View Full Version : coolwwwsearch.olehelp. rootkits detected, please help
aaron2691
2010-11-01, 19:41
my Wife's computer got a bug somehow. Upon launch under her username, for the past couple of days it has been launching a "spyware removal" tool. it also auto shuts down taskmanager upon opening it to terminate processes. I did a spybot scan and found coolwwwsearch.olehelp on her system. an avira scan also turned up "hidden files" and rootkits. both programs say that they removed the problem, but it returns. Interestingly to me, the symptoms only show up under her username on the machine, but the detections occur regardless. the log was generated using her username. Also, if it saves time, there is a program on there, covenant eyes, that we want on our machine. It is not malicious, though it appears that it could be. Here is the DDS log. Thank you for the help.
DDS (Ver_10-10-31.01) - NTFS_AMD64
Run by Savannah at 13:31:41.98 on Mon 11/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3838.1774 [GMT -5:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\crypserv.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\shell.exe
C:\Users\Savannah\AppData\Roaming\Microsoft\svchost.exe
C:\Users\Savannah\AppData\Local\Temp\dwm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Savannah\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uWinlogon: Shell=explorer.exe,C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\shell.exe
uWindows: Load=C:\Users\Savannah\AppData\Local\Temp\dwm.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [svchost] C:\Users\Savannah\AppData\Roaming\Microsoft\svchost.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Savannah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AEGFOR~1.LNK - C:\Program Files (x86)\ForeSight Mobility\AEG\Mobility\Console\Current\bin\MobilityColdStart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: C:\Windows\system32\wpclsp.dll
Trusted Zone: illustrationsystem.com\www
DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxps://air.sheltonstate.edu/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=ea4emmnudb0znfudnec1rm55&ControlID=2742cf3021c64cc494cb04fa56bd65d9&Culture=127&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [WPCUMI] C:\Windows\system32\WpcUmi.exe
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\wgsztus0.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Users\Savannah\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2010-7-6 33800]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-7-6 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-7-6 267432]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-7-6 81072]
R2 MSSQL$ITSQLEXPRESS;SQL Server (ITSQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-5-27 29262680]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-10-31 1153368]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-6-24 92008]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-8 93184]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
=============== Created Last 30 ================
2010-10-31 22:12:04 101888 ----a-w- C:\Users\Savannah\AppData\Roaming\Microsoft\svchost.exe
2010-10-30 14:16:29 -------- d-----w- C:\Users\Savannah\.blurb
2010-10-30 14:14:04 -------- d-----w- C:\Program Files (x86)\BookSmart
2010-10-29 22:01:24 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{6CC4BA08-60FF-4653-B288-D1BFAB52CE6B}\mpengine.dll
2010-10-23 22:01:04 104448 ----a-w- C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\shell.exe
2010-10-14 10:02:02 316416 ----a-w- C:\Windows\System32\msshsq.dll
2010-10-14 10:02:02 231936 ----a-w- C:\Windows\SysWow64\msshsq.dll
2010-10-14 10:00:59 171008 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-14 10:00:58 168960 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-10-14 10:00:57 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-10-14 10:00:57 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-10-14 09:58:59 343040 ----a-w- C:\Windows\System32\schannel.dll
2010-10-14 09:58:59 274432 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-14 09:58:57 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2010-10-14 09:58:56 866816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
==================== Find3M ====================
2010-10-19 16:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-08 17:26:59 833024 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 17:23:42 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
2010-09-08 16:46:38 1032704 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 16:43:11 86528 ----a-w- C:\Windows\System32\ieencode.dll
2010-09-08 15:53:07 389632 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 15:28:29 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-08 15:26:20 485376 ----a-w- C:\Windows\System32\html.iec
2010-09-08 15:00:33 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-06 16:24:40 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-09-06 16:23:14 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-09-06 15:59:19 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-09-06 15:59:19 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-09-06 15:57:48 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-09-06 13:44:39 461824 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-09-06 13:44:17 144896 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-09-06 13:44:14 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-31 15:41:42 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 15:41:42 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-31 15:40:26 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-31 15:21:34 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-31 13:18:42 2751488 ----a-w- C:\Windows\System32\win32k.sys
2010-08-26 16:27:46 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 16:07:25 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-17 14:04:48 267776 ----a-w- C:\Windows\System32\spoolsv.exe
2001-09-28 23:00:28 164864 ----a-w- C:\Program Files (x86)\UNWISE.EXE
============= FINISH: 13:32:32.23 ===============
Hi aaron2691
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
Please reply with
logs from RSIT (log.txt ,info.txt)
Thanks peku006
aaron2691
2010-11-11, 01:49
Thank you so much for the reply. you guys must be busy lately :) here are the reports you requested. THanks again.
Logfile of random's system information tool 1.08 (written by random/random)
Run by Aaron at 2010-11-10 17:52:43
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 351 GB (76%) free of 463 GB
Total RAM: 3838 MB (32% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:52:56 PM, on 11/10/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18527)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\SysWOW64\notepad.exe
C:\PROGRA~2\MICROS~2\WkDStore.exe
C:\PROGRA~2\MICROS~2\wkcalrem.exe
C:\PROGRA~2\MICROS~2\wkgdcach.exe
C:\Program Files (x86)\Microsoft Works\wkswp.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Aaron\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Aaron.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2698770454-334339165-2337177048-1000\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN (User 'Savannah')
O4 - HKUS\S-1-5-21-2698770454-334339165-2337177048-1000\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" (User 'Savannah')
O4 - HKUS\S-1-5-21-2698770454-334339165-2337177048-1000\..\Run: [svchost] C:\Users\Savannah\AppData\Roaming\Microsoft\svchost.exe (User 'Savannah')
O4 - HKUS\S-1-5-21-2698770454-334339165-2337177048-1000\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Savannah')
O4 - S-1-5-21-2698770454-334339165-2337177048-1000 Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (User 'Savannah')
O4 - S-1-5-21-2698770454-334339165-2337177048-1000 User Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (User 'Savannah')
O4 - Global Startup: AEG ForeSight Startup Services.lnk = C:\Program Files (x86)\ForeSight Mobility\AEG\Mobility\Console\Current\bin\MobilityColdStart.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} (RSClientPrint 2005 Class) - https://air.sheltonstate.edu/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=ea4emmnudb0znfudnec1rm55&ControlID=2742cf3021c64cc494cb04fa56bd65d9&Culture=127&UICulture=9&ReportStack=1&OpType=PrintCab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12127 bytes
======Scheduled tasks folder======
C:\Windows\tasks\PCDRScheduledMaintenance.job
C:\Windows\tasks\User_Feed_Synchronization-{ED4E7E7E-86A9-4F21-ADFB-D70451304326}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll [2008-08-25 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Microsoft Live Search Toolbar Helper - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-28 86032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - Microsoft Live Search Toolbar - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-28 86032]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [2008-07-21 12288]
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"UpdateP2GoShortCut"=c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePDIRShortCut"=c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePSTShortCut"=c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [2008-09-11 210216]
"TSMAgent"=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2008-10-17 1152296]
"CLMLServer for HP TouchSmart"=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2008-10-17 189736]
"DVDAgent"=c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2008-09-26 1148200]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe [2008-08-25 144784]
"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-11-07 281768]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1555968]
"HPADVISOR"=C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-10-17 972080]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AEG ForeSight Startup Services.lnk - C:\Program Files (x86)\ForeSight Mobility\AEG\Mobility\Console\Current\bin\MobilityColdStart.exe
PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-11-10 17:52:43 ----D---- C:\rsit
2010-11-10 17:52:43 ----D---- C:\Program Files (x86)\trend micro
2010-11-08 17:11:51 ----D---- C:\Users\Aaron\AppData\Roaming\Template
2010-10-30 08:14:04 ----D---- C:\Program Files (x86)\BookSmart
2010-10-29 15:15:15 ----D---- C:\Users\Aaron\AppData\Roaming\Avira
2010-10-28 05:13:57 ----D---- C:\Users\Aaron\AppData\Roaming\Adobe
2010-10-28 05:13:17 ----D---- C:\Users\Aaron\AppData\Roaming\Mozilla
2010-10-26 16:51:57 ----A---- C:\Windows\ntbtlog.txt
2010-10-14 04:02:02 ----A---- C:\Windows\SysWOW64\msshsq.dll
2010-10-14 04:01:21 ----A---- C:\Windows\SysWOW64\ole32.dll
2010-10-14 04:01:19 ----A---- C:\Windows\SysWOW64\mfc40u.dll
2010-10-14 04:01:19 ----A---- C:\Windows\SysWOW64\mfc40.dll
2010-10-14 04:01:17 ----A---- C:\Windows\SysWOW64\t2embed.dll
2010-10-14 04:01:15 ----A---- C:\Windows\SysWOW64\comctl32.dll
2010-10-14 04:01:01 ----A---- C:\Windows\SysWOW64\wmp.dll
2010-10-14 04:00:57 ----A---- C:\Windows\SysWOW64\wmploc.DLL
2010-10-14 03:59:49 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-10-14 03:59:47 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-10-14 03:59:47 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2010-10-14 03:59:46 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2010-10-14 03:59:46 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
2010-10-14 03:59:45 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-10-14 03:59:45 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-10-14 03:59:45 ----A---- C:\Windows\SysWOW64\ieaksie.dll
2010-10-14 03:59:44 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-10-14 03:59:44 ----A---- C:\Windows\SysWOW64\occache.dll
2010-10-14 03:59:44 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-10-14 03:59:44 ----A---- C:\Windows\SysWOW64\iertutil.dll
2010-10-14 03:59:44 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-10-14 03:59:44 ----A---- C:\Windows\SysWOW64\ieencode.dll
2010-10-14 03:59:44 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-10-14 03:59:26 ----A---- C:\Windows\SysWOW64\sscore.dll
2010-10-14 03:59:25 ----A---- C:\Windows\SysWOW64\netevent.dll
2010-10-14 03:58:59 ----A---- C:\Windows\SysWOW64\schannel.dll
2010-10-14 03:58:56 ----A---- C:\Windows\SysWOW64\wmpmde.dll
2010-10-11 15:29:33 ----D---- C:\Users\Aaron\AppData\Roaming\Hewlett-Packard
2010-10-11 15:28:43 ----D---- C:\Users\Aaron\AppData\Roaming\PictureMover
2010-10-11 15:28:30 ----D---- C:\Users\Aaron\AppData\Roaming\Identities
2010-10-11 15:28:20 ----SD---- C:\Users\Aaron\AppData\Roaming\Microsoft
2010-10-11 15:28:20 ----D---- C:\Users\Aaron\AppData\Roaming\Media Center Programs
2010-10-11 15:28:20 ----D---- C:\Users\Aaron\AppData\Roaming\Macromedia
======List of files/folders modified in the last 1 months======
2010-11-10 17:52:56 ----D---- C:\Windows\Prefetch
2010-11-10 17:52:49 ----D---- C:\Windows\Temp
2010-11-10 17:52:43 ----RD---- C:\Program Files (x86)
2010-11-07 17:07:29 ----SHD---- C:\System Volume Information
2010-10-29 15:33:56 ----D---- C:\Windows\System32
2010-10-29 15:33:56 ----D---- C:\Windows\inf
2010-10-28 05:15:17 ----D---- C:\Windows
2010-10-28 05:06:31 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-10-24 22:19:14 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-10-15 02:37:45 ----D---- C:\Windows\rescache
2010-10-15 02:20:10 ----D---- C:\Windows\SysWOW64
2010-10-15 02:20:08 ----D---- C:\Windows\SysWOW64\en-US
2010-10-15 02:20:08 ----D---- C:\Program Files (x86)\Windows Media Player
2010-10-15 02:20:06 ----D---- C:\Program Files (x86)\Internet Explorer
2010-10-15 02:04:41 ----D---- C:\Windows\winsxs
2010-10-14 04:02:02 ----SHD---- C:\Windows\Installer
2010-10-14 04:01:55 ----D---- C:\ProgramData\Microsoft Help
2010-10-11 15:28:44 ----SHD---- C:\$Recycle.Bin
2010-10-11 15:28:20 ----RD---- C:\Users
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys []
R0 pavboot;pavboot; C:\Windows\system32\drivers\pavboot64.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys []
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 27632]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx64.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys []
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys []
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S1 SRTSP;SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS []
S1 SRTSPX;SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\ENG64.SYS []
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\EX64.SYS []
S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-09-09 25888]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 nvrd64;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd64.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2008-08-26 16896]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-07 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-11-07 267944]
R2 Crypkey License;Crypkey License; crypserv.exe []
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-08-22 73728]
R2 MSSQL$ITSQLEXPRESS;SQL Server (ITSQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S2 Norton Internet Security;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 getPlusHelper;@C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
-----------------EOF-----------------
aaron2691
2010-11-11, 01:50
info.txt log
info.txt logfile of random's system information tool 1.08 2010-11-10 17:52:57
======Uninstall list======
-->"C:\Program Files (x86)\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Big City Adventures San Francisco\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Dream Chronicles 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Family Feud 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\JoJo's Fashion Show\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Luxor 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mystery P.I. - The Vegas Heist\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Poker Superstars III\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\The Hidden Object Game Show\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\The Price is Right\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Tradewinds Legends\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Wedding Dash\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"
Acrobat.com-->msiexec /qb /x {6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Acrobat.com-->MsiExec.exe /I{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Aegon Illustration System-->MsiExec.exe /I{4D9F5B31-CD13-4467-8CCE-92BD5DE4A18E}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
BookSmart® 2.9.1 2.9.1-->C:\Program Files (x86)\BookSmart\uninstall.exe
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite Deluxe-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
CyberLink DVD Suite Deluxe-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
Diablo II-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\Diablo II\Uninstall.exe
Download Updater (AOL LLC)-->C:\Program Files (x86)\Common Files\Software Update Utility\uninstall.exe
Enhanced Multimedia Keyboard Solution-->C:\Program Files (x86)\Hewlett-Packard\KBD\Install.exe /u
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)-->C:\Windows\SQLTools9_KB970892_ENU\Hotfix.exe /Uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
HP Active Support Library-->"C:\Program Files (x86)\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{64B9E2F5-558E-4C56-B419-A1679518F6E7}\setup.exe" -l0x9 -removeonly
HP Demo-->MsiExec.exe /X{A2016015-8323-4AF8-8B3E-F56239D7D59D}
HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS
HP Picasso Media Center Add-In-->MsiExec.exe /X{03BF5CB1-B72E-4CA6-A278-F65680F05420}
HP Recovery Manager RSS-->MsiExec.exe /X{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}
HP Total Care Advisor-->MsiExec.exe /X{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}
HP Total Care Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{38058455-8C21-4C2F-B2F6-14ED166039CB}\setup.exe" -l0x9 -removeonly
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Juno Preloader-->MsiExec.exe /X{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}
K-Lite Codec Pack 4.1.6 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LightScribe System Software 1.14.25.1-->MsiExec.exe /X{DA9DAC64-C947-47BA-B411-8A1959B177CF}
LightScribe Template Labeler-->MsiExec.exe /X{5BD0CB24-11AF-4BA8-A198-38D25257C656}
MagicDisc 2.7.106-->C:\PROGRA~2\MAGICD~1\UNWISE.EXE C:\PROGRA~2\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Live Search Toolbar-->MsiExec.exe /X{4FAB5122-775E-4418-B8D9-E2873BC93570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (ITSQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files (x86)\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.0.19)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee Reveal-->MsiExec.exe /X{19506BDB-4EA7-491F-E8AB-E97109FDB296}
My HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
NetZero Preloader-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Panda ActiveScan 2.0-->C:\Program Files (x86)\Panda Security\ActiveScan 2.0\as2uninst.exe
PDFlib 4.0.1-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{58D92B58-1BE9-4DE4-AE88-ACB205D75B63}\Setup.exe" -uninst
PDFLIB-->C:\PROGRA~2\COSSTEMP\UNWISE.EXE C:\PROGRA~2\COSSTEMP\PDFINSTALL.LOG
PictureMover-->MsiExec.exe /X{1896E712-2B3D-45eb-BCE9-542742A51032}
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.5.2-->MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {8EAF4926-5B5D-398A-BA46-4603D8095BDE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
ShowCase-->MsiExec.exe /X{EE774E64-0B6A-4DFC-8E03-AF2B00269267}
SPORE Creature Creator Trial Edition-->"C:\Program Files (x86)\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
TomTom HOME 2.7.5.2014-->C:\Program Files (x86)\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
Visual C++ 8.0 Runtime Setup Package (x64)-->MsiExec.exe /I{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WRL-Alliance-->C:\Alliance\UNWISE.EXE C:\Alliance\INSTALL.LOG
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender
======System event log======
Computer Name: Savannah-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00248C2F91AE. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 97429
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20101109184718.000000-000
Event Type: Warning
User:
Computer Name: Savannah-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00248C2F91AE. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 97446
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20101109193113.000000-000
Event Type: Warning
User:
Computer Name: Savannah-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00248C2F91AE. The following error occurred:
The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 97467
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20101109234518.000000-000
Event Type: Warning
User:
Computer Name: Savannah-PC
Event Code: 36
Message: The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
Record Number: 97472
Source Name: Microsoft-Windows-Time-Service
Time Written: 20101110235027.000000-000
Event Type: Warning
User:
Computer Name: Savannah-PC
Event Code: 2505
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{ADFD8513-771E-4C05-9844-C5E31D9F8EF0} because another computer on the network has the same name. The server could not start.
Record Number: 97477
Source Name: Server
Time Written: 20101110235045.000000-000
Event Type: Error
User:
=====Application event log=====
Computer Name: Savannah-PC
Event Code: 4113
Message: AntiVir has detected 'HTML/Rce.Gen' in the file C:\Users\Aaron\AppData\Local\Mozilla\Firefox\Profiles\zmvpg1hi.default\Cache\C1A0D9E1d01
Record Number: 19473
Source Name: Avira AntiVir
Time Written: 20101109002915.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Savannah-PC
Event Code: 4113
Message: AntiVir has detected 'HTML/Rce.Gen' in the file C:\Users\Aaron\AppData\Local\Mozilla\Firefox\Profiles\zmvpg1hi.default\Cache\C1A0D9E1d01
Record Number: 19474
Source Name: Avira AntiVir
Time Written: 20101109003835.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Savannah-PC
Event Code: 4113
Message: AntiVir has detected 'HTML/Rce.Gen' in the file C:\Users\Aaron\AppData\Local\Mozilla\Firefox\Profiles\zmvpg1hi.default\Cache\C1A0D9E1d01
Record Number: 19475
Source Name: Avira AntiVir
Time Written: 20101109004116.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Savannah-PC
Event Code: 4113
Message: AntiVir has detected 'HTML/Rce.Gen' in the file C:\Users\Aaron\AppData\Local\Mozilla\Firefox\Profiles\zmvpg1hi.default\Cache\C1A0D9E1d01
Record Number: 19476
Source Name: Avira AntiVir
Time Written: 20101109011639.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Savannah-PC
Event Code: 4113
Message: AntiVir has detected 'HTML/Rce.Gen' in the file C:\Users\Aaron\AppData\Local\Mozilla\Firefox\Profiles\zmvpg1hi.default\Cache\C1A0D9E1d01
Record Number: 19477
Source Name: Avira AntiVir
Time Written: 20101109012351.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: Savannah-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Error Code: 2
Record Number: 29803
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101110235033.589000-000
Event Type: Audit Failure
User:
Computer Name: Savannah-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Error Code: 2
Record Number: 29804
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101110235039.583000-000
Event Type: Audit Failure
User:
Computer Name: Savannah-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Error Code: 2
Record Number: 29805
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101110235039.583000-000
Event Type: Audit Failure
User:
Computer Name: Savannah-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Error Code: 2
Record Number: 29806
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101110235039.583000-000
Event Type: Audit Failure
User:
Computer Name: Savannah-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Error Code: 2
Record Number: 29807
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101110235042.589000-000
Event Type: Audit Failure
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=AMD64 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=HPD
"PCBRAND"=Pavilion
"MSWorksProductCode"={15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
-----------------EOF-----------------
Hi aaron2691
Please download Rootkit Unhooker (http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE) Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.
Note** you may get this warning it is ok, just ignore
Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?
Thanks peku006
aaron2691
2010-11-11, 14:19
just tried to download the rootkit unhooker, when I clicked the link I was given a page load error message. I checked a couple of other sites, just to make sure it wasn't a problem with my connection. Your link was the only thing I couldn't get to open. I will try again when I get back in a couple of hours.
aaron2691
2010-11-11, 14:20
the exact message was "firefox cannot establish a connection to the server"
Hi aaron2691
Let´s try this.......
Please download gmer.zip (http://www.gmer.net/gmer.zip) from Gmer and save it to your desktop.
***Please close any open programs ***
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
Thanks peku006
aaron2691
2010-11-12, 02:36
when I attempted to run Gmer it did not produce a scan result. The message I was given was: "GMER hasn't found any system modification." The program would not allow me to check the sections box. It is greyed out. I tried running the program in both admin and regular mode with the same result. I cannot find any way to modify the program to make it allow me to check the sections box. please help :(
Hi aaron2691
Run a Scan with OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, Under the Standard Registry box, click All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL (should be on your desktop).
Make sure Notepad's Format, Wordwrap is unchecked.
Please copy the contents of each of these files, one at a time, and post them in your next reply.
Use separate replies if you wish.
peku006
aaron2691
2010-11-12, 09:06
scan completed sucessfully
Extras.txt
OTL Extras logfile created on: 11/12/2010 2:03:00 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Aaron\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.59 Gb Total Space | 343.41 Gb Free Space | 75.88% Space Free | Partition Type: NTFS
Drive D: | 13.17 Gb Total Space | 1.79 Gb Free Space | 13.62% Space Free | Partition Type: NTFS
Drive G: | 62.45 Mb Total Space | 26.13 Mb Free Space | 41.83% Space Free | Partition Type: FAT
Computer Name: SAVANNAH-PC | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35E82024-840C-4304-977E-1DE634B8BF10}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6C374008-55B7-42BD-998D-5068B13BD44C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A40A29-9D41-411A-BA65-45000E5467BF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{1741A39B-DB7F-4FB0-BDCD-66C111441390}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{32C30E77-3157-49BA-8D59-B63CE22418C2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{4DBEE6A6-A700-4C42-8E2C-DD3A308D332F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{6734673D-8C70-4EB3-8C66-B13815D06E40}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{858E506E-EBCD-495A-A705-5872F5FD2842}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{92735447-570E-465F-B669-C71540DE2B42}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A2109758-27F9-42F4-8D8C-D1B096213E23}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A7E55D68-19F0-4906-90C5-B549CE0136CC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{B74EF4AF-A1D5-4C5A-901E-AA911F1059DD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{C94EBEF3-A3D6-4F9B-B5E1-24DDB85C4BB3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{D36D0F5A-498F-4B7B-86DC-01A422A6D56A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{D5047AA4-1535-4C00-9B02-A44C3A25C964}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{DBF2F5DF-8B12-46D9-A343-D17D5E4A8170}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EDC26535-3A58-422F-A8B5-E2333CD49FAB}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{F1A13C69-62AD-43A9-A4C8-C361E067CBDE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{F96D4D27-A1D9-460A-8A91-D83D4DF6D734}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{FD9EDAEE-8421-487D-9C0B-9F0109552A04}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"TCP Query User{39761A71-0AA4-4E65-9E6C-3D3109792DA1}C:\users\savannah\desktop\downloader_diablo2_lord_of_destruction_enus.exe" = protocol=6 | dir=in | app=c:\users\savannah\desktop\downloader_diablo2_lord_of_destruction_enus.exe |
"UDP Query User{60A12226-3A0B-44F8-B9E2-7D4387E81EFF}C:\users\savannah\desktop\downloader_diablo2_lord_of_destruction_enus.exe" = protocol=17 | dir=in | app=c:\users\savannah\desktop\downloader_diablo2_lord_of_destruction_enus.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ITSQLEXPRESS)
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4D9F5B31-CD13-4467-8CCE-92BD5DE4A18E}" = Aegon Illustration System
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{58D92B58-1BE9-4DE4-AE88-ACB205D75B63}" = PDFlib 4.0.1
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2016015-8323-4AF8-8B3E-F56239D7D59D}" = HP Demo
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE774E64-0B6A-4DFC-8E03-AF2B00269267}" = ShowCase
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BookSmart® 2.9.1 2.9.1" = BookSmart® 2.9.1 2.9.1
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo II" = Diablo II
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.6 (Full)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"PDFLIB" = PDFLIB
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TomTom HOME" = TomTom HOME 2.7.5.2014
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WRL-Alliance" = WRL-Alliance
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/28/2010 7:14:46 AM | Computer Name = Savannah-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10/28/2010 7:14:46 AM | Computer Name = Savannah-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10/28/2010 7:14:48 AM | Computer Name = Savannah-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10/28/2010 7:14:48 AM | Computer Name = Savannah-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10/28/2010 7:26:20 AM | Computer Name = Savannah-PC | Source = VSS | ID = 12289
Description =
Error - 10/28/2010 7:26:20 AM | Computer Name = Savannah-PC | Source = VSS | ID = 12289
Description =
Error - 10/29/2010 5:28:24 PM | Computer Name = Savannah-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/29/2010 5:30:12 PM | Computer Name = Savannah-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed Business\SearchTargets.xml
Error - 10/30/2010 8:42:36 AM | Computer Name = Savannah-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/30/2010 8:43:58 AM | Computer Name = Savannah-PC | Source = HP AdvisorUpdate | ID = 0
Description = Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
String role, Type ofObjectToReturn) at System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed Business\SearchTargets.xml
[ System Events ]
Error - 2/20/2010 12:31:01 PM | Computer Name = Savannah-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 2/20/2010 12:31:02 PM | Computer Name = Savannah-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 2/20/2010 1:47:28 PM | Computer Name = Savannah-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:45:32 AM on 2/20/2010 was unexpected.
Error - 2/20/2010 1:47:36 PM | Computer Name = Savannah-PC | Source = HTTP | ID = 15016
Description =
Error - 2/20/2010 1:48:04 PM | Computer Name = Savannah-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 2/20/2010 1:48:04 PM | Computer Name = Savannah-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 2/20/2010 9:58:04 PM | Computer Name = Savannah-PC | Source = HTTP | ID = 15016
Description =
Error - 2/20/2010 9:58:29 PM | Computer Name = Savannah-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 2/20/2010 9:58:29 PM | Computer Name = Savannah-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 2/21/2010 11:51:40 AM | Computer Name = Savannah-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:49:45 AM on 2/21/2010 was unexpected.
< End of report >
aaron2691
2010-11-12, 09:07
OTL.txt
OTL logfile created on: 11/12/2010 2:03:00 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Aaron\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.59 Gb Total Space | 343.41 Gb Free Space | 75.88% Space Free | Partition Type: NTFS
Drive D: | 13.17 Gb Total Space | 1.79 Gb Free Space | 13.62% Space Free | Partition Type: NTFS
Drive G: | 62.45 Mb Total Space | 26.13 Mb Free Space | 41.83% Space Free | Partition Type: FAT
Computer Name: SAVANNAH-PC | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found -- C:\Windows\SysWow64\crypserv.exe
PRC - [2010/11/12 02:01:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
PRC - [2010/11/07 16:07:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/07 16:07:36 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/07 16:07:36 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/06/24 08:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/17 18:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/10/17 18:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/26 04:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/08 17:12:40 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2008/08/25 05:57:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2007/04/18 09:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
========== Modules (SafeList) ==========
MOD - [2010/11/12 02:01:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
MOD - [2010/08/31 09:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - [2009/03/02 14:48:02 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV:64bit: - [2008/08/26 09:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/07 16:07:36 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/07 16:07:36 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/06/24 08:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/09/23 15:37:00 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/27 12:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - File not found [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/11/07 16:07:36 | 000,081,584 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/03/02 12:35:01 | 000,116,568 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2009/06/30 08:37:16 | 000,033,800 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/04/15 15:37:54 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\ckldrv.sys -- (NetworkX)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/09/09 19:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/03/21 06:47:14 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/26 04:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/10 03:01:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/31 04:48:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/31 04:48:28 | 000,000,000 | ---D | M]
[2010/10/28 05:13:20 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions
[2010/10/28 05:13:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/11/11 04:59:55 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\zmvpg1hi.default\extensions
[2010/10/28 17:19:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\zmvpg1hi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/27 15:54:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/31 04:48:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/03/31 04:48:27 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/03/31 04:48:27 | 000,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/07/07 15:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
[2009/07/07 15:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
[2010/03/31 04:48:27 | 000,065,496 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/23 15:37:00 | 000,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
[2010/02/02 23:25:42 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/02/02 23:25:42 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/02/02 23:25:42 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/02/02 23:25:42 | 000,002,343 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/02/02 23:25:42 | 000,001,706 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/02/02 23:25:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/02/02 23:25:42 | 000,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: ([2010/07/06 10:40:50 | 000,411,423 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14218 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} https://air.sheltonstate.edu/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=ea4emmnudb0znfudnec1rm55&ControlID=2742cf3021c64cc494cb04fa56bd65d9&Culture=127&UICulture=9&ReportStack=1&OpType=PrintCab (RSClientPrint 2005 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll ()
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/12 02:01:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2010/11/11 11:36:48 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\WinRAR
[2010/11/11 03:01:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/10 17:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010/11/10 17:52:43 | 000,000,000 | ---D | C] -- C:\rsit
[2010/11/08 17:11:51 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Template
[2010/10/31 16:20:56 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\New Folder
[2010/10/30 08:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BookSmart
[2010/10/30 06:46:23 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\blurb
[2010/10/29 15:15:15 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Avira
[2010/10/28 05:13:57 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Adobe
[2010/10/28 05:13:17 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Mozilla
[2010/10/28 05:13:17 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Mozilla
[2010/10/14 04:02:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/14 04:01:19 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/14 04:01:19 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/14 04:01:17 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/14 04:01:01 | 010,624,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/14 04:00:57 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/14 03:59:47 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/14 03:59:46 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/14 03:59:46 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/10/14 03:59:45 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/10/14 03:59:44 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/14 03:59:44 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/14 03:59:44 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/10/14 03:59:44 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/10/14 03:59:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/14 03:59:25 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/14 03:58:56 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/12 02:01:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2010/11/12 02:00:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/12 02:00:02 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ED4E7E7E-86A9-4F21-ADFB-D70451304326}.job
[2010/11/11 19:18:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/11 19:18:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/11 18:03:34 | 000,137,587 | ---- | M] () -- C:\Users\Aaron\Desktop\shanna wedding 001.jpg
[2010/11/11 18:02:35 | 000,003,584 | ---- | M] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/11 11:35:12 | 000,288,107 | ---- | M] () -- C:\Users\Aaron\Desktop\gmer.zip
[2010/11/11 03:25:31 | 000,756,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/11 03:25:31 | 000,642,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/11 03:25:31 | 000,118,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/10 17:51:49 | 000,339,991 | ---- | M] () -- C:\Users\Aaron\Desktop\RSIT.exe
[2010/11/08 17:25:37 | 000,134,421 | ---- | M] () -- C:\Users\Aaron\Documents\elijahs crap.xps
[2010/11/08 17:22:39 | 000,094,146 | ---- | M] () -- C:\Users\Aaron\Documents\eli.xps
[2010/11/08 17:11:37 | 000,000,000 | ---- | M] () -- C:\Users\Aaron\AppData\Roaming\wklnhst.dat
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\Aaron\Desktop\gmer.exe
[2010/11/07 16:07:36 | 000,081,584 | ---- | M] () -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/10/31 16:12:22 | 000,001,232 | RHS- | M] () -- C:\Users\Aaron\ntuser.pol
[2010/10/30 08:14:58 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\BookSmart.lnk
[2010/10/15 02:22:00 | 000,326,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/11 18:03:34 | 000,137,587 | ---- | C] () -- C:\Users\Aaron\Desktop\shanna wedding 001.jpg
[2010/11/11 18:02:33 | 000,003,584 | ---- | C] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/11 12:14:17 | 000,296,448 | ---- | C] () -- C:\Users\Aaron\Desktop\gmer.exe
[2010/11/11 11:35:10 | 000,288,107 | ---- | C] () -- C:\Users\Aaron\Desktop\gmer.zip
[2010/11/10 17:51:48 | 000,339,991 | ---- | C] () -- C:\Users\Aaron\Desktop\RSIT.exe
[2010/11/08 17:25:35 | 000,134,421 | ---- | C] () -- C:\Users\Aaron\Documents\elijahs crap.xps
[2010/11/08 17:22:38 | 000,094,146 | ---- | C] () -- C:\Users\Aaron\Documents\eli.xps
[2010/11/08 17:11:37 | 000,000,000 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\wklnhst.dat
[2010/10/30 08:14:58 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\BookSmart.lnk
[2010/10/14 04:02:02 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2010/10/14 04:01:22 | 001,923,584 | ---- | C] () -- C:\Windows\SysNative\ole32.dll
[2010/10/14 04:01:18 | 000,189,952 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/10/14 04:01:16 | 000,633,856 | ---- | C] () -- C:\Windows\SysNative\comctl32.dll
[2010/10/14 04:01:14 | 002,751,488 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/10/14 04:01:04 | 013,425,152 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/10/14 04:00:57 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/10/14 03:59:51 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/10/14 03:59:50 | 005,692,928 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/10/14 03:59:48 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/10/14 03:59:46 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/10/14 03:59:45 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/10/14 03:59:45 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/10/14 03:59:45 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/10/14 03:59:45 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/10/14 03:59:45 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/10/14 03:59:45 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/10/14 03:59:44 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/10/14 03:59:44 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/10/14 03:59:44 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/10/14 03:59:44 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/10/14 03:59:44 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/10/14 03:59:44 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/10/14 03:59:44 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/10/14 03:59:26 | 000,461,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/10/14 03:59:26 | 000,179,712 | ---- | C] () -- C:\Windows\SysNative\srvsvc.dll
[2010/10/14 03:59:26 | 000,175,104 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/10/14 03:59:26 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2010/10/14 03:59:26 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\sscore.dll
[2010/10/14 03:59:25 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2010/10/14 03:58:59 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/10/14 03:58:57 | 001,090,048 | ---- | C] () -- C:\Windows\SysNative\wmpmde.dll
[2010/04/21 13:47:13 | 000,164,864 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
[2010/04/21 13:46:55 | 000,000,104 | ---- | C] () -- C:\Windows\Aegonusa.ini
[2010/04/21 13:01:00 | 000,001,363 | ---- | C] () -- C:\Program Files (x86)\INSTALL.LOG
[2010/04/21 12:43:59 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/06 23:28:47 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/06 23:28:47 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/06 23:28:45 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/12/06 23:28:45 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/12/06 23:28:45 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/12/06 23:28:45 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/11/29 17:27:44 | 000,000,057 | ---- | C] () -- C:\Windows\Crypkey.ini
[2009/11/29 17:27:38 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2009/08/30 17:59:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/10 16:42:21 | 000,000,368 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/01/16 13:32:36 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/01/16 13:32:36 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 20:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010/10/11 15:29:17 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\PictureMover
[2010/11/08 17:11:51 | 000,000,000 | ---D | M] -- C:\Users\Aaron\AppData\Roaming\Template
[2010/09/16 15:42:27 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010/11/11 03:17:08 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/12 02:00:02 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ED4E7E7E-86A9-4F21-ADFB-D70451304326}.job
========== Purity Check ==========
< End of report >
Hi aaron2691
Malwarebytes' Anti-Malware
Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Please reply with
the Malwarebytes' Anti-Malware Log
Thanks peku006
aaron2691
2010-11-12, 23:21
it found four objects and removed them. I am about to restart the computer. here is the log.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5103
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
11/12/2010 4:20:13 PM
mbam-log-2010-11-12 (16-20-13).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 329937
Time elapsed: 1 hour(s), 1 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Savannah\AppData\Local\Temp\dwm.exe (Backdoor.Gbot) -> Quarantined and deleted successfully.
C:\Users\Savannah\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Gbot) -> Quarantined and deleted successfully.
C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\shell.exe (Backdoor.Gbot) -> Quarantined and deleted successfully.
C:\Users\Savannah\AppData\Roaming\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
Hi aaron2691
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
How's the computer running now? Any problems?
Thanks peku006
aaron2691
2010-11-14, 19:10
when I try to use Kaspersky, I receive the following message:
Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.
Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]
I assume that there is no point in trying to run a scan without a proper update.
aaron2691
2010-11-14, 19:14
btw, before doing the scan I disabled my other antivirus software, so that there wouldn't be any interference. It didn't help. Your thoughts would be appreciated.
aaron2691
2010-11-14, 20:54
With regard to how the computer is running: I rebooted the wife's computer, and logged into her username. I received the following errors, the first at reboot, the second when I opened firefox:
"could not load or run C:\users\savannah\appdata\Local\Temp\dwm.exe Make sure the file exists on your computer or remove the reference to it in the registry"
"Firefox is configured to use a proxy server that is refusing connections."
Internet explorer will not work either, but it gives the standard could nto connect message. I never set firefox to connect through a proxy, so I must assume this is the work of malware. This is also the first time this has happened.
Hi aaron2691
Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
Please post fresh dds.txt log too
Thanks peku006
aaron2691
2010-11-15, 20:36
I followed your instructions. this is the text log that I found at that location. It is the only .txt file that was in the ESET program file. Don't know if it is what you wanted or not...
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
aaron2691
2010-11-15, 20:40
DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Savannah at 13:38:49.32 on Mon 11/15/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3838.1602 [GMT -6:00]
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\crypserv.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Savannah\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uWinlogon: Shell=explorer.exe,C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\shell.exe
uWindows: Load=C:\Users\Savannah\AppData\Local\Temp\dwm.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [svchost] C:\Users\Savannah\AppData\Roaming\Microsoft\svchost.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Savannah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AEGFOR~1.LNK - C:\Program Files (x86)\ForeSight Mobility\AEG\Mobility\Console\Current\bin\MobilityColdStart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: C:\Windows\system32\wpclsp.dll
Trusted Zone: illustrationsystem.com\www
DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxps://air.sheltonstate.edu/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=ea4emmnudb0znfudnec1rm55&ControlID=2742cf3021c64cc494cb04fa56bd65d9&Culture=127&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [WPCUMI] C:\Windows\system32\WpcUmi.exe
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\wgsztus0.default\
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Users\Savannah\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2010-7-6 33800]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-7-6 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-7-6 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-7-6 81584]
R2 MSSQL$ITSQLEXPRESS;SQL Server (ITSQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-5-27 29262680]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-10-31 1153368]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-6-24 92008]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-8 93184]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
=============== Created Last 30 ================
2010-11-15 16:31:59 -------- d-----w- C:\Program Files (x86)\ESET
2010-11-12 21:12:36 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{925CC802-460E-439E-9F88-E13BC3FA1572}\mpengine.dll
2010-11-10 23:52:43 -------- d-----w- C:\Program Files (x86)\trend micro
2010-10-30 14:16:29 -------- d-----w- C:\Users\Savannah\.blurb
2010-10-30 14:14:04 -------- d-----w- C:\Program Files (x86)\BookSmart
==================== Find3M ====================
2010-11-07 22:07:36 81584 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-10-19 16:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-20 12:14:32 316416 ----a-w- C:\Windows\System32\msshsq.dll
2010-09-20 09:25:01 231936 ----a-w- C:\Windows\SysWow64\msshsq.dll
2010-09-10 16:37:06 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-10 15:52:05 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-08 17:26:59 833024 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 17:23:42 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
2010-09-08 16:46:38 1032704 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 16:43:11 86528 ----a-w- C:\Windows\System32\ieencode.dll
2010-09-08 15:53:07 389632 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 15:28:29 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-08 15:26:20 485376 ----a-w- C:\Windows\System32\html.iec
2010-09-08 15:00:33 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-06 16:24:40 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-09-06 16:23:14 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-09-06 15:59:19 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-09-06 15:59:19 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-09-06 15:57:48 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-09-06 13:44:39 461824 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-09-06 13:44:17 144896 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-09-06 13:44:14 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-31 15:41:42 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 15:41:42 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-31 15:40:26 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-31 15:21:34 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-31 13:18:42 2751488 ----a-w- C:\Windows\System32\win32k.sys
2010-08-26 16:27:46 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 16:07:25 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-20 15:56:01 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-20 15:21:02 866816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2001-09-28 23:00:28 164864 ----a-w- C:\Program Files (x86)\UNWISE.EXE
============= FINISH: 13:39:32.29 ===============
aaron2691
2010-11-15, 20:41
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/23/2009 4:32:22 PM
System Uptime: 11/15/2010 12:48:48 AM (13 hours ago)
Motherboard: PEGATRON CORPORATION | | NutMeg
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5400+ | CPU 1 | 2400/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 453 GiB total, 345.932 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.793 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
==== System Restore Points ===================
RP227: 10/22/2010 5:17:00 AM - Scheduled Checkpoint
RP228: 10/22/2010 5:19:01 AM - Windows Update
RP229: 10/23/2010 4:42:30 PM - Scheduled Checkpoint
RP230: 10/28/2010 6:25:56 AM - Windows Update
RP231: 10/28/2010 6:47:26 PM - Scheduled Checkpoint
RP232: 10/29/2010 5:00:53 PM - Windows Update
RP233: 10/30/2010 5:57:01 PM - Scheduled Checkpoint
RP234: 10/31/2010 6:41:44 PM - Scheduled Checkpoint
RP235: 11/1/2010 7:19:37 AM - Scheduled Checkpoint
RP236: 11/2/2010 3:01:12 PM - Windows Update
RP237: 11/3/2010 5:34:33 AM - Scheduled Checkpoint
RP238: 11/3/2010 8:14:35 PM - Scheduled Checkpoint
RP239: 11/4/2010 8:19:48 AM - Scheduled Checkpoint
RP240: 11/4/2010 10:50:51 AM - Windows Update
RP241: 11/5/2010 4:17:19 PM - Windows Update
RP242: 11/6/2010 8:32:14 AM - Scheduled Checkpoint
RP243: 11/7/2010 5:00:41 PM - Scheduled Checkpoint
RP244: 11/10/2010 6:01:58 PM - Windows Update
RP245: 11/11/2010 3:00:22 AM - Windows Update
RP246: 11/11/2010 6:40:42 PM - Scheduled Checkpoint
RP247: 11/12/2010 9:24:56 AM - Scheduled Checkpoint
RP248: 11/12/2010 3:12:22 PM - Windows Update
RP249: 11/13/2010 1:52:11 PM - Scheduled Checkpoint
RP250: 11/14/2010 5:03:54 PM - Scheduled Checkpoint
==== Installed Programs ======================
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Aegon Illustration System
AIO_Scan
Avira AntiVir Personal - Free Antivirus
BookSmart® 2.9.1 2.9.1
CCleaner
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
Diablo II
DJ_AIO_Software_min
Download Updater (AOL LLC)
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
Facebook Plug-In
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
Java(TM) 6 Update 7
Juno Preloader
K-Lite Codec Pack 4.1.6 (Full)
LabelPrint
LightScribe System Software 1.14.25.1
LightScribe Template Labeler
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ITSQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Setup Support Files (English)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.0.19)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetZero Preloader
Panda ActiveScan 2.0
PDFLIB
PDFlib 4.0.1
PictureMover
Power2Go
PowerDirector
Python 2.5.2
Realtek High Definition Audio Driver
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
ShowCase
SPORE Creature Creator Trial Edition
Spybot - Search & Destroy
TomTom HOME 2.7.5.2014
TomTom HOME Visual Studio Merge Modules
Toolbox
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
VC 9.0 Runtime
Visual C++ 8.0 Runtime Setup Package (x64)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WRL-Alliance
==== Event Viewer Messages From Past Week ========
11/14/2010 4:35:50 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.7.100 for the Network Card with network address 00248C2F91AE has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/11/2010 3:18:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX
11/11/2010 3:18:26 AM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
11/11/2010 3:01:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/11/2010 3:01:16 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2010 3:01:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/10/2010 5:50:45 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{ADFD8513-771E-4C05-9844-C5E31D9F8EF0} because another computer on the network has the same name. The server could not start.
==== End Of File ===========================
Hi aaron2691
We need to run an OTL Fix
Please reopen http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png on your desktop.
Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/customFix.png textbox.
:otl
uWindows: Load=C:\Users\Savannah\AppData\Local\Temp\dwm.exe
:commands
[emtytemp]
Push http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runFixbutton.png
OTL may ask to reboot the machine. Please do so if asked.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/btnOK.png.
A report will open. Copy and Paste that report in your next reply.
Thanks peku006
aaron2691
2010-11-16, 17:14
interestingly, OTL has disappeared from my wife's machine. I asked her and she did not delete it. I checked under every user, and it is gone. I reinstalled it from your previous link and ran the fix you gave me. here is the report. Thanks again for your time and effort.
========== OTL ==========
========== COMMANDS ==========
Error: Unable to interpret <[emtytemp]> in the current context!
OTL by OldTimer - Version 3.2.17.3 log created on 11162010_101158
Hi aaron2691
Is this still "C:\users\savannah\appdata\Local\Temp\dwm.exe"
Download OTS (http://oldtimer.geekstogo.com/OTS.exe) by Oldtimer to your Desktop and double-click on it to extract the files.
NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Click the Scan All Users checkbox on the toolbar.
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Close Notepad (saving the change if necessry).
Thanks peku006
aaron2691
2010-11-16, 17:43
Hi aaron2691
Is this still "C:\users\savannah\appdata\Local\Temp\dwm.exe"
not sure exactly what you meant by that. I went to C:\users\savannah I didn't see any app data present in that area. does that answer your question? I will be posting a scan as soon as OTL finishes on her comp (I am on mine right now).
aaron2691
2010-11-16, 17:45
here is the report
OTL logfile created on: 11/16/2010 10:39:31 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Savannah\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 42.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.59 Gb Total Space | 345.56 Gb Free Space | 76.35% Space Free | Partition Type: NTFS
Drive D: | 13.17 Gb Total Space | 1.79 Gb Free Space | 13.62% Space Free | Partition Type: NTFS
Drive G: | 62.45 Mb Total Space | 26.13 Mb Free Space | 41.83% Space Free | Partition Type: FAT
Computer Name: SAVANNAH-PC | User Name: Savannah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found -- C:\Windows\SysWow64\crypserv.exe
PRC - [2010/11/16 10:10:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Savannah\Desktop\OTL.exe
PRC - [2010/11/07 16:07:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/07 16:07:36 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/07 16:07:36 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/06/24 08:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/17 18:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/10/17 18:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/26 04:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/08 17:12:40 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2008/08/25 05:57:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2007/04/18 09:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
========== Modules (SafeList) ==========
MOD - [2010/11/16 10:10:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Savannah\Desktop\OTL.exe
MOD - [2010/08/31 09:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - [2009/03/02 14:48:02 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV:64bit: - [2008/08/26 09:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/07 16:07:36 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/07 16:07:36 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/06/24 08:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/09/23 15:37:00 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/27 12:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - File not found [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/11/07 16:07:36 | 000,081,584 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/03/02 12:35:01 | 000,116,568 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2009/06/30 08:37:16 | 000,033,800 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/04/15 15:37:54 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\ckldrv.sys -- (NetworkX)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/09/09 19:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/03/21 06:47:14 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/26 04:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
IE - HKU\S-1-5-21-2698770454-334339165-2337177048-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-2698770454-334339165-2337177048-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-2698770454-334339165-2337177048-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/31 04:48:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/31 04:48:28 | 000,000,000 | ---D | M]
[2010/08/16 11:04:26 | 000,000,000 | ---D | M] -- C:\Users\Savannah\AppData\Roaming\Mozilla\Extensions
[2010/08/16 11:04:26 | 000,000,000 | ---D | M] -- C:\Users\Savannah\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/11/14 21:46:24 | 000,000,000 | ---D | M] -- C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\wgsztus0.default\extensions
[2009/11/10 06:45:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\wgsztus0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/27 11:04:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\wgsztus0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/27 15:54:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/07/06 10:40:50 | 000,411,423 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14218 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000..\Run: [svchost] C:\Users\Savannah\AppData\Roaming\Microsoft\svchost.exe File not found
O4 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
F3:64bit: - HKU\S-1-5-21-2698770454-334339165-2337177048-1000 WinNT: Load - (C:\Users\Savannah\AppData\Local\Temp\dwm.exe) - C:\Users\Savannah\AppData\Local\Temp\dwm.exe File not found
F3 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000 WinNT: Load - (C:\Users\Savannah\AppData\Local\Temp\dwm.exe) - C:\Users\Savannah\AppData\Local\Temp\dwm.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2698770454-334339165-2337177048-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2698770454-334339165-2337177048-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2698770454-334339165-2337177048-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\..Trusted Domains: illustrationsystem.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2698770454-334339165-2337177048-1005\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} https://air.sheltonstate.edu/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=ea4emmnudb0znfudnec1rm55&ControlID=2742cf3021c64cc494cb04fa56bd65d9&Culture=127&UICulture=9&ReportStack=1&OpType=PrintCab (RSClientPrint 2005 Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000 Winlogon: Shell - (C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\shell.exe File not found
O24 - Desktop WallPaper: C:\Users\Savannah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Savannah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{30fa211c-bf6e-11de-af0e-00248c2f91ae}\Shell - "" = AutoRun
O33 - MountPoints2\{30fa211c-bf6e-11de-af0e-00248c2f91ae}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4c2e6cad-7af0-11de-97e2-00248c2f91ae}\Shell - "" = AutoRun
O33 - MountPoints2\{4c2e6cad-7af0-11de-97e2-00248c2f91ae}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b7a8dc29-ea58-11de-8d88-00248c2f91ae}\Shell - "" = AutoRun
O33 - MountPoints2\{b7a8dc29-ea58-11de-8d88-00248c2f91ae}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/16 10:11:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/16 10:10:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Savannah\Desktop\OTL.exe
[2010/11/15 10:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/11/14 12:11:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/11/11 03:01:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/10 17:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010/11/10 17:52:43 | 000,000,000 | ---D | C] -- C:\rsit
[2010/10/30 08:16:37 | 000,000,000 | ---D | C] -- C:\Users\Savannah\Documents\BookSmartData
[2010/10/30 08:16:29 | 000,000,000 | ---D | C] -- C:\Users\Savannah\.blurb
[2010/10/30 08:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BookSmart
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/16 10:40:28 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ED4E7E7E-86A9-4F21-ADFB-D70451304326}.job
[2010/11/16 10:37:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/16 10:10:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Savannah\Desktop\OTL.exe
[2010/11/15 14:44:34 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/15 14:44:34 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/15 13:38:35 | 000,630,272 | ---- | M] () -- C:\Users\Savannah\Desktop\dds.scr
[2010/11/12 16:30:12 | 000,756,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/12 16:30:12 | 000,642,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/12 16:30:12 | 000,118,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/07 16:07:36 | 000,081,584 | ---- | M] () -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/10/30 08:14:58 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\BookSmart.lnk
[2010/10/28 05:07:31 | 000,000,732 | ---- | M] () -- C:\Users\Savannah\AppData\Local\d3d9caps64.dat
[2010/10/24 07:07:25 | 000,000,680 | ---- | M] () -- C:\Users\Savannah\AppData\Local\d3d9caps.dat
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/15 13:38:31 | 000,630,272 | ---- | C] () -- C:\Users\Savannah\Desktop\dds.scr
[2010/10/30 08:14:58 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\BookSmart.lnk
[2010/10/28 05:07:31 | 000,000,732 | ---- | C] () -- C:\Users\Savannah\AppData\Local\d3d9caps64.dat
[2010/10/24 07:07:25 | 000,000,680 | ---- | C] () -- C:\Users\Savannah\AppData\Local\d3d9caps.dat
[2010/07/06 16:08:01 | 000,420,114 | ---- | C] () -- C:\Users\Savannah\AppData\Local\dd_vcredistMSI5043.txt
[2010/07/06 16:08:01 | 000,011,626 | ---- | C] () -- C:\Users\Savannah\AppData\Local\dd_vcredistUI5043.txt
[2010/04/21 13:47:13 | 000,164,864 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
[2010/04/21 13:46:55 | 000,000,104 | ---- | C] () -- C:\Windows\Aegonusa.ini
[2010/04/21 13:01:00 | 000,001,363 | ---- | C] () -- C:\Program Files (x86)\INSTALL.LOG
[2010/04/21 12:43:59 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/06 23:28:47 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/06 23:28:47 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/06 23:28:45 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/12/06 23:28:45 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/12/06 23:28:45 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/12/06 23:28:45 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/11/29 17:27:44 | 000,000,057 | ---- | C] () -- C:\Windows\Crypkey.ini
[2009/11/29 17:27:38 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2009/11/25 17:06:55 | 000,000,000 | ---- | C] () -- C:\Users\Savannah\AppData\Local\prvlcl.dat
[2009/08/30 17:59:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/10 16:42:21 | 000,000,368 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/04/10 16:33:39 | 000,015,732 | ---- | C] () -- C:\Users\Savannah\AppData\Roaming\wklnhst.dat
[2009/04/06 16:58:59 | 000,009,728 | ---- | C] () -- C:\Users\Savannah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/16 13:32:36 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/01/16 13:32:36 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 20:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
Hi aaron2691
I went to C:\users\savannah I didn't see any app data present in that area
I meant this
I received the following errors, the first at reboot, the second when I opened firefox:
"could not load or run C:\users\savannah\appdata\Local\Temp\dwm.exe Make sure the file exists on your computer or remove the reference to it in the registry"
Let's run OTL.
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
F3:64bit: - HKU\S-1-5-21-2698770454-334339165-2337177048-1000 WinNT: Load - (C:\Users\Savannah\AppData\Local\Temp\dwm.exe) - C:\Users\Savannah\AppData\Local\Temp\dwm.exe File not found
F3 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000 WinNT: Load - (C:\Users\Savannah\AppData\Local\Temp\dwm.exe) - C:\Users\Savannah\AppData\Local\Temp\dwm.exe File not found
Then click the Run Fix button at the top
Let the program run unhindered
A report will open. Copy and Paste that report in your next reply.
Thanks peku006
aaron2691
2010-11-16, 19:00
I followed your instructions. here is the report. Thanks.
========== OTL ==========
64bit-Registry value HKEY_USERS\S-1-5-21-2698770454-334339165-2337177048-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Savannah\AppData\Local\Temp\dwm.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2698770454-334339165-2337177048-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Savannah\AppData\Local\Temp\dwm.exe deleted successfully.
OTL by OldTimer - Version 3.2.17.3 log created on 11162010_115839
Hi aaron2691
Malwarebytes' Anti-Malware
Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Please reply with
the Malwarebytes' Anti-Malware Log
Thanks peku006
aaron2691
2010-11-16, 20:45
here is the log you requested. MB did request for me to reboot the computer. I have already done so. Thanks.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5128
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
11/16/2010 1:27:35 PM
mbam-log-2010-11-16 (13-27-35).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 337491
Time elapsed: 52 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Hi aaron2691
logs look good
How's the computer running now? Any problems?
[COLOR=darkred]Thanks peku006[/COLO
aaron2691
2010-11-19, 00:42
The size of the font & images on firefox pages is disproportional & this morning avira reported that the new files could not be downloaded properly, but I will try updating it again this evening. I have not noticed anything else unusual at this point but will let you know if I come across anything. Thank you again for all of your much needed help! We REALLY appreciate it!
aaron2691
2010-11-20, 21:43
sorry about the delays between the last few posts peku. I had to go out of town, and the wife said that she would handle finishing up with you. but then she had issues logging into my account. and I didn't have internet access. Thanks again for your time.