4.73 Gb Available in Paging File | 79.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.56 Gb Total Space | 106.86 Gb Free Space | 61.22% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.97 Gb Free Space | 16.79% Space Free | Partition Type: NTFS

Computer Name: RUTH-PC | User Name: Ruth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Ruth\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\egrFltGUc9Arat.exe ()
PRC - C:\ProgramData\POLStitgmwobI.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\ProgramData\egrFltGUc9Arat.exe ()
MOD - C:\ProgramData\POLStitgmwobI.exe ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (sbapifs) -- C:\WINDOWS\System32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (CnxtHdAudService) -- C:\WINDOWS\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (athr) -- C:\WINDOWS\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wunderground.com/cgi-bin/findweather/hdfForecast?query=08312+-+Clayton%2C+NJ
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1418455&SearchSource=3&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.flylady.net/|http://classic.wunderground.com/cgi-bin/findweather/getForecast?query=08312&wuSelect=WEATHER"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:4.5.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101703&locale=en_US&apn_uid=73545EDE-2185-45D7-AEAD-D5E4407FAADD&apn_ptnrs=F3&apn_sauid=01E6FC1D-EC0C-4678-9645-A7743F1E55FD&apn_dtid=YYYYYYYYUS&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/24 08:41:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/09 13:36:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 21:10:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/29 19:41:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/09/01 13:08:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/24 08:41:20 | 000,000,000 | ---D | M]

[2011/08/18 12:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Extensions
[2011/08/18 12:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/12/13 15:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions
[2011/10/20 07:36:17 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/08/08 19:55:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/13 15:17:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/08 19:55:27 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2011/08/08 19:55:24 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions\[email protected]
[2011/08/20 22:55:59 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions\[email protected]
[2011/08/08 19:55:24 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions\[email protected]
[2011/12/15 10:30:02 | 000,000,000 | ---D | M] ("Foxit PDF Creator Toolbar") -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\extensions\[email protected]
[2011/12/17 10:18:12 | 000,002,571 | ---- | M] () -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\searchplugins\askcom.xml
[2007/07/21 10:23:32 | 000,002,386 | ---- | M] () -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\sg3ui63v.default\searchplugins\siteadvisor.xml
[2011/11/09 21:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\RUTH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SG3UI63V.DEFAULT\EXTENSIONS\[email protected]
[2011/11/09 21:10:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/19 10:39:39 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/11/09 21:10:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [POLStitgmwobI.exe] C:\ProgramData\POLStitgmwobI.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5303E5E5-D779-49F4-B3BE-E1A7759CBAF0}: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 21:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/12/16 20:58:40 | 004,341,424 | ---- | C] (Swearware) -- C:\Users\Ruth\Desktop\ComboFix.exe
[2011/12/16 18:21:59 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011/12/16 18:19:06 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/12/16 03:07:22 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/16 03:07:20 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/16 03:07:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/16 03:07:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/16 03:07:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/16 03:07:16 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/15 16:11:05 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 16:11:03 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 16:11:01 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 16:11:01 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 16:10:54 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/15 16:10:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/12 22:13:29 | 000,000,000 | ---D | C] -- C:\Users\Ruth\Documents\My Scans
[2011/11/29 19:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/29 19:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/11/29 19:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/11/29 19:34:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/12/17 09:43:16 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 09:43:16 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 09:11:09 | 000,001,085 | ---- | M] () -- C:\Users\Ruth\Desktop\Spybot - Search & Destroy.lnk
[2011/12/17 08:32:55 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/17 08:32:55 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/16 22:21:06 | 000,617,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/16 22:21:06 | 000,108,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/16 21:55:46 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/12/16 21:43:32 | 000,135,568 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/12/16 21:43:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/16 21:43:09 | 3085,815,808 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/16 20:58:29 | 004,341,424 | ---- | M] (Swearware) -- C:\Users\Ruth\Desktop\ComboFix.exe
[2011/12/16 20:57:36 | 000,000,512 | ---- | M] () -- C:\Users\Ruth\Documents\MBR.dat
[2011/12/16 18:23:42 | 000,000,456 | ---- | M] () -- C:\ProgramData\egrFltGUc9Arat
[2011/12/16 18:22:01 | 000,000,304 | ---- | M] () -- C:\ProgramData\~egrFltGUc9Arat
[2011/12/16 18:22:01 | 000,000,208 | ---- | M] () -- C:\ProgramData\~egrFltGUc9Aratr
[2011/12/16 18:21:59 | 000,000,625 | ---- | M] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/16 18:21:59 | 000,000,601 | ---- | M] () -- C:\Users\Ruth\Desktop\System Fix.lnk
[2011/12/16 18:21:49 | 000,350,472 | ---- | M] () -- C:\ProgramData\egrFltGUc9Arat.exe
[2011/12/16 18:19:14 | 000,442,632 | ---- | M] () -- C:\ProgramData\POLStitgmwobI.exe
[2011/12/16 03:33:27 | 000,333,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/16 03:30:22 | 000,000,042 | ---- | M] () -- C:\Users\Ruth\Documents\Home_pwsafe.plk
[2011/12/12 17:25:31 | 000,000,680 | ---- | M] () -- C:\Users\Ruth\AppData\Local\d3d9caps.dat
[2011/12/11 17:42:10 | 010,559,488 | ---- | M] () -- C:\Users\Ruth\Documents\My Money.mny
[2011/12/03 11:04:17 | 000,008,392 | ---- | M] () -- C:\Users\Ruth\Documents\Home_pwsafe.psafe3
[2011/12/03 11:02:03 | 000,008,312 | ---- | M] () -- C:\Users\Ruth\Documents\Home_pwsafe.ibak
[2011/11/29 19:49:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/29 19:41:36 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/23 08:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/12/16 20:57:36 | 000,000,512 | ---- | C] () -- C:\Users\Ruth\Documents\MBR.dat
[2011/12/16 20:39:05 | 000,002,152 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/12/16 20:39:05 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2011/12/16 20:39:05 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\MSN.lnk
[2011/12/16 20:39:05 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\My HP Games.lnk
[2011/12/16 20:39:05 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Launch Slingbox Flash Tour.lnk
[2011/12/16 20:39:05 | 000,001,907 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/12/16 20:39:05 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/16 20:39:05 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/12/16 20:39:05 | 000,001,883 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird (2).lnk
[2011/12/16 20:39:05 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\HP Help and Support.lnk
[2011/12/16 20:39:05 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk
[2011/12/16 20:39:05 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Internet & Digital Services.lnk
[2011/12/16 20:39:05 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/12/16 20:39:05 | 000,001,614 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2011/12/16 20:39:05 | 000,001,537 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2011/12/16 20:39:05 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/12/16 20:39:05 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Money 2004.lnk
[2011/12/16 20:39:05 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/12/16 20:39:05 | 000,000,943 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/16 20:39:05 | 000,000,938 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/16 20:39:05 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/16 20:39:05 | 000,000,870 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/16 20:39:05 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/16 20:39:05 | 000,000,846 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/12/16 20:39:05 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2011/12/16 20:39:05 | 000,000,625 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/16 20:39:05 | 000,000,258 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/12/16 20:39:05 | 000,000,240 | ---- | C] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/12/16 20:39:05 | 000,000,159 | ---- | C] () -- C:\Users\Public\Desktop\MSN Money.url
[2011/12/16 20:38:55 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/16 20:38:55 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/12/16 20:38:48 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2011/12/16 20:38:48 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2011/12/16 20:38:48 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/12/16 20:38:48 | 000,001,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/12/16 20:38:48 | 000,001,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk
[2011/12/16 20:38:48 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2011/12/16 20:38:48 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/16 20:38:48 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/12/16 20:38:48 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2011/12/16 20:38:48 | 000,001,769 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPlay Manager.lnk
[2011/12/16 20:38:48 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2011/12/16 20:38:48 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2011/12/16 20:38:48 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/12/16 20:38:48 | 000,001,728 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPlay.lnk
[2011/12/16 20:38:48 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2011/12/16 20:38:48 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/12/16 20:38:48 | 000,001,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Money 2004.lnk
[2011/12/16 20:38:48 | 000,001,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/12/16 20:38:48 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/16 20:38:48 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/12/16 20:38:48 | 000,000,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2011/12/16 18:22:01 | 000,000,304 | ---- | C] () -- C:\ProgramData\~egrFltGUc9Arat
[2011/12/16 18:22:01 | 000,000,208 | ---- | C] () -- C:\ProgramData\~egrFltGUc9Aratr
[2011/12/16 18:21:59 | 000,000,601 | ---- | C] () -- C:\Users\Ruth\Desktop\System Fix.lnk
[2011/12/16 18:21:55 | 000,000,456 | ---- | C] () -- C:\ProgramData\egrFltGUc9Arat
[2011/12/16 18:21:49 | 000,350,472 | ---- | C] () -- C:\ProgramData\egrFltGUc9Arat.exe
[2011/12/16 18:19:16 | 000,442,632 | ---- | C] () -- C:\ProgramData\POLStitgmwobI.exe
[2011/10/29 22:53:58 | 000,000,680 | ---- | C] () -- C:\Users\Ruth\AppData\Local\d3d9caps.dat
[2011/09/15 12:08:29 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/08/24 08:24:31 | 000,205,118 | ---- | C] () -- C:\Windows\hpwins26.dat
[2011/08/10 21:26:15 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/08/10 21:26:15 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/08/07 20:58:10 | 000,135,568 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/08/07 20:58:09 | 000,135,568 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/08/07 06:50:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/08/07 06:50:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/08/07 01:16:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/18 01:31:57 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2008/08/21 04:05:33 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/21 04:01:54 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/04/24 21:38:18 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,333,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,617,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,108,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011/08/10 21:55:16 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\OpenOffice.org
[2011/08/08 17:51:04 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Thunderbird
[2011/08/18 11:59:58 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\TomTom
[2011/08/09 19:46:14 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\WildTangent
[2011/12/16 21:41:59 | 000,032,200 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 1159 bytes -> C:\Users\Ruth\Desktop\FlyLady Repost Laundry Solution Wardrobe Simplification.eml:OECustomProperty

< End of report >

Share this post


Link to post
Share on other sites
OTL Extras logfile created on: 12/17/2011 10:21:30 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ruth\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 47.84% Memory free
5.98 Gb Paging File | 4.73 Gb Available in Paging File | 79.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.56 Gb Total Space | 106.86 Gb Free Space | 61.22% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.97 Gb Free Space | 16.79% Space Free | Partition Type: NTFS

Computer Name: RUTH-PC | User Name: Ruth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E32E79F-B75D-4F46-8563-60EAA6FC3694}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{11C8DC70-3736-4C5E-AA43-D49EAA46E75F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{11CF649A-B94A-4777-BBC2-B29FB89F961F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1A5BC666-76F9-45E1-B4A7-4F82413A64FA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{2AE634D4-27B7-4ADC-ACE1-96E289E1A198}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{2E958892-613C-4401-9CB3-CC9A7A0ADD84}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{42FD1E9F-F740-4B28-9BBC-769ECFF092B0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{44DDAD75-8618-4ADC-8ED4-BB8261C28154}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{546AD6B1-720F-4731-A43C-0AA4E91742E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{5932C836-EDA5-4B52-8CE1-AA890058431A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5D18A62D-113D-44B6-A906-B5238E2C66FA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{6435A5D5-321F-405F-AB32-F4CDD8884A4F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6449F940-E7BB-428E-976F-DE2C5DB233F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{68A7C35A-1F30-426F-BEC0-F2E2B8EC7C08}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{6B64F4F8-8A8D-48C4-8223-E5EBD0797141}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{71E69720-498E-4AC0-B143-D5C5E53EA1E4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7DAAA77D-D339-4C00-A7D1-42881E692799}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7EB085B8-344E-41CB-9D92-AB651F064199}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7FB92001-4300-448E-9852-D2C639F9E4F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{863CC31C-3ACF-46D7-A987-7197A9FC264B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{882F142B-4C6F-4030-A893-17A3B5AC6677}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{8F03B19C-9297-4543-A09D-DE0F1BCA6733}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{93E83362-AA29-4059-A36B-D86D15B9079D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{9DA3012F-9B5C-4848-BAD4-8A261642E055}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{A79AA8F3-E437-42A4-8E8B-24D664449233}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{AF92B6E9-02ED-485F-8196-528D4296F852}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B45744D4-86A4-4417-A215-719ED5DE9E9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C6FD301A-F0B6-4269-95B2-C61EF5CA4226}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{CEB005FC-A593-403D-9E0F-B5D6D6CB7B01}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D1D6E669-9DD7-4B12-8B84-4A3DF994AD90}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{DB761B37-344A-40E3-AD4B-33B7B9BED77B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{DF8163C0-25E8-48CA-A995-5C089558E008}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{F5FD2F6C-4959-4877-8963-91D77D16EACE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F9FD7FDF-0D86-48DC-AAA8-A6DB5F810E12}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{FBB57381-1251-41E6-9DF0-DF14AD195C37}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"TCP Query User{970ACBAA-36DE-475A-AA72-D178CE7160FB}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{AF39A75C-C956-4F48-A9A7-8C41AD507805}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1451479C-2331-43E3-A8C5-5D388EBE8969}" = EBSCO Publishing Download Manager
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1D643CD0-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C64E149-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95C2FBF3-4462-41E3-89DC-0F784387BD53}" = Family Lawyer 2004
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIM_6" = AIM 6
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIA Drivers" = NVIDIA Drivers
"Password Safe" = Password Safe
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.2.2264
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 12/8/2011 3:36:52 PM | Computer Name = Ruth-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/12/2011 9:19:41 PM | Computer Name = Ruth-PC | Source = Application Error | ID = 1000
Description = Faulting application hpqgpc01.exe, version 130.0.14.16, time stamp
0x49dd90d9, faulting module hpqgpc01.exe, version 130.0.14.16, time stamp 0x49dd90d9,
exception code 0xc0000005, fault offset 0x0000a267, process id 0x1644, application
start time 0x01ccaef715bd2918.

Error - 12/13/2011 1:09:38 AM | Computer Name = Ruth-PC | Source = Application Hang | ID = 1002
Description = The program thunderbird.exe version 8.0.0.4326 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1044 Start Time: 01ccb3641d055238 Termination Time: 136

Error - 12/13/2011 3:42:47 PM | Computer Name = Ruth-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 8.0.0.4325 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 680 Start Time: 01ccb87b20b05910 Termination Time: 339

Error - 12/16/2011 12:58:32 AM | Computer Name = Ruth-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/16/2011 4:02:09 AM | Computer Name = Ruth-PC | Source = Windows Search Service | ID = 3006
Description =

Error - 12/16/2011 4:02:10 AM | Computer Name = Ruth-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 12/16/2011 4:34:15 AM | Computer Name = Ruth-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/16/2011 3:17:32 PM | Computer Name = Ruth-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/16/2011 7:44:10 PM | Computer Name = Ruth-PC | Source = Application Error | ID = 1000
Description = Faulting application SDUpdate.exe, version 1.6.0.12, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967, exception
code 0xc0000005, fault offset 0x000bfea5, process id 0x14cc, application start time
0x01ccbc4c915d0d4f.

[ System Events ]
Error - 8/10/2011 12:21:54 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/10/2011 12:22:20 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/10/2011 12:22:20 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/10/2011 12:23:07 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/10/2011 12:23:07 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/10/2011 12:23:53 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/10/2011 12:23:53 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/10/2011 9:08:34 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/10/2011 9:11:13 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 8/11/2011 11:39:08 AM | Computer Name = Ruth-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Share this post


Link to post
Share on other sites
Blade81 said:
"Disable any script blocker, and then double click [b]dds file [/b]to run the tool."

What are common names of script blockers? I am not sure what I have on this PC, was recently gifted to me.

Share this post


Link to post
Share on other sites
Usually it runs without doing anything but disabling antivirus protection should be enough (if needed).

Share this post


Link to post
Share on other sites
I've tried several times now, I can't get DDS to run. The hash marks go 3/4 of the way across the cmd window, then it stops. And everything stops. Then the only thing I can do is reboot. Is there another program I could use to scan it?

Share this post


Link to post
Share on other sites
I still can't run dds, but I was able to run aswMBR and am posting the log.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-16 20:42:10
-----------------------------
20:42:10.435 OS Version: Windows 6.0.6002 Service Pack 2
20:42:10.435 Number of processors: 2 586 0x6802
20:42:10.437 ComputerName: RUTH-PC UserName: Ruth
20:42:25.453 Initialize success
20:43:13.461 AVAST engine defs: 11121603
20:43:48.127 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:43:48.131 Disk 0 Vendor: ST9200827AS 3.BHA Size: 190782MB BusType: 3
20:43:50.189 Disk 0 MBR read successfully
20:43:50.193 Disk 0 MBR scan
20:43:50.201 Disk 0 unknown MBR code
20:43:50.212 Disk 0 scanning sectors +390721952
20:43:51.959 Disk 0 scanning C:\Windows\system32\drivers
20:44:21.372 Service scanning
20:44:22.988 Modules scanning
20:44:29.685 Disk 0 trace - called modules:
20:44:29.705 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:44:29.710 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854366c8]
20:44:29.716 3 CLASSPNP.SYS[89fb08b3] -> nt!IofCallDriver -> [0x852798c8]
20:44:30.088 5 acpi.sys[8060e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85221958]
20:44:31.133 AVAST engine scan C:\Windows
20:44:33.510 AVAST engine scan C:\Windows\system32
20:48:23.011 AVAST engine scan C:\Windows\system32\drivers
20:48:37.644 AVAST engine scan C:\Users\Ruth
20:52:22.896 AVAST engine scan C:\ProgramData
20:55:38.590 Scan finished successfully
20:57:36.175 Disk 0 MBR has been saved successfully to "C:\Users\Ruth\Documents\MBR.dat"
20:57:36.184 The log file has been saved successfully to "C:\Users\Ruth\Documents\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-17 23:57:17
-----------------------------
23:57:17.026 OS Version: Windows 6.0.6002 Service Pack 2
23:57:17.026 Number of processors: 2 586 0x6802
23:57:17.026 ComputerName: RUTH-PC UserName: Ruth
23:57:30.957 Initialize success
23:58:49.195 AVAST engine defs: 11121702
00:28:06.815 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
00:28:06.815 Disk 0 Vendor: ST9200827AS 3.BHA Size: 190782MB BusType: 3
00:28:08.875 Disk 0 MBR read successfully
00:28:08.890 Disk 0 MBR scan
00:28:08.890 Disk 0 unknown MBR code
00:28:08.906 Disk 0 scanning sectors +390721952
00:28:10.497 Disk 0 scanning C:\Windows\system32\drivers
00:28:20.387 Service scanning
00:28:21.729 Modules scanning
00:28:26.830 Disk 0 trace - called modules:
00:28:26.846 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
00:28:26.846 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858b8ac8]
00:28:26.846 3 CLASSPNP.SYS[89fb28b3] -> nt!IofCallDriver -> [0x8523d620]
00:28:27.361 5 acpi.sys[806096bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8527eb98]
00:28:28.016 AVAST engine scan C:\Windows
00:28:29.716 AVAST engine scan C:\Windows\system32
00:30:41.084 AVAST engine scan C:\Windows\system32\drivers
00:30:51.083 AVAST engine scan C:\Users\Ruth
00:32:50.221 AVAST engine scan C:\ProgramData
00:35:40.027 Scan finished successfully
00:40:35.943 Disk 0 MBR has been saved successfully to "C:\Users\Ruth\Documents\MBR.dat"
00:40:36.005 The log file has been saved successfully to "C:\Users\Ruth\Documents\aswMBR.txt"

Share this post


Link to post
Share on other sites
Hi,

Upload C:\Users\Ruth\Documents\[b]MBR.dat[/b] file [url="http://www.bleepingcomputer.com/submit-malware.php?channel=76"]here[/url].

Kindly include a link to this topic in the message.

----

Please visit this webpage for download links, and instructions for running ComboFix tool:

[url="http://www.bleepingcomputer.com/combofix/how-to-use-combofix"]http://www.bleepingc...to-use-combofix[/url]

[color=Blue]Please ensure you read this guide carefully first.[/color]


Please continue as follows:

[list=1]
[*][b]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix[/b], [url="http://www.bleepingcomputer.com/forums/topic114351.html"]link[/url]

Remember to re-enable them afterwards.
[*]Click [b]Yes[/b] to allow ComboFix to continue scanning for malware.
[/list]

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

[b]C:\ComboFix.txt[/b]
[b]New OTL.txt log.[/b]

[color=#ff0000][b]A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.[/b][/color]

Share this post


Link to post
Share on other sites
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this