PDA

View Full Version : Spybot can't remove Fraud.windowsDetectionSuite and Microsoft.Windows.RedirectedHost



bavanor
2011-01-18, 00:07
I am having problems removing Fraud.windowsdetectionsuite and Microsoft.Windows.RedirectedHosts


Here is my dds log


DDS (Ver_10-12-12.02) - NTFSx86
Run by Jennifer Britton at 14:52:52.89 on Mon 01/17/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1057 [GMT -7:00]

AV: Personal Internet Security 2011 *Enabled/Updated* {8B84C079-51D1-4C2E-A1F1-26C22996183A}
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Personal Internet Security 2011 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PaperCut Print Logger\pcpl.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jennifer Britton\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:25438
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Digsby Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Digsby Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
uRun: [Google Update] "c:\documents and settings\jennifer britton\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\jennif~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\jennif~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
IFEO: image file execution options - svchost.exe
IFEO: OLT.exe - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jennif~1\applic~1\mozilla\firefox\profiles\agejxogd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4aeb5c8d&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\jennifer britton\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-5 55152]
R2 PCPrintLogger;PaperCut Print Logger;c:\program files\papercut print logger\pcpl.exe [2010-12-31 401408]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-4-27 38912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-5 1684736]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-5-5 232872]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-3-16 39040]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009-4-27 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-17 20:57:00 388096 ----a-r- c:\docume~1\jennif~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-17 20:42:36 -------- d-----w- c:\program files\trend micro
2011-01-17 16:48:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-17 16:48:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-01-16 21:00:30 -------- d-----w- c:\docume~1\jennif~1\applic~1\Malwarebytes
2011-01-16 21:00:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-16 21:00:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-16 21:00:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-16 21:00:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-16 20:39:10 -------- d-----w- c:\docume~1\jennif~1\applic~1\Windows Search
2011-01-16 20:25:23 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{e65c7a06-1686-4c11-80fa-e99497ca8a5a}\mpengine.dll
2011-01-16 20:24:21 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\PIBWWEDMXS
2011-01-16 20:21:48 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\a2ea70
2010-12-31 07:15:56 -------- d-----w- c:\program files\PaperCut Print Logger

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 14:53:49.78 ===============






Here are the scan results from Spybot-S&D:

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
4-open-davinci.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
securitysoftwarepayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.privatesecuredpayments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
getantivirusplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getantivirusplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.secure-plus-payments.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.getavplusnow.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
safebrowsing-cache.google.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
urs.microsoft.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100

Fraud.WindowsProtectionSuite: [SBI $B197733A] Redirected host (Redirected host, nothing done)
protected.maxisoftwaremart.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $B89FBA81] Redirected host (Redirected host, nothing done)
www.securesoftwarebill.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $19781685] Redirected host (Redirected host, nothing done)
secure.paysecuresystem.com=74.125.45.100

Microsoft.Windows.RedirectedHosts: [SBI $CEFF52BA] Redirected host (Redirected host, nothing done)
paysoftbillsolution.com=74.125.45.100

DoubleClick: Tracking cookie (Internet Explorer: Jennifer Britton) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-01-17 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2010-11-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2010-11-30 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2011-01-12 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-12-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-12-28 Includes\Spyware.sbi (*)
2010-12-28 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-01-06 Includes\TrojansC-02.sbi (*)
2011-01-11 Includes\TrojansC-03.sbi (*)
2011-01-11 Includes\TrojansC-04.sbi (*)
2011-01-05 Includes\TrojansC-05.sbi (*)
2010-12-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

ken545
2011-01-21, 13:46
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.



OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

bavanor
2011-01-22, 17:57
Hi Ken545,

Thank you for your reply and in helping me out. Below is the copy of the otl.txt file. My next post will have the extras.txt file.


OTL logfile created on: 1/22/2011 8:50:26 AM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Jennifer Britton\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.06 Gb Total Space | 30.38 Gb Free Space | 42.16% Space Free | Partition Type: NTFS
Drive D: | 72.05 Gb Total Space | 71.97 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
Drive H: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 465.11 Gb Total Space | 242.50 Gb Free Space | 52.14% Space Free | Partition Type: NTFS

Computer Name: WRITING_JENNY | User Name: Jennifer Britton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\PaperCut Print Logger\pcpl.exe (PaperCut Software International Pty Ltd)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (PCPrintLogger) -- C:\Program Files\PaperCut Print Logger\pcpl.exe (PaperCut Software International Pty Ltd)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKsla8015e8a) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A276E0C8-57D5-47D2-AC58-A49836218854}\MpKsla8015e8a.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25438

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4aeb5c8d&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/16 13:35:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/24 15:06:15 | 000,000,000 | ---D | M]

[2009/10/30 14:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jennifer Britton\Application Data\Mozilla\Extensions
[2011/01/19 16:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jennifer Britton\Application Data\Mozilla\Firefox\Profiles\agejxogd.default\extensions
[2010/05/15 21:40:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jennifer Britton\Application Data\Mozilla\Firefox\Profiles\agejxogd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/30 14:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/01/16 13:48:58 | 000,001,924 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 65.98.95.68 www.google.com
O1 - Hosts: 65.98.95.68 google.com
O1 - Hosts: 65.98.95.68 google.com.au
O1 - Hosts: 65.98.95.68 www.google.com.au
O1 - Hosts: 65.98.95.68 google.be
O1 - Hosts: 65.98.95.68 www.google.be
O1 - Hosts: 65.98.95.68 google.com.br
O1 - Hosts: 65.98.95.68 www.google.com.br
O1 - Hosts: 65.98.95.68 google.ca
O1 - Hosts: 65.98.95.68 www.google.ca
O1 - Hosts: 37 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Digsby Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Digsby Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Digsby Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/27 22:03:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{41f83a02-de02-11de-85b8-0026188a7628}\Shell - "" = AutoRun
O33 - MountPoints2\{41f83a02-de02-11de-85b8-0026188a7628}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41f83a02-de02-11de-85b8-0026188a7628}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{515b1914-ed12-11de-85bc-0026188a7628}\Shell - "" = AutoRun
O33 - MountPoints2\{515b1914-ed12-11de-85bc-0026188a7628}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{515b1914-ed12-11de-85bc-0026188a7628}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{515b1915-ed12-11de-85bc-0026188a7628}\Shell\AutoRun\command - "" = F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O33 - MountPoints2\{55dd08fe-aae4-11df-8603-0026188a7628}\Shell - "" = AutoRun
O33 - MountPoints2\{55dd08fe-aae4-11df-8603-0026188a7628}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{55dd08fe-aae4-11df-8603-0026188a7628}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/22 08:19:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe
[2011/01/18 18:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\PCHealth
[2011/01/18 18:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Desktop\Notepad
[2011/01/17 14:48:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/17 14:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/01/17 14:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/01/17 13:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\HiJackThis
[2011/01/17 13:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/01/17 13:42:36 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/17 09:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/17 09:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/17 09:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/01/16 14:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Application Data\Malwarebytes
[2011/01/16 14:00:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/16 14:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/16 14:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/16 14:00:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/16 14:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/16 13:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Application Data\Windows Search
[2011/01/16 13:24:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\PIBWWEDMXS
[2011/01/16 13:21:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\a2ea70
[2011/01/06 13:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Desktop\additional
[2011/01/04 18:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\My Documents\site development images
[2010/12/31 00:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\PaperCut Print Logger
[2010/12/31 00:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\PaperCut Print Logger
[48 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/22 08:44:01 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-625892908-1552506439-4051791423-1006UA.job
[2011/01/22 08:20:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe
[2011/01/22 08:18:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/20 22:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/01/18 18:39:08 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/18 18:33:41 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/01/18 18:32:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/18 15:52:24 | 012,059,136 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP336 Spring2010 PP PavingI.ppt
[2011/01/18 14:44:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-625892908-1552506439-4051791423-1006Core.job
[2011/01/17 15:01:06 | 000,005,460 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Attach.zip
[2011/01/17 14:48:22 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/17 14:46:58 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\NTREGOPT.lnk
[2011/01/17 14:46:58 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\ERUNT.lnk
[2011/01/17 13:57:00 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\HiJackThis.lnk
[2011/01/17 12:42:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/17 09:49:14 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/17 09:49:14 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Spybot - Search & Destroy.lnk
[2011/01/16 18:26:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/16 14:00:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/16 13:48:58 | 000,001,924 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110858.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205439.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205438.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205437.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205436.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205435.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205433.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205432.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205431.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205430.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205429.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205423.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-131415.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-131414.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-131413.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-131412.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-131411.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-131410.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-131409.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-130825.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-130755.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-130754.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-130753.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-130752.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-130750.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110920.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110917.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110916.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110915.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110914.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110913.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110911.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110910.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110909.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110908.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110907.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110905.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/14 18:13:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/12 19:53:07 | 000,001,750 | -H-- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Default.rdp
[2011/01/08 10:43:56 | 000,033,149 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Will you save.pptx
[2011/01/05 08:36:47 | 005,923,404 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\paper.pdf
[2011/01/04 19:39:36 | 001,871,808 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Unfiled Notes.one
[2011/01/04 19:37:12 | 000,017,649 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\CAD_Sizing_Chart.pdf
[2011/01/04 18:01:04 | 000,137,892 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\image 1.jpg
[2011/01/04 14:29:35 | 047,661,568 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP335 Spring2010 PP Ch1INTRO.ppt
[2011/01/03 21:56:57 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 10:33:23 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.docx
[2010/12/31 10:33:23 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Media Cart.docx
[2010/12/31 10:30:54 | 000,910,400 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.one
[48 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/22 08:35:39 | 005,187,061 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of accessory housing.pdf
[2011/01/22 08:35:39 | 002,780,987 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron_email-Portfolio_2008.pdf
[2011/01/22 08:35:39 | 000,688,368 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of ashland.one
[2011/01/22 08:35:39 | 000,210,395 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron_Britton_Resume_2009.pdf
[2011/01/22 08:35:39 | 000,111,199 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron_Britton_References_2009.pdf
[2011/01/22 08:35:39 | 000,098,045 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of waterfront-house-plans-for-sale-bainbridge-island-2.jpg
[2011/01/22 08:35:39 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of MSU benefits.doc
[2011/01/22 08:35:39 | 000,041,837 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of house-bierings-1.jpg
[2011/01/22 08:35:39 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Media Cart.docx
[2011/01/22 08:35:39 | 000,016,703 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron Britton Resume 2009.docx
[2011/01/22 08:18:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/18 18:26:04 | 012,059,136 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP336 Spring2010 PP PavingI.ppt
[2011/01/17 14:59:52 | 000,005,460 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Attach.zip
[2011/01/17 14:48:22 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/17 14:46:58 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\NTREGOPT.lnk
[2011/01/17 14:46:58 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\ERUNT.lnk
[2011/01/17 13:57:00 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\HiJackThis.lnk
[2011/01/17 09:49:14 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/17 09:49:14 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Spybot - Search & Destroy.lnk
[2011/01/16 14:00:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/08 10:43:55 | 000,033,149 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Will you save.pptx
[2011/01/05 08:36:47 | 005,923,404 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\paper.pdf
[2011/01/04 19:39:35 | 001,871,808 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Unfiled Notes.one
[2011/01/04 19:37:12 | 000,017,649 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\CAD_Sizing_Chart.pdf
[2011/01/04 18:00:59 | 000,137,892 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\image 1.jpg
[2011/01/04 17:52:06 | 047,661,568 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP335 Spring2010 PP Ch1INTRO.ppt
[2011/01/03 21:56:57 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 10:32:06 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.docx
[2010/12/31 10:30:54 | 000,910,400 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.one
[2009/11/07 16:02:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\prvlcl.dat
[2009/05/05 11:13:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/05 10:16:46 | 000,232,872 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/05/05 09:03:49 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/05/05 09:03:49 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/05/05 08:52:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/04/27 21:51:49 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/27 14:58:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2009/10/30 15:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2011/01/16 13:24:50 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\a2ea70
[2010/12/02 18:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/27 19:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/27 19:08:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/27 18:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/16 13:24:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\PIBWWEDMXS
[2009/11/30 15:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/05/05 09:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wireless LAN Card
[2010/11/24 15:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/02 09:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/27 19:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\AVG10
[2010/01/14 22:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Crayon Physics Deluxe
[2010/02/20 11:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\The Longest Journey
[2009/11/30 15:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Western Digital
[2010/12/02 19:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Windows Desktop Search
[2011/01/16 13:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Windows Search
[2011/01/18 18:39:08 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/01/20 22:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >

bavanor
2011-01-22, 17:58
Below the the extras.txt file from the OTL scan:


OTL Extras logfile created on: 1/22/2011 8:50:26 AM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Jennifer Britton\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.06 Gb Total Space | 30.38 Gb Free Space | 42.16% Space Free | Partition Type: NTFS
Drive D: | 72.05 Gb Total Space | 71.97 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
Drive H: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 465.11 Gb Total Space | 242.50 Gb Free Space | 52.14% Space Free | Partition Type: NTFS

Computer Name: WRITING_JENNY | User Name: Jennifer Britton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe" = C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo -- ()
"C:\Program Files\Steam\steamapps\common\swkotor\swkotor.exe" = C:\Program Files\Steam\steamapps\common\swkotor\swkotor.exe:*:Enabled:Star Wars: Knights of The Old Republic -- (BioWare Corp.)
"C:\Program Files\Steam\steamapps\common\the longest journey\game.exe" = C:\Program Files\Steam\steamapps\common\the longest journey\game.exe:*:Enabled:The Longest Journey -- (Funcom)
"C:\AV-CLS\WGET.EXE" = C:\AV-CLS\WGET.EXE:*:Enabled:WGET.EXE -- ()
"C:\Program Files\Steam\steamapps\common\crayon physics deluxe\launcher.exe" = C:\Program Files\Steam\steamapps\common\crayon physics deluxe\launcher.exe:*:Enabled:Crayon Physics Deluxe -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Disabled:AVG Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9BDA46B-2E17-4F43-9D7A-9B1E09A0A4D8}" = Data Sync
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD0DC280-2489-4464-A2FC-16104676394A}" = WD SmartWare
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EDD235BB-9FB4-4604-85ED-1B14A256F4E0}" = Adobe Photoshop Lightroom 3.2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Digsby" = Digsby
"Eee Docking_is1" = Eee Docking 1.3.1.0
"EeePC_1005HA" = EeePC_1005HA Screen Saver
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PaperCut Print Logger_is1" = PaperCut Print Logger 1.6
"Steam App 22000" = World of Goo
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 32370" = Star Wars: Knights of The Old Republic
"Steam App 6310" = The Longest Journey
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2010 9:35:02 PM | Computer Name = WRITING_JENNY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4218

Error - 11/14/2010 10:54:31 AM | Computer Name = WRITING_JENNY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/14/2010 10:54:32 AM | Computer Name = WRITING_JENNY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 35196859

Error - 11/14/2010 10:54:32 AM | Computer Name = WRITING_JENNY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 35196859

Error - 11/20/2010 11:54:07 PM | Computer Name = WRITING_JENNY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/20/2010 11:54:07 PM | Computer Name = WRITING_JENNY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2344

Error - 11/20/2010 11:54:07 PM | Computer Name = WRITING_JENNY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2344

Error - 11/22/2010 10:22:47 PM | Computer Name = WRITING_JENNY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/22/2010 10:22:47 PM | Computer Name = WRITING_JENNY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2453

Error - 11/22/2010 10:22:47 PM | Computer Name = WRITING_JENNY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2453

[ System Events ]
Error - 1/14/2011 9:14:30 PM | Computer Name = WRITING_JENNY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 1/14/2011 9:14:30 PM | Computer Name = WRITING_JENNY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Search service
to connect.

Error - 1/14/2011 9:14:30 PM | Computer Name = WRITING_JENNY | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 1/14/2011 9:15:45 PM | Computer Name = WRITING_JENNY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 1/14/2011 9:15:46 PM | Computer Name = WRITING_JENNY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Search service
to connect.

Error - 1/14/2011 9:15:46 PM | Computer Name = WRITING_JENNY | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 1/16/2011 4:48:42 PM | Computer Name = WRITING_JENNY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Microsoft Antimalware
Service service to connect.

Error - 1/16/2011 4:48:42 PM | Computer Name = WRITING_JENNY | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%1053

Error - 1/16/2011 8:35:29 PM | Computer Name = WRITING_JENNY | Source = NetBT | ID = 4308
Description = Initialization failed because the transport refused to open initial
Connections.

Error - 1/17/2011 9:34:55 PM | Computer Name = WRITING_JENNY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.95.4042.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >

ken545
2011-01-22, 19:55
Hi,

Lets do this

Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe







Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25438
O2 - BHO: (Digsby Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Digsby Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Digsby Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
[2011/01/16 13:48:58 | 000,001,924 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110858.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205439.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205438.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205437.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205436.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205435.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205433.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205432.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205431.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205430.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205429.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-205423.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-131415.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-131414.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-131413.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-131412.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-131411.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-131410.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-131409.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-130825.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-130755.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-130754.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-130753.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-130752.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-130750.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110920.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110917.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110916.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110915.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110914.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110913.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110911.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110910.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110909.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110908.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110907.backup
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110905.backup77

:Services

:Reg

:Files


:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan with OTL and post the new log

bavanor
2011-01-22, 20:37
Ken545

Here is the log results from the run fix
I will post the new otl log in the next post


All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-110858.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-205439.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-205438.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-205437.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-205436.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-205435.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-205433.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-205432.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-205431.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-205430.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-205429.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-205423.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-131415.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-131414.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-131413.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-131412.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-131411.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-131410.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-131409.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-130825.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-130755.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-130754.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-130753.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-130752.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-130750.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-110920.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-110917.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-110916.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-110915.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-110914.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-110913.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-110911.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-110910.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-110909.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-110908.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20110117-110907.backup moved successfully.
File C:\WINDOWS\System32\drivers\etc\hosts.20110117-110905.backup77 not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Jennifer Britton
->Temp folder emptied: 107624643 bytes
->Temporary Internet Files folder emptied: 181578637 bytes
->FireFox cache emptied: 117032359 bytes
->Google Chrome cache emptied: 260830850 bytes
->Flash cache emptied: 110352 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 139512 bytes
->Temporary Internet Files folder emptied: 211374694 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 34589420 bytes
%systemroot%\System32\dllcache .tmp files removed: 12398328 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77286 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 53511946 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1182332 bytes

Total Files Cleaned = 935.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.3 log created on 01222011_113045

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

bavanor
2011-01-22, 20:44
here is the new otl.txt log

OTL logfile created on: 1/22/2011 11:38:24 AM - Run 2
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Jennifer Britton\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.06 Gb Total Space | 31.20 Gb Free Space | 43.29% Space Free | Partition Type: NTFS
Drive D: | 72.05 Gb Total Space | 71.97 Gb Free Space | 99.89% Space Free | Partition Type: NTFS

Computer Name: WRITING_JENNY | User Name: Jennifer Britton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\PaperCut Print Logger\pcpl.exe (PaperCut Software International Pty Ltd)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (PCPrintLogger) -- C:\Program Files\PaperCut Print Logger\pcpl.exe (PaperCut Software International Pty Ltd)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKslb7ebd2e4) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A276E0C8-57D5-47D2-AC58-A49836218854}\MpKslb7ebd2e4.sys (Microsoft Corporation)
DRV - (MpKsla8015e8a) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A276E0C8-57D5-47D2-AC58-A49836218854}\MpKsla8015e8a.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4aeb5c8d&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/16 13:35:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/24 15:06:15 | 000,000,000 | ---D | M]

[2009/10/30 14:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jennifer Britton\Application Data\Mozilla\Extensions
[2011/01/19 16:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jennifer Britton\Application Data\Mozilla\Firefox\Profiles\agejxogd.default\extensions
[2010/05/15 21:40:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jennifer Britton\Application Data\Mozilla\Firefox\Profiles\agejxogd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/30 14:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/01/22 11:32:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/27 22:03:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{41f83a02-de02-11de-85b8-0026188a7628}\Shell - "" = AutoRun
O33 - MountPoints2\{41f83a02-de02-11de-85b8-0026188a7628}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41f83a02-de02-11de-85b8-0026188a7628}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{515b1914-ed12-11de-85bc-0026188a7628}\Shell - "" = AutoRun
O33 - MountPoints2\{515b1914-ed12-11de-85bc-0026188a7628}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{515b1914-ed12-11de-85bc-0026188a7628}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{515b1915-ed12-11de-85bc-0026188a7628}\Shell\AutoRun\command - "" = F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O33 - MountPoints2\{55dd08fe-aae4-11df-8603-0026188a7628}\Shell - "" = AutoRun
O33 - MountPoints2\{55dd08fe-aae4-11df-8603-0026188a7628}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{55dd08fe-aae4-11df-8603-0026188a7628}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/22 11:30:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/22 11:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Desktop\erunt
[2011/01/22 08:19:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe
[2011/01/18 18:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\PCHealth
[2011/01/18 18:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Desktop\Notepad
[2011/01/17 14:48:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/17 14:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/01/17 14:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/01/17 13:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\HiJackThis
[2011/01/17 13:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/01/17 13:42:36 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/17 09:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/17 09:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/17 09:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/01/16 14:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Application Data\Malwarebytes
[2011/01/16 14:00:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/16 14:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/16 14:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/16 14:00:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/16 14:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/16 13:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Application Data\Windows Search
[2011/01/16 13:24:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\PIBWWEDMXS
[2011/01/16 13:21:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\a2ea70
[2011/01/06 13:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Desktop\additional
[2011/01/04 18:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\My Documents\site development images
[2010/12/31 00:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\PaperCut Print Logger
[2010/12/31 00:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\PaperCut Print Logger

========== Files - Modified Within 30 Days ==========

[2011/01/22 11:38:53 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/22 11:33:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/22 11:32:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/01/22 10:44:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-625892908-1552506439-4051791423-1006UA.job
[2011/01/22 10:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/01/22 08:20:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe
[2011/01/22 08:18:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/18 18:33:41 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/01/18 15:52:24 | 012,059,136 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP336 Spring2010 PP PavingI.ppt
[2011/01/18 14:44:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-625892908-1552506439-4051791423-1006Core.job
[2011/01/17 15:01:06 | 000,005,460 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Attach.zip
[2011/01/17 14:48:22 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/17 14:46:58 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\NTREGOPT.lnk
[2011/01/17 14:46:58 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\ERUNT.lnk
[2011/01/17 13:57:00 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\HiJackThis.lnk
[2011/01/17 12:42:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/17 09:49:14 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/17 09:49:14 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Spybot - Search & Destroy.lnk
[2011/01/16 18:26:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/16 14:00:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110905.backup
[2011/01/14 18:13:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/12 19:53:07 | 000,001,750 | -H-- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Default.rdp
[2011/01/08 10:43:56 | 000,033,149 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Will you save.pptx
[2011/01/05 08:36:47 | 005,923,404 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\paper.pdf
[2011/01/04 19:39:36 | 001,871,808 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Unfiled Notes.one
[2011/01/04 19:37:12 | 000,017,649 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\CAD_Sizing_Chart.pdf
[2011/01/04 18:01:04 | 000,137,892 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\image 1.jpg
[2011/01/04 14:29:35 | 047,661,568 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP335 Spring2010 PP Ch1INTRO.ppt
[2011/01/03 21:56:57 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 10:33:23 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.docx
[2010/12/31 10:33:23 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Media Cart.docx
[2010/12/31 10:30:54 | 000,910,400 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.one

========== Files Created - No Company Name ==========

[2011/01/22 08:35:39 | 005,187,061 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of accessory housing.pdf
[2011/01/22 08:35:39 | 002,780,987 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron_email-Portfolio_2008.pdf
[2011/01/22 08:35:39 | 000,688,368 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of ashland.one
[2011/01/22 08:35:39 | 000,210,395 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron_Britton_Resume_2009.pdf
[2011/01/22 08:35:39 | 000,111,199 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron_Britton_References_2009.pdf
[2011/01/22 08:35:39 | 000,098,045 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of waterfront-house-plans-for-sale-bainbridge-island-2.jpg
[2011/01/22 08:35:39 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of MSU benefits.doc
[2011/01/22 08:35:39 | 000,041,837 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of house-bierings-1.jpg
[2011/01/22 08:35:39 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Media Cart.docx
[2011/01/22 08:35:39 | 000,016,703 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron Britton Resume 2009.docx
[2011/01/22 08:18:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/18 18:26:04 | 012,059,136 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP336 Spring2010 PP PavingI.ppt
[2011/01/17 14:59:52 | 000,005,460 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Attach.zip
[2011/01/17 14:48:22 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/17 14:46:58 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\NTREGOPT.lnk
[2011/01/17 14:46:58 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\ERUNT.lnk
[2011/01/17 13:57:00 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\HiJackThis.lnk
[2011/01/17 09:49:14 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/17 09:49:14 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Spybot - Search & Destroy.lnk
[2011/01/16 14:00:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/08 10:43:55 | 000,033,149 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Will you save.pptx
[2011/01/05 08:36:47 | 005,923,404 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\paper.pdf
[2011/01/04 19:39:35 | 001,871,808 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Unfiled Notes.one
[2011/01/04 19:37:12 | 000,017,649 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\CAD_Sizing_Chart.pdf
[2011/01/04 18:00:59 | 000,137,892 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\image 1.jpg
[2011/01/04 17:52:06 | 047,661,568 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP335 Spring2010 PP Ch1INTRO.ppt
[2011/01/03 21:56:57 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 10:32:06 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.docx
[2010/12/31 10:30:54 | 000,910,400 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.one
[2009/11/07 16:02:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\prvlcl.dat
[2009/05/05 11:13:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/05 10:16:46 | 000,232,872 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/05/05 09:03:49 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/05/05 09:03:49 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/05/05 08:52:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/04/27 21:51:49 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/27 14:58:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2009/10/30 15:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2011/01/16 13:24:50 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\a2ea70
[2010/12/02 18:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/27 19:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/27 19:08:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/27 18:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/16 13:24:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\PIBWWEDMXS
[2009/11/30 15:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/05/05 09:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wireless LAN Card
[2010/11/24 15:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/02 09:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/27 19:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\AVG10
[2010/01/14 22:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Crayon Physics Deluxe
[2010/02/20 11:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\The Longest Journey
[2009/11/30 15:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Western Digital
[2010/12/02 19:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Windows Desktop Search
[2011/01/16 13:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Windows Search
[2011/01/22 11:38:53 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/01/22 10:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >

ken545
2011-01-22, 23:30
Hi,

We missed one entry with the OTL fix, lets run this free online scanner and it may find and remove it if not we can run OTL fix again.

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

bavanor
2011-01-23, 06:20
Below is located the log.txt file from the ESET Online Scanner. The scanner said it found and cleaned a virus.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=b79b4d21d5356a48b1a1fad6ef133f95
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-23 04:15:01
# local_time=2011-01-22 09:15:01 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 367910 367910 0 0
# compatibility_mode=1024 16777215 100 0 6595741 6595741 0 0
# compatibility_mode=5891 16776533 100 100 0 25249106 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=98887
# found=1
# cleaned=1
# scan_time=7576
C:\Documents and Settings\All Users\Application Data\a2ea70\831.mof Win32/RogueAV.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ken545
2011-01-23, 13:39
It didn't get the one I wanted but it did remove another bad entry, go ahead and run a new Scan with OTL ( not the fix ) and post a new OTL log, there wont be no extras this time so not to worry

bavanor
2011-01-23, 19:22
Hey Ken545,

No worries here just lots of thank you's for helping me out.

Below is the new log from otl:

OTL logfile created on: 1/23/2011 10:16:54 AM - Run 3
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Jennifer Britton\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.06 Gb Total Space | 30.99 Gb Free Space | 43.01% Space Free | Partition Type: NTFS
Drive D: | 72.05 Gb Total Space | 71.97 Gb Free Space | 99.89% Space Free | Partition Type: NTFS

Computer Name: WRITING_JENNY | User Name: Jennifer Britton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\PaperCut Print Logger\pcpl.exe (PaperCut Software International Pty Ltd)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (PCPrintLogger) -- C:\Program Files\PaperCut Print Logger\pcpl.exe (PaperCut Software International Pty Ltd)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKsla8015e8a) -- File not found
DRV - (MpKsl7415ee68) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F24503D-43E0-4CEF-984D-C7C957390B2C}\MpKsl7415ee68.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4aeb5c8d&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/16 13:35:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/24 15:06:15 | 000,000,000 | ---D | M]

[2009/10/30 14:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jennifer Britton\Application Data\Mozilla\Extensions
[2011/01/22 17:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jennifer Britton\Application Data\Mozilla\Firefox\Profiles\agejxogd.default\extensions
[2010/05/15 21:40:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jennifer Britton\Application Data\Mozilla\Firefox\Profiles\agejxogd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/30 14:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/01/22 11:32:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/27 22:03:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{41f83a02-de02-11de-85b8-0026188a7628}\Shell - "" = AutoRun
O33 - MountPoints2\{41f83a02-de02-11de-85b8-0026188a7628}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41f83a02-de02-11de-85b8-0026188a7628}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{515b1914-ed12-11de-85bc-0026188a7628}\Shell - "" = AutoRun
O33 - MountPoints2\{515b1914-ed12-11de-85bc-0026188a7628}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{515b1914-ed12-11de-85bc-0026188a7628}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{515b1915-ed12-11de-85bc-0026188a7628}\Shell\AutoRun\command - "" = F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O33 - MountPoints2\{55dd08fe-aae4-11df-8603-0026188a7628}\Shell - "" = AutoRun
O33 - MountPoints2\{55dd08fe-aae4-11df-8603-0026188a7628}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{55dd08fe-aae4-11df-8603-0026188a7628}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/22 18:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/01/22 11:30:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/22 11:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Desktop\erunt
[2011/01/22 08:19:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe
[2011/01/18 18:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\PCHealth
[2011/01/18 18:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Desktop\Notepad
[2011/01/17 14:48:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/17 14:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/01/17 14:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/01/17 13:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\HiJackThis
[2011/01/17 13:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/01/17 13:42:36 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/17 09:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/17 09:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/17 09:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/01/16 14:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Application Data\Malwarebytes
[2011/01/16 14:00:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/16 14:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/16 14:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/16 14:00:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/16 14:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/16 13:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Application Data\Windows Search
[2011/01/16 13:24:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\PIBWWEDMXS
[2011/01/16 13:21:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\a2ea70
[2011/01/06 13:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Desktop\additional
[2011/01/04 18:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\My Documents\site development images
[2010/12/31 00:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\PaperCut Print Logger
[2010/12/31 00:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\PaperCut Print Logger

========== Files - Modified Within 30 Days ==========

[2011/01/23 09:44:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-625892908-1552506439-4051791423-1006UA.job
[2011/01/22 22:01:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/01/22 14:44:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-625892908-1552506439-4051791423-1006Core.job
[2011/01/22 11:38:53 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/22 11:33:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/22 11:32:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/01/22 08:20:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe
[2011/01/22 08:18:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/18 18:33:41 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/01/18 15:52:24 | 012,059,136 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP336 Spring2010 PP PavingI.ppt
[2011/01/17 15:01:06 | 000,005,460 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Attach.zip
[2011/01/17 14:48:22 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/17 14:46:58 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\NTREGOPT.lnk
[2011/01/17 14:46:58 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\ERUNT.lnk
[2011/01/17 13:57:00 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\HiJackThis.lnk
[2011/01/17 12:42:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/17 09:49:14 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/17 09:49:14 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Spybot - Search & Destroy.lnk
[2011/01/16 18:26:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/16 14:00:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110905.backup
[2011/01/14 18:13:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/12 19:53:07 | 000,001,750 | -H-- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Default.rdp
[2011/01/08 10:43:56 | 000,033,149 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Will you save.pptx
[2011/01/05 08:36:47 | 005,923,404 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\paper.pdf
[2011/01/04 19:39:36 | 001,871,808 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Unfiled Notes.one
[2011/01/04 19:37:12 | 000,017,649 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\CAD_Sizing_Chart.pdf
[2011/01/04 18:01:04 | 000,137,892 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\image 1.jpg
[2011/01/04 14:29:35 | 047,661,568 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP335 Spring2010 PP Ch1INTRO.ppt
[2011/01/03 21:56:57 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 10:33:23 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.docx
[2010/12/31 10:33:23 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Media Cart.docx
[2010/12/31 10:30:54 | 000,910,400 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.one

========== Files Created - No Company Name ==========

[2011/01/22 08:35:39 | 005,187,061 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of accessory housing.pdf
[2011/01/22 08:35:39 | 002,780,987 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron_email-Portfolio_2008.pdf
[2011/01/22 08:35:39 | 000,688,368 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of ashland.one
[2011/01/22 08:35:39 | 000,210,395 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron_Britton_Resume_2009.pdf
[2011/01/22 08:35:39 | 000,111,199 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron_Britton_References_2009.pdf
[2011/01/22 08:35:39 | 000,098,045 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of waterfront-house-plans-for-sale-bainbridge-island-2.jpg
[2011/01/22 08:35:39 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of MSU benefits.doc
[2011/01/22 08:35:39 | 000,041,837 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of house-bierings-1.jpg
[2011/01/22 08:35:39 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Media Cart.docx
[2011/01/22 08:35:39 | 000,016,703 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron Britton Resume 2009.docx
[2011/01/22 08:18:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/18 18:26:04 | 012,059,136 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP336 Spring2010 PP PavingI.ppt
[2011/01/17 14:59:52 | 000,005,460 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Attach.zip
[2011/01/17 14:48:22 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/17 14:46:58 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\NTREGOPT.lnk
[2011/01/17 14:46:58 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\ERUNT.lnk
[2011/01/17 13:57:00 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\HiJackThis.lnk
[2011/01/17 09:49:14 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/17 09:49:14 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Spybot - Search & Destroy.lnk
[2011/01/16 14:00:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/08 10:43:55 | 000,033,149 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Will you save.pptx
[2011/01/05 08:36:47 | 005,923,404 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\paper.pdf
[2011/01/04 19:39:35 | 001,871,808 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Unfiled Notes.one
[2011/01/04 19:37:12 | 000,017,649 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\CAD_Sizing_Chart.pdf
[2011/01/04 18:00:59 | 000,137,892 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\image 1.jpg
[2011/01/04 17:52:06 | 047,661,568 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP335 Spring2010 PP Ch1INTRO.ppt
[2011/01/03 21:56:57 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 10:32:06 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.docx
[2010/12/31 10:30:54 | 000,910,400 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.one
[2009/11/07 16:02:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\prvlcl.dat
[2009/05/05 11:13:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/05 10:16:46 | 000,232,872 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/05/05 09:03:49 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/05/05 09:03:49 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/05/05 08:52:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/04/27 21:51:49 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/27 14:58:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2009/10/30 15:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2011/01/22 19:10:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\a2ea70
[2010/12/02 18:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/27 19:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/27 19:08:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/27 18:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/16 13:24:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\PIBWWEDMXS
[2009/11/30 15:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/05/05 09:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wireless LAN Card
[2010/11/24 15:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/02 09:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/27 19:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\AVG10
[2010/01/14 22:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Crayon Physics Deluxe
[2010/02/20 11:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\The Longest Journey
[2009/11/30 15:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Western Digital
[2010/12/02 19:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Windows Desktop Search
[2011/01/16 13:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Windows Search
[2011/01/22 11:38:53 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/01/22 22:01:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >

ken545
2011-01-23, 20:18
Here it is, we need to remove this.

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL





:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
[2011/01/16 13:48:58 | 000,001,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110117-110905.backup


:Services

:Reg

:Files



:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

bavanor
2011-01-23, 20:30
Ken545,

Here are the runfix results from otl:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
C:\WINDOWS\system32\drivers\etc\hosts.20110117-110905.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jennifer Britton
->Temp folder emptied: 641722 bytes
->Temporary Internet Files folder emptied: 4729933 bytes
->FireFox cache emptied: 88783715 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2426 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 3926 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11068 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 90.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.3 log created on 01232011_112503

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

bavanor
2011-01-23, 20:36
and here is the new scan log otl.txt :

OTL logfile created on: 1/23/2011 11:30:57 AM - Run 4
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Jennifer Britton\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.06 Gb Total Space | 31.03 Gb Free Space | 43.06% Space Free | Partition Type: NTFS
Drive D: | 72.05 Gb Total Space | 71.97 Gb Free Space | 99.89% Space Free | Partition Type: NTFS

Computer Name: WRITING_JENNY | User Name: Jennifer Britton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\PaperCut Print Logger\pcpl.exe (PaperCut Software International Pty Ltd)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (PCPrintLogger) -- C:\Program Files\PaperCut Print Logger\pcpl.exe (PaperCut Software International Pty Ltd)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKsl255dde65) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F24503D-43E0-4CEF-984D-C7C957390B2C}\MpKsl255dde65.sys (Microsoft Corporation)
DRV - (MpKsl7415ee68) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F24503D-43E0-4CEF-984D-C7C957390B2C}\MpKsl7415ee68.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4aeb5c8d&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/16 13:35:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/24 15:06:15 | 000,000,000 | ---D | M]

[2009/10/30 14:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jennifer Britton\Application Data\Mozilla\Extensions
[2011/01/22 17:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jennifer Britton\Application Data\Mozilla\Firefox\Profiles\agejxogd.default\extensions
[2010/05/15 21:40:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jennifer Britton\Application Data\Mozilla\Firefox\Profiles\agejxogd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/30 14:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/01/23 11:25:11 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/27 22:03:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{41f83a02-de02-11de-85b8-0026188a7628}\Shell - "" = AutoRun
O33 - MountPoints2\{41f83a02-de02-11de-85b8-0026188a7628}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41f83a02-de02-11de-85b8-0026188a7628}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{515b1914-ed12-11de-85bc-0026188a7628}\Shell - "" = AutoRun
O33 - MountPoints2\{515b1914-ed12-11de-85bc-0026188a7628}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{515b1914-ed12-11de-85bc-0026188a7628}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{515b1915-ed12-11de-85bc-0026188a7628}\Shell\AutoRun\command - "" = F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O33 - MountPoints2\{55dd08fe-aae4-11df-8603-0026188a7628}\Shell - "" = AutoRun
O33 - MountPoints2\{55dd08fe-aae4-11df-8603-0026188a7628}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{55dd08fe-aae4-11df-8603-0026188a7628}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/22 18:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/01/22 11:30:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/22 11:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Desktop\erunt
[2011/01/22 08:19:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe
[2011/01/18 18:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\PCHealth
[2011/01/18 18:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Desktop\Notepad
[2011/01/17 14:48:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/17 14:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/01/17 14:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/01/17 13:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\HiJackThis
[2011/01/17 13:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/01/17 13:42:36 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/17 09:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/17 09:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/17 09:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/01/16 14:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Application Data\Malwarebytes
[2011/01/16 14:00:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/16 14:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/16 14:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/16 14:00:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/16 14:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/16 13:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Application Data\Windows Search
[2011/01/16 13:24:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\PIBWWEDMXS
[2011/01/16 13:21:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\a2ea70
[2011/01/06 13:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Desktop\additional
[2011/01/04 18:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\My Documents\site development images
[2010/12/31 00:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\PaperCut Print Logger
[2010/12/31 00:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\PaperCut Print Logger

========== Files - Modified Within 30 Days ==========

[2011/01/23 11:31:54 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/23 11:26:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/23 11:25:11 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/01/23 11:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/01/23 10:44:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-625892908-1552506439-4051791423-1006UA.job
[2011/01/22 14:44:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-625892908-1552506439-4051791423-1006Core.job
[2011/01/22 08:20:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe
[2011/01/22 08:18:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/18 18:33:41 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/01/18 15:52:24 | 012,059,136 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP336 Spring2010 PP PavingI.ppt
[2011/01/17 15:01:06 | 000,005,460 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Attach.zip
[2011/01/17 14:48:22 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/17 14:46:58 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\NTREGOPT.lnk
[2011/01/17 14:46:58 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\ERUNT.lnk
[2011/01/17 13:57:00 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\HiJackThis.lnk
[2011/01/17 12:42:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/17 09:49:14 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/17 09:49:14 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Spybot - Search & Destroy.lnk
[2011/01/16 18:26:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/16 14:00:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 18:13:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/12 19:53:07 | 000,001,750 | -H-- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Default.rdp
[2011/01/08 10:43:56 | 000,033,149 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Will you save.pptx
[2011/01/05 08:36:47 | 005,923,404 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\paper.pdf
[2011/01/04 19:39:36 | 001,871,808 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Unfiled Notes.one
[2011/01/04 19:37:12 | 000,017,649 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\CAD_Sizing_Chart.pdf
[2011/01/04 18:01:04 | 000,137,892 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\image 1.jpg
[2011/01/04 14:29:35 | 047,661,568 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP335 Spring2010 PP Ch1INTRO.ppt
[2011/01/03 21:56:57 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 10:33:23 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.docx
[2010/12/31 10:33:23 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Media Cart.docx
[2010/12/31 10:30:54 | 000,910,400 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.one

========== Files Created - No Company Name ==========

[2011/01/22 08:35:39 | 005,187,061 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of accessory housing.pdf
[2011/01/22 08:35:39 | 002,780,987 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron_email-Portfolio_2008.pdf
[2011/01/22 08:35:39 | 000,688,368 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of ashland.one
[2011/01/22 08:35:39 | 000,210,395 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron_Britton_Resume_2009.pdf
[2011/01/22 08:35:39 | 000,111,199 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron_Britton_References_2009.pdf
[2011/01/22 08:35:39 | 000,098,045 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of waterfront-house-plans-for-sale-bainbridge-island-2.jpg
[2011/01/22 08:35:39 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of MSU benefits.doc
[2011/01/22 08:35:39 | 000,041,837 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of house-bierings-1.jpg
[2011/01/22 08:35:39 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Media Cart.docx
[2011/01/22 08:35:39 | 000,016,703 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron Britton Resume 2009.docx
[2011/01/22 08:18:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/18 18:26:04 | 012,059,136 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP336 Spring2010 PP PavingI.ppt
[2011/01/17 14:59:52 | 000,005,460 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Attach.zip
[2011/01/17 14:48:22 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/17 14:46:58 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\NTREGOPT.lnk
[2011/01/17 14:46:58 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\ERUNT.lnk
[2011/01/17 13:57:00 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\HiJackThis.lnk
[2011/01/17 09:49:14 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/17 09:49:14 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Spybot - Search & Destroy.lnk
[2011/01/16 14:00:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/08 10:43:55 | 000,033,149 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Will you save.pptx
[2011/01/05 08:36:47 | 005,923,404 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\paper.pdf
[2011/01/04 19:39:35 | 001,871,808 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Unfiled Notes.one
[2011/01/04 19:37:12 | 000,017,649 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\CAD_Sizing_Chart.pdf
[2011/01/04 18:00:59 | 000,137,892 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\image 1.jpg
[2011/01/04 17:52:06 | 047,661,568 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP335 Spring2010 PP Ch1INTRO.ppt
[2011/01/03 21:56:57 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 10:32:06 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.docx
[2010/12/31 10:30:54 | 000,910,400 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.one
[2009/11/07 16:02:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\prvlcl.dat
[2009/05/05 11:13:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/05 10:16:46 | 000,232,872 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/05/05 09:03:49 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/05/05 09:03:49 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/05/05 08:52:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/04/27 21:51:49 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/27 14:58:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2009/10/30 15:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2011/01/22 19:10:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\a2ea70
[2010/12/02 18:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/27 19:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/27 19:08:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/27 18:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/16 13:24:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\PIBWWEDMXS
[2009/11/30 15:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/05/05 09:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wireless LAN Card
[2010/11/24 15:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/02 09:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/27 19:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\AVG10
[2010/01/14 22:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Crayon Physics Deluxe
[2010/02/20 11:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\The Longest Journey
[2009/11/30 15:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Western Digital
[2010/12/02 19:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Windows Desktop Search
[2011/01/16 13:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Windows Search
[2011/01/23 11:31:54 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/01/23 11:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >

ken545
2011-01-24, 00:18
Great :bigthumb:

You have Ask Toolbar installed, read this and let me know if you want to remove it. I don't think you will find it in your Add Remove Programs

* It promotes its toolbars on sites targeted at kids.
* It promotes its toolbars through ads that appear to be part of other companies' sites.
* It promotes its toolbars through other companies' spyware.
* It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
* It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
* It makes confusing changes to user's browsers - increasing Ask's revenues while taking users to pages they didn't intend to visit.




Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please



Let me know about Ask and also let me know how you feel your system is running now ?

bavanor
2011-01-24, 00:52
Hi Ken545,


First, Yes I would like to remove the Ask Toolbar. Second, malwarbytes found no malware. Below is the log from it.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5581

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/23/2011 3:35:34 PM
mbam-log-2011-01-23 (15-35-34).txt

Scan type: Quick scan
Objects scanned: 141820
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ken545
2011-01-24, 01:51
Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL





:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
2011/01/23 11:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job




:Services

:Reg

:Files
c:\program files\ask.com


:Commands
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )



Let me know how things are running now

bavanor
2011-01-24, 02:43
here is the new runfix log from otl.

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\program files\Ask.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jennifer Britton
->Temp folder emptied: 641722 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 41772070 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 2286 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1578 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 41.00 mb


OTL by OldTimer - Version 3.2.20.3 log created on 01232011_171408

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

bavanor
2011-01-24, 03:00
here is, hopefully :santa:, the last log.txt log form otl

OTL logfile created on: 1/23/2011 5:44:21 PM - Run 5
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Jennifer Britton\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.06 Gb Total Space | 31.55 Gb Free Space | 43.79% Space Free | Partition Type: NTFS
Drive D: | 72.05 Gb Total Space | 71.97 Gb Free Space | 99.89% Space Free | Partition Type: NTFS

Computer Name: WRITING_JENNY | User Name: Jennifer Britton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\PaperCut Print Logger\pcpl.exe (PaperCut Software International Pty Ltd)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (PCPrintLogger) -- C:\Program Files\PaperCut Print Logger\pcpl.exe (PaperCut Software International Pty Ltd)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKslbf3acc3a) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F24503D-43E0-4CEF-984D-C7C957390B2C}\MpKslbf3acc3a.sys (Microsoft Corporation)
DRV - (MpKsl255dde65) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F24503D-43E0-4CEF-984D-C7C957390B2C}\MpKsl255dde65.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4aeb5c8d&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/16 13:35:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/24 15:06:15 | 000,000,000 | ---D | M]

[2009/10/30 14:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jennifer Britton\Application Data\Mozilla\Extensions
[2011/01/23 11:38:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jennifer Britton\Application Data\Mozilla\Firefox\Profiles\agejxogd.default\extensions
[2010/05/15 21:40:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jennifer Britton\Application Data\Mozilla\Firefox\Profiles\agejxogd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/30 14:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/01/23 11:25:11 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/27 22:03:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{41f83a02-de02-11de-85b8-0026188a7628}\Shell - "" = AutoRun
O33 - MountPoints2\{41f83a02-de02-11de-85b8-0026188a7628}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41f83a02-de02-11de-85b8-0026188a7628}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{515b1914-ed12-11de-85bc-0026188a7628}\Shell - "" = AutoRun
O33 - MountPoints2\{515b1914-ed12-11de-85bc-0026188a7628}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{515b1914-ed12-11de-85bc-0026188a7628}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{515b1915-ed12-11de-85bc-0026188a7628}\Shell\AutoRun\command - "" = F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O33 - MountPoints2\{55dd08fe-aae4-11df-8603-0026188a7628}\Shell - "" = AutoRun
O33 - MountPoints2\{55dd08fe-aae4-11df-8603-0026188a7628}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{55dd08fe-aae4-11df-8603-0026188a7628}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/22 18:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/01/22 11:30:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/22 11:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Desktop\erunt
[2011/01/22 08:19:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe
[2011/01/18 18:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\PCHealth
[2011/01/18 18:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Desktop\Notepad
[2011/01/17 14:48:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/17 14:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/01/17 14:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/01/17 13:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\HiJackThis
[2011/01/17 13:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/01/17 13:42:36 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/17 09:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/17 09:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/17 09:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/01/16 14:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Application Data\Malwarebytes
[2011/01/16 14:00:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/16 14:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/16 14:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/16 14:00:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/16 14:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/16 13:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Application Data\Windows Search
[2011/01/16 13:24:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\PIBWWEDMXS
[2011/01/16 13:21:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\a2ea70
[2011/01/06 13:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Desktop\additional
[2011/01/04 18:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\My Documents\site development images
[2010/12/31 00:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\PaperCut Print Logger
[2010/12/31 00:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\PaperCut Print Logger

========== Files - Modified Within 30 Days ==========

[2011/01/23 17:46:21 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/23 17:44:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-625892908-1552506439-4051791423-1006UA.job
[2011/01/23 17:40:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/23 17:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/01/23 14:44:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-625892908-1552506439-4051791423-1006Core.job
[2011/01/23 11:25:11 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/01/22 08:20:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jennifer Britton\Desktop\OTL.exe
[2011/01/22 08:18:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/18 18:33:41 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/01/18 15:52:24 | 012,059,136 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP336 Spring2010 PP PavingI.ppt
[2011/01/17 15:01:06 | 000,005,460 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Attach.zip
[2011/01/17 14:48:22 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/17 14:46:58 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\NTREGOPT.lnk
[2011/01/17 14:46:58 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\ERUNT.lnk
[2011/01/17 13:57:00 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\HiJackThis.lnk
[2011/01/17 12:42:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/17 09:49:14 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/17 09:49:14 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Spybot - Search & Destroy.lnk
[2011/01/16 18:26:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/16 14:00:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 18:13:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/12 19:53:07 | 000,001,750 | -H-- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Default.rdp
[2011/01/08 10:43:56 | 000,033,149 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Will you save.pptx
[2011/01/05 08:36:47 | 005,923,404 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\paper.pdf
[2011/01/04 19:39:36 | 001,871,808 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Unfiled Notes.one
[2011/01/04 19:37:12 | 000,017,649 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\CAD_Sizing_Chart.pdf
[2011/01/04 18:01:04 | 000,137,892 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\image 1.jpg
[2011/01/04 14:29:35 | 047,661,568 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP335 Spring2010 PP Ch1INTRO.ppt
[2011/01/03 21:56:57 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 10:33:23 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.docx
[2010/12/31 10:33:23 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Media Cart.docx
[2010/12/31 10:30:54 | 000,910,400 | ---- | M] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.one

========== Files Created - No Company Name ==========

[2011/01/22 08:35:39 | 005,187,061 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of accessory housing.pdf
[2011/01/22 08:35:39 | 002,780,987 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron_email-Portfolio_2008.pdf
[2011/01/22 08:35:39 | 000,688,368 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of ashland.one
[2011/01/22 08:35:39 | 000,210,395 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron_Britton_Resume_2009.pdf
[2011/01/22 08:35:39 | 000,111,199 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron_Britton_References_2009.pdf
[2011/01/22 08:35:39 | 000,098,045 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of waterfront-house-plans-for-sale-bainbridge-island-2.jpg
[2011/01/22 08:35:39 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of MSU benefits.doc
[2011/01/22 08:35:39 | 000,041,837 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of house-bierings-1.jpg
[2011/01/22 08:35:39 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Media Cart.docx
[2011/01/22 08:35:39 | 000,016,703 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Copy of Aaron Britton Resume 2009.docx
[2011/01/22 08:18:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/18 18:26:04 | 012,059,136 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP336 Spring2010 PP PavingI.ppt
[2011/01/17 14:59:52 | 000,005,460 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Attach.zip
[2011/01/17 14:48:22 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/17 14:46:58 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\NTREGOPT.lnk
[2011/01/17 14:46:58 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\ERUNT.lnk
[2011/01/17 13:57:00 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\HiJackThis.lnk
[2011/01/17 09:49:14 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/17 09:49:14 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Desktop\Spybot - Search & Destroy.lnk
[2011/01/16 14:00:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/08 10:43:55 | 000,033,149 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Will you save.pptx
[2011/01/05 08:36:47 | 005,923,404 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\paper.pdf
[2011/01/04 19:39:35 | 001,871,808 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Unfiled Notes.one
[2011/01/04 19:37:12 | 000,017,649 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\CAD_Sizing_Chart.pdf
[2011/01/04 18:00:59 | 000,137,892 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\image 1.jpg
[2011/01/04 17:52:06 | 047,661,568 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\PSPP335 Spring2010 PP Ch1INTRO.ppt
[2011/01/03 21:56:57 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 10:32:06 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.docx
[2010/12/31 10:30:54 | 000,910,400 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\My Documents\Media Cart.one
[2009/11/07 16:02:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jennifer Britton\Local Settings\Application Data\prvlcl.dat
[2009/05/05 11:13:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/05 10:16:46 | 000,232,872 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/05/05 09:03:49 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/05/05 09:03:49 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/05/05 08:52:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/04/27 21:51:49 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/27 14:58:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2009/10/30 15:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2011/01/22 19:10:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\a2ea70
[2010/12/02 18:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/27 19:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/27 19:08:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/27 18:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/16 13:24:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\PIBWWEDMXS
[2009/11/30 15:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/05/05 09:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wireless LAN Card
[2010/11/24 15:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/02 09:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/27 19:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\AVG10
[2010/01/14 22:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Crayon Physics Deluxe
[2010/02/20 11:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\The Longest Journey
[2009/11/30 15:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Western Digital
[2010/12/02 19:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Windows Desktop Search
[2011/01/16 13:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer Britton\Application Data\Windows Search
[2011/01/23 17:46:21 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/01/23 17:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >

ken545
2011-01-24, 04:03
I removed most of ASK on the first OTL fix , what we removed just now was leftovers.

You need to enable windows to Show all Files and Folders
Instructions for your Operating System HERE (http://www.bleepingcomputer.com/tutorials/tutorial62.html)


C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job <--See if you can delete this ?


How are things running now, any redirects or unwanted pop up windows ?

bavanor
2011-01-24, 17:52
Ken545,

I was able to delete the ask toolbar schedule updates. Everything seems to be working great now. I am able to use internet explore again (even though I don't use it much). Before it was locked into trying to go through a proxy server. I was able to take firefox off of proxy server but I was never able to get into internet options in Internet Explorer

I still can not get into internet explorers internet options. I am restricted from their for some weird reason.

I have not been redirected to any other websites.

ken545
2011-01-24, 18:03
I am looking into it

ken545
2011-01-24, 19:18
Hi,

Glad things are working for you again. You have Spybot Search and Destroy installed. I don't have it installed on my work computer so I cant guide you 100% but if you open Spybot, and up on the top left click on Modes and select Advanced Modes and look under IE Settings and you may have the setting blocked that will prevent Malware from changing your IE setting ( including you ) change it if you see that, let me know and we can look deeper if need be

bavanor
2011-01-24, 22:57
Spybot has no boxes checked under the internet explorer tweaks. It was like this before put on spybot too.

Another thing that was fixed though:bigthumb: is my headphone jack works again.

ken545
2011-01-24, 23:42
Try running this tool from Microsoft
http://support.microsoft.com/kb/923737

bavanor
2011-01-25, 00:57
Ken545,

I tried running the fix you gave me. But it could not run, ran into an error.

I then updated internet explorer 7 to ie8. That fixed the problem. I can now get into internet options.

Also, whenever I restart a system utilities configuration starts right off the bat. If I hit ok it asks to restart with these changes to my system. I haven't done that yet, but should I? Or should I just check the box so I don't see the dialogue box anymore when the computer reboots?

Aaron

ken545
2011-01-25, 03:30
I would say just check the box to not ask you again . Then reboot a few times and make sure there are no problems

bavanor
2011-01-26, 07:10
Ken545,

I've checked the box and it doesn't come up any more on reboot. Everything else is running great and the headphone jack is working again.

Thank you so much for all of your help in getting our netbook up and running healthy again.

ken545
2011-01-26, 11:20
Your very welcome, glad things are back running well again.

Open OTL and click on Cleanup and it will remove the tools we used to clean your system along with there backups.




How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)




Safe Surfn
Ken

bavanor
2011-01-29, 00:08
Otl all cleaned up and off of the machine. Again thank you for you help. It 's great to use a clean machine again.

ken545
2011-01-29, 01:54
:bigthumb:

Thats nice to hear

Take care,
Ken :)

ken545
2011-01-31, 11:40
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.