Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 34

Thread: coolwwwsearch.olehelp. rootkits detected, please help

  1. 2010-11-15, 20:40 #21
    aaron2691
    aaron2691 is offline
    Member
    Join Date
    Jan 2007
    Posts
    36

    Default

    DDS (Ver_10-11-10.01) - NTFS_AMD64
    Run by Savannah at 13:38:49.32 on Mon 11/15/2010
    Internet Explorer: 7.0.6001.18000
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3838.1602 [GMT -6:00]

    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\rundll32.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\system32\crypserv.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    C:\Windows\System32\wsqmcons.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\wpcumi.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\system32\taskmgr.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files (x86)\Internet Explorer\ieuser.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe
    C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Savannah\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    uInternet Settings,ProxyServer = http=127.0.0.1:50370
    uWinlogon: Shell=explorer.exe,C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\shell.exe
    uWindows: Load=C:\Users\Savannah\AppData\Local\Temp\dwm.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    uRun: [svchost] C:\Users\Savannah\AppData\Roaming\Microsoft\svchost.exe
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    StartupFolder: C:\Users\Savannah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AEGFOR~1.LNK - C:\Program Files (x86)\ForeSight Mobility\AEG\Mobility\Console\Current\bin\MobilityColdStart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    LSP: C:\Windows\system32\wpclsp.dll
    Trusted Zone: illustrationsystem.com\www
    DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxps://air.sheltonstate.edu/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=ea4emmnudb0znfudnec1rm55&ControlID=2742cf3021c64cc494cb04fa56bd65d9&Culture=127&UICulture=9&ReportStack=1&OpType=PrintCab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    mRun-x64: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    mRun-x64: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\wgsztus0.default\
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Users\Savannah\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============

    R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2010-7-6 33800]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-7-6 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-7-6 267944]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-7-6 81584]
    R2 MSSQL$ITSQLEXPRESS;SQL Server (ITSQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-5-27 29262680]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-10-31 1153368]
    R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-6-24 92008]
    S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
    S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-8 93184]
    S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

    =============== Created Last 30 ================

    2010-11-15 16:31:59 -------- d-----w- C:\Program Files (x86)\ESET
    2010-11-12 21:12:36 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{925CC802-460E-439E-9F88-E13BC3FA1572}\mpengine.dll
    2010-11-10 23:52:43 -------- d-----w- C:\Program Files (x86)\trend micro
    2010-10-30 14:16:29 -------- d-----w- C:\Users\Savannah\.blurb
    2010-10-30 14:14:04 -------- d-----w- C:\Program Files (x86)\BookSmart

    ==================== Find3M ====================

    2010-11-07 22:07:36 81584 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2010-10-19 16:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-09-20 12:14:32 316416 ----a-w- C:\Windows\System32\msshsq.dll
    2010-09-20 09:25:01 231936 ----a-w- C:\Windows\SysWow64\msshsq.dll
    2010-09-10 16:37:06 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-10 15:52:05 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-08 17:26:59 833024 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 17:23:42 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
    2010-09-08 16:46:38 1032704 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 16:43:11 86528 ----a-w- C:\Windows\System32\ieencode.dll
    2010-09-08 15:53:07 389632 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 15:28:29 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-08 15:26:20 485376 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 15:00:33 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-06 16:24:40 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-09-06 16:23:14 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
    2010-09-06 15:59:19 179712 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-09-06 15:59:19 12288 ----a-w- C:\Windows\System32\sscore.dll
    2010-09-06 15:57:48 17920 ----a-w- C:\Windows\System32\netevent.dll
    2010-09-06 13:44:39 461824 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-09-06 13:44:17 144896 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-09-06 13:44:14 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-08-31 15:41:42 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 15:41:42 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-31 15:40:26 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
    2010-08-31 15:21:34 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-08-31 13:18:42 2751488 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-26 16:27:46 189952 ----a-w- C:\Windows\System32\t2embed.dll
    2010-08-26 16:07:25 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-08-20 15:56:01 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-08-20 15:21:02 866816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2001-09-28 23:00:28 164864 ----a-w- C:\Program Files (x86)\UNWISE.EXE

    ============= FINISH: 13:39:32.29 ===============
  2. 2010-11-15, 20:41 #22
    aaron2691
    aaron2691 is offline
    Member
    Join Date
    Jan 2007
    Posts
    36

    Default

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/23/2009 4:32:22 PM
    System Uptime: 11/15/2010 12:48:48 AM (13 hours ago)

    Motherboard: PEGATRON CORPORATION | | NutMeg
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5400+ | CPU 1 | 2400/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 453 GiB total, 345.932 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.793 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0000
    Manufacturer: Microsoft
    Name: 6TO4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0000
    Service: tunnel

    ==== System Restore Points ===================

    RP227: 10/22/2010 5:17:00 AM - Scheduled Checkpoint
    RP228: 10/22/2010 5:19:01 AM - Windows Update
    RP229: 10/23/2010 4:42:30 PM - Scheduled Checkpoint
    RP230: 10/28/2010 6:25:56 AM - Windows Update
    RP231: 10/28/2010 6:47:26 PM - Scheduled Checkpoint
    RP232: 10/29/2010 5:00:53 PM - Windows Update
    RP233: 10/30/2010 5:57:01 PM - Scheduled Checkpoint
    RP234: 10/31/2010 6:41:44 PM - Scheduled Checkpoint
    RP235: 11/1/2010 7:19:37 AM - Scheduled Checkpoint
    RP236: 11/2/2010 3:01:12 PM - Windows Update
    RP237: 11/3/2010 5:34:33 AM - Scheduled Checkpoint
    RP238: 11/3/2010 8:14:35 PM - Scheduled Checkpoint
    RP239: 11/4/2010 8:19:48 AM - Scheduled Checkpoint
    RP240: 11/4/2010 10:50:51 AM - Windows Update
    RP241: 11/5/2010 4:17:19 PM - Windows Update
    RP242: 11/6/2010 8:32:14 AM - Scheduled Checkpoint
    RP243: 11/7/2010 5:00:41 PM - Scheduled Checkpoint
    RP244: 11/10/2010 6:01:58 PM - Windows Update
    RP245: 11/11/2010 3:00:22 AM - Windows Update
    RP246: 11/11/2010 6:40:42 PM - Scheduled Checkpoint
    RP247: 11/12/2010 9:24:56 AM - Scheduled Checkpoint
    RP248: 11/12/2010 3:12:22 PM - Windows Update
    RP249: 11/13/2010 1:52:11 PM - Scheduled Checkpoint
    RP250: 11/14/2010 5:03:54 PM - Scheduled Checkpoint

    ==== Installed Programs ======================


    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.2
    Aegon Illustration System
    AIO_Scan
    Avira AntiVir Personal - Free Antivirus
    BookSmart® 2.9.1 2.9.1
    CCleaner
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite Deluxe
    Diablo II
    DJ_AIO_Software_min
    Download Updater (AOL LLC)
    Enhanced Multimedia Keyboard Solution
    ESET Online Scanner v3
    Facebook Plug-In
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Demo
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Total Care Advisor
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    Java(TM) 6 Update 7
    Juno Preloader
    K-Lite Codec Pack 4.1.6 (Full)
    LabelPrint
    LightScribe System Software 1.14.25.1
    LightScribe Template Labeler
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    Microsoft Choice Guard
    Microsoft Live Search Toolbar
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (ITSQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Setup Support Files (English)
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox (3.0.19)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    My HP Games
    NetZero Preloader
    Panda ActiveScan 2.0
    PDFLIB
    PDFlib 4.0.1
    PictureMover
    Power2Go
    PowerDirector
    Python 2.5.2
    Realtek High Definition Audio Driver
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    ShowCase
    SPORE Creature Creator Trial Edition
    Spybot - Search & Destroy
    TomTom HOME 2.7.5.2014
    TomTom HOME Visual Studio Merge Modules
    Toolbox
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    VC 9.0 Runtime
    Visual C++ 8.0 Runtime Setup Package (x64)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    WRL-Alliance

    ==== Event Viewer Messages From Past Week ========

    11/14/2010 4:35:50 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.7.100 for the Network Card with network address 00248C2F91AE has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    11/11/2010 3:18:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX
    11/11/2010 3:18:26 AM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
    11/11/2010 3:01:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    11/11/2010 3:01:16 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/11/2010 3:01:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/10/2010 5:50:45 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{ADFD8513-771E-4C05-9844-C5E31D9F8EF0} because another computer on the network has the same name. The server could not start.

    ==== End Of File ===========================
  3. 2010-11-16, 09:05 #23
    peku006
    peku006 is offline
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi aaron2691

    We need to run an OTL Fix
    1. Please reopen on your desktop.
    2. Copy and Paste the following code into the textbox.
      Code:
      :otl
uWindows: Load=C:\Users\Savannah\AppData\Local\Temp\dwm.exe

:commands
[emtytemp]
    3. Push
    4. OTL may ask to reboot the machine. Please do so if asked.
    5. Click .
    6. A report will open. Copy and Paste that report in your next reply.


    Thanks peku006
    Last edited by peku006; 2010-11-16 at 09:09.
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.
  4. 2010-11-16, 17:14 #24
    aaron2691
    aaron2691 is offline
    Member
    Join Date
    Jan 2007
    Posts
    36

    Default

    interestingly, OTL has disappeared from my wife's machine. I asked her and she did not delete it. I checked under every user, and it is gone. I reinstalled it from your previous link and ran the fix you gave me. here is the report. Thanks again for your time and effort.

    ========== OTL ==========
    ========== COMMANDS ==========
    Error: Unable to interpret <[emtytemp]> in the current context!

    OTL by OldTimer - Version 3.2.17.3 log created on 11162010_101158
  5. 2010-11-16, 17:32 #25
    peku006
    peku006 is offline
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi aaron2691

    Is this still "C:\users\savannah\appdata\Local\Temp\dwm.exe"

    • Download OTS by Oldtimer to your Desktop and double-click on it to extract the files.

      • NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.

    • Close ALL OTHER PROGRAMS.
    • Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
    • Click the Scan All Users checkbox on the toolbar.
    • Do not change any other settings.
    • Now click the Run Scan button on the toolbar.
    • Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    • Close Notepad (saving the change if necessry).


    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.
  6. 2010-11-16, 17:43 #26
    aaron2691
    aaron2691 is offline
    Member
    Join Date
    Jan 2007
    Posts
    36

    Default

    Quote Originally Posted by peku006 View Post
    Hi aaron2691

    Is this still "C:\users\savannah\appdata\Local\Temp\dwm.exe"
    not sure exactly what you meant by that. I went to C:\users\savannah I didn't see any app data present in that area. does that answer your question? I will be posting a scan as soon as OTL finishes on her comp (I am on mine right now).
  7. 2010-11-16, 17:45 #27
    aaron2691
    aaron2691 is offline
    Member
    Join Date
    Jan 2007
    Posts
    36

    Default

    here is the report

    OTL logfile created on: 11/16/2010 10:39:31 AM - Run 2
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Savannah\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 42.00% Memory free
    8.00 Gb Paging File | 5.00 Gb Available in Paging File | 69.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 452.59 Gb Total Space | 345.56 Gb Free Space | 76.35% Space Free | Partition Type: NTFS
    Drive D: | 13.17 Gb Total Space | 1.79 Gb Free Space | 13.62% Space Free | Partition Type: NTFS
    Drive G: | 62.45 Mb Total Space | 26.13 Mb Free Space | 41.83% Space Free | Partition Type: FAT

    Computer Name: SAVANNAH-PC | User Name: Savannah | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found -- C:\Windows\SysWow64\crypserv.exe
    PRC - [2010/11/16 10:10:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Savannah\Desktop\OTL.exe
    PRC - [2010/11/07 16:07:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/11/07 16:07:36 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/11/07 16:07:36 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/06/24 08:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/10/17 18:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2008/10/17 18:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    PRC - [2008/09/26 04:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    PRC - [2008/09/08 17:12:40 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    PRC - [2008/08/25 05:57:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
    PRC - [2007/04/18 09:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/16 10:10:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Savannah\Desktop\OTL.exe
    MOD - [2010/08/31 09:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2009/03/02 14:48:02 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
    SRV:64bit: - [2008/08/26 09:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/11/07 16:07:36 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/11/07 16:07:36 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/06/24 08:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2009/09/23 15:37:00 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/07/27 12:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSPX64.SYS -- (SRTSPX)
    DRV:64bit: - File not found [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSP64.SYS -- (SRTSP)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
    DRV:64bit: - [2010/11/07 16:07:36 | 000,081,584 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2010/03/02 12:35:01 | 000,116,568 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
    DRV:64bit: - [2009/06/30 08:37:16 | 000,033,800 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
    DRV:64bit: - [2009/04/15 15:37:54 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\ckldrv.sys -- (NetworkX)
    DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008/09/09 19:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
    DRV:64bit: - [2008/03/21 06:47:14 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
    DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/09/26 04:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    IE - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    IE - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

    IE - HKU\S-1-5-21-2698770454-334339165-2337177048-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    IE - HKU\S-1-5-21-2698770454-334339165-2337177048-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    IE - HKU\S-1-5-21-2698770454-334339165-2337177048-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50370


    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/31 04:48:28 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/31 04:48:28 | 000,000,000 | ---D | M]

    [2010/08/16 11:04:26 | 000,000,000 | ---D | M] -- C:\Users\Savannah\AppData\Roaming\Mozilla\Extensions
    [2010/08/16 11:04:26 | 000,000,000 | ---D | M] -- C:\Users\Savannah\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2010/11/14 21:46:24 | 000,000,000 | ---D | M] -- C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\wgsztus0.default\extensions
    [2009/11/10 06:45:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\wgsztus0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/02/27 11:04:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\wgsztus0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/02/27 15:54:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/07/06 10:40:50 | 000,411,423 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 14218 more lines...
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
    O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe ()
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000..\Run: [svchost] C:\Users\Savannah\AppData\Roaming\Microsoft\svchost.exe File not found
    O4 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O4 - Startup: C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    F3:64bit: - HKU\S-1-5-21-2698770454-334339165-2337177048-1000 WinNT: Load - (C:\Users\Savannah\AppData\Local\Temp\dwm.exe) - C:\Users\Savannah\AppData\Local\Temp\dwm.exe File not found
    F3 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000 WinNT: Load - (C:\Users\Savannah\AppData\Local\Temp\dwm.exe) - C:\Users\Savannah\AppData\Local\Temp\dwm.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O7 - HKU\S-1-5-21-2698770454-334339165-2337177048-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2698770454-334339165-2337177048-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-2698770454-334339165-2337177048-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\..Trusted Domains: illustrationsystem.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-2698770454-334339165-2337177048-1005\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} https://air.sheltonstate.edu/ReportS...pType=PrintCab (RSClientPrint 2005 Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000 Winlogon: Shell - (C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\shell.exe File not found
    O24 - Desktop WallPaper: C:\Users\Savannah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Savannah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{30fa211c-bf6e-11de-af0e-00248c2f91ae}\Shell - "" = AutoRun
    O33 - MountPoints2\{30fa211c-bf6e-11de-af0e-00248c2f91ae}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{4c2e6cad-7af0-11de-97e2-00248c2f91ae}\Shell - "" = AutoRun
    O33 - MountPoints2\{4c2e6cad-7af0-11de-97e2-00248c2f91ae}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{b7a8dc29-ea58-11de-8d88-00248c2f91ae}\Shell - "" = AutoRun
    O33 - MountPoints2\{b7a8dc29-ea58-11de-8d88-00248c2f91ae}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/16 10:11:58 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/11/16 10:10:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Savannah\Desktop\OTL.exe
    [2010/11/15 10:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2010/11/14 12:11:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2010/11/11 03:01:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/11/10 17:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
    [2010/11/10 17:52:43 | 000,000,000 | ---D | C] -- C:\rsit
    [2010/10/30 08:16:37 | 000,000,000 | ---D | C] -- C:\Users\Savannah\Documents\BookSmartData
    [2010/10/30 08:16:29 | 000,000,000 | ---D | C] -- C:\Users\Savannah\.blurb
    [2010/10/30 08:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BookSmart
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/11/16 10:40:28 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ED4E7E7E-86A9-4F21-ADFB-D70451304326}.job
    [2010/11/16 10:37:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/16 10:10:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Savannah\Desktop\OTL.exe
    [2010/11/15 14:44:34 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/15 14:44:34 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/15 13:38:35 | 000,630,272 | ---- | M] () -- C:\Users\Savannah\Desktop\dds.scr
    [2010/11/12 16:30:12 | 000,756,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/11/12 16:30:12 | 000,642,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/11/12 16:30:12 | 000,118,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/11/07 16:07:36 | 000,081,584 | ---- | M] () -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2010/10/30 08:14:58 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\BookSmart.lnk
    [2010/10/28 05:07:31 | 000,000,732 | ---- | M] () -- C:\Users\Savannah\AppData\Local\d3d9caps64.dat
    [2010/10/24 07:07:25 | 000,000,680 | ---- | M] () -- C:\Users\Savannah\AppData\Local\d3d9caps.dat
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/11/15 13:38:31 | 000,630,272 | ---- | C] () -- C:\Users\Savannah\Desktop\dds.scr
    [2010/10/30 08:14:58 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\BookSmart.lnk
    [2010/10/28 05:07:31 | 000,000,732 | ---- | C] () -- C:\Users\Savannah\AppData\Local\d3d9caps64.dat
    [2010/10/24 07:07:25 | 000,000,680 | ---- | C] () -- C:\Users\Savannah\AppData\Local\d3d9caps.dat
    [2010/07/06 16:08:01 | 000,420,114 | ---- | C] () -- C:\Users\Savannah\AppData\Local\dd_vcredistMSI5043.txt
    [2010/07/06 16:08:01 | 000,011,626 | ---- | C] () -- C:\Users\Savannah\AppData\Local\dd_vcredistUI5043.txt
    [2010/04/21 13:47:13 | 000,164,864 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
    [2010/04/21 13:46:55 | 000,000,104 | ---- | C] () -- C:\Windows\Aegonusa.ini
    [2010/04/21 13:01:00 | 000,001,363 | ---- | C] () -- C:\Program Files (x86)\INSTALL.LOG
    [2010/04/21 12:43:59 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/12/06 23:28:47 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2009/12/06 23:28:47 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2009/12/06 23:28:45 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
    [2009/12/06 23:28:45 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2009/12/06 23:28:45 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2009/12/06 23:28:45 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2009/11/29 17:27:44 | 000,000,057 | ---- | C] () -- C:\Windows\Crypkey.ini
    [2009/11/29 17:27:38 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
    [2009/11/25 17:06:55 | 000,000,000 | ---- | C] () -- C:\Users\Savannah\AppData\Local\prvlcl.dat
    [2009/08/30 17:59:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/04/10 16:42:21 | 000,000,368 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/04/10 16:33:39 | 000,015,732 | ---- | C] () -- C:\Users\Savannah\AppData\Roaming\wklnhst.dat
    [2009/04/06 16:58:59 | 000,009,728 | ---- | C] () -- C:\Users\Savannah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/01/16 13:32:36 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
    [2009/01/16 13:32:36 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
    [2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2008/01/20 20:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    < End of report >
  8. 2010-11-16, 18:49 #28
    peku006
    peku006 is offline
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi aaron2691
    I went to C:\users\savannah I didn't see any app data present in that area
    I meant this
    I received the following errors, the first at reboot, the second when I opened firefox:

    "could not load or run C:\users\savannah\appdata\Local\Temp\dwm.exe Make sure the file exists on your computer or remove the reference to it in the registry"
    Let's run OTL.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
F3:64bit: - HKU\S-1-5-21-2698770454-334339165-2337177048-1000 WinNT: Load - (C:\Users\Savannah\AppData\Local\Temp\dwm.exe) - C:\Users\Savannah\AppData\Local\Temp\dwm.exe File not found
F3 - HKU\S-1-5-21-2698770454-334339165-2337177048-1000 WinNT: Load - (C:\Users\Savannah\AppData\Local\Temp\dwm.exe) - C:\Users\Savannah\AppData\Local\Temp\dwm.exe File not found
    • Then click the Run Fix button at the top
    • Let the program run unhindered
    • A report will open. Copy and Paste that report in your next reply.


    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.
  9. 2010-11-16, 19:00 #29
    aaron2691
    aaron2691 is offline
    Member
    Join Date
    Jan 2007
    Posts
    36

    Default

    I followed your instructions. here is the report. Thanks.

    ========== OTL ==========
    64bit-Registry value HKEY_USERS\S-1-5-21-2698770454-334339165-2337177048-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Savannah\AppData\Local\Temp\dwm.exe deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2698770454-334339165-2337177048-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Savannah\AppData\Local\Temp\dwm.exe deleted successfully.

    OTL by OldTimer - Version 3.2.17.3 log created on 11162010_115839
  10. 2010-11-16, 19:21 #30
    peku006
    peku006 is offline
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi aaron2691

    Malwarebytes' Anti-Malware

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates
    • After the update have been completed, Select the Scanner tab.
    • Make sure the "Perform full scan" option is selected.
    • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.

    Back at the main Scanner screen:
    1. Click on the Show Results button to see a list of any malware that was found.
    2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
      We will take care of the System Volume Information items later.
    3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
      The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    5. Copy and paste the contents of that report in your next reply and exit MBAM.


    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Please reply with

    the Malwarebytes' Anti-Malware Log

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules