TechSpot

Firefox redirecting searches to random search engines and sites

By valee
Jul 3, 2010
  1. When I google something and click on the link I often get redirected to other search engines or random junk sites.
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    You have some Norton's leftovers. Please, run Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. valee

    valee TS Rookie Topic Starter

    ComboFix 10-07-01.02 - Dawn 07/03/2010 0:12.1.1 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1899 [GMT -5:00]
    Running from: c:\users\Dawn\Desktop\ComboFix.exe
    SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    Infected copy of c:\windows\system32\drivers\MegaSR.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 )))))))))))))))))))))))))))))))
    .

    2010-07-03 05:20 . 2010-07-03 05:20 -------- d-----w- c:\users\Dawn\AppData\Local\temp
    2010-07-03 03:40 . 2010-07-03 03:40 -------- d-----w- c:\program files\Common Files\Java
    2010-07-03 03:40 . 2010-07-03 03:39 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-03 02:37 . 2010-07-03 02:37 -------- d-----w- c:\users\Dawn\AppData\Roaming\Avira
    2010-07-03 02:33 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-07-03 02:33 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-07-03 02:33 . 2009-05-11 17:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-07-03 02:33 . 2009-05-11 17:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-07-03 02:33 . 2010-07-03 02:33 -------- d-----w- c:\programdata\Avira
    2010-07-03 02:33 . 2010-07-03 02:33 -------- d-----w- c:\program files\Avira
    2010-06-28 02:01 . 2010-06-28 02:01 -------- d-----w- c:\programdata\WindowsSearch
    2010-06-28 01:41 . 2010-06-28 01:41 63488 ----a-w- c:\users\Dawn\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-06-28 01:41 . 2010-06-28 01:41 52224 ----a-w- c:\users\Dawn\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-06-28 01:41 . 2010-06-28 01:41 117760 ----a-w- c:\users\Dawn\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-06-28 01:40 . 2010-06-28 01:40 -------- d-----w- c:\users\Dawn\AppData\Roaming\SUPERAntiSpyware.com
    2010-06-28 01:23 . 2010-06-28 01:23 -------- d-----w- c:\program files\Trend Micro
    2010-06-27 00:22 . 2010-06-30 03:55 -------- d-----w- c:\users\Tom\AppData\Roaming\Gtek
    2010-06-27 00:22 . 2010-06-27 00:22 -------- d-----w- c:\users\Default\AppData\Roaming\Gtek
    2010-06-27 00:22 . 2010-06-27 00:22 -------- d--h--w- c:\users\Dawn\AppData\Roaming\GTek
    2010-06-27 00:21 . 2010-06-27 00:22 -------- d--ha-w- c:\programdata\GTek
    2010-06-27 00:21 . 2010-06-27 00:22 -------- d-----w- c:\program files\Linksys EasyLink Advisor
    2010-06-26 21:50 . 2010-06-26 21:50 -------- d-----w- c:\program files\ATT-HSI
    2010-06-26 21:50 . 2010-06-26 21:50 -------- d-----w- c:\programdata\Motive
    2010-06-26 21:50 . 2010-06-26 21:50 -------- d-----w- c:\program files\Common Files\Motive

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-03 05:10 . 2009-04-09 09:51 12 ----a-w- c:\windows\bthservsdp.dat
    2010-07-03 03:45 . 2009-04-09 11:16 -------- d-----w- c:\program files\Common Files\Adobe
    2010-07-03 03:38 . 2009-04-09 11:27 -------- d-----w- c:\program files\Java
    2010-06-03 03:23 . 2009-04-09 11:12 -------- d-----w- c:\programdata\Microsoft Help
    2010-05-29 14:53 . 2010-05-22 20:57 -------- d-----w- c:\program files\ASL Deluxe
    2010-05-29 14:44 . 2009-11-29 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-29 14:23 . 2010-05-29 14:23 -------- d-----w- c:\programdata\Office Genuine Advantage
    2010-05-29 11:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
    2010-05-29 11:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
    2010-05-29 11:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
    2010-05-29 11:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
    2010-05-29 11:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
    2010-05-29 11:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
    2010-05-29 11:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-05-29 11:38 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2010-05-22 20:57 . 2010-05-22 20:57 -------- d-----w- c:\programdata\QuickTime
    2010-05-12 16:28 . 2010-04-10 01:26 94 ----a-w- c:\users\Dawn\AppData\Roaming\wklnhst.dat
    2010-05-12 16:21 . 2009-10-09 22:17 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-04-29 20:39 . 2010-05-29 14:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 20:39 . 2010-05-29 14:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-23 14:13 . 2010-05-26 00:34 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-04-09 10:32 . 2009-04-09 10:25 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
    "TypingSatellite"="c:\program files\Cosmi\Perfect Typing Pro English\KBOOST.EXE" [2002-01-08 740352]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 145944]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
    "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
    "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-16 417792]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

    c:\users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):5a,a2,2c,4e,24,ff,ca,01

    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
    S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://home.myquickfinder.com
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
    FF - ProfilePath - c:\users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\dfzylxv8.default\
    FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    AddRemove-7f9b6c98097631e8cdb422334bc6c6d0 - c:\program files\ASL Deluxe\_uninstall\uninstaller.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-03 00:20
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-07-03 00:23:35
    ComboFix-quarantined-files.txt 2010-07-03 05:23

    Pre-Run: 115,297,583,104 bytes free
    Post-Run: 115,251,773,440 bytes free

    - - End Of File - - EE840435CB9A2FF4CE112AEBF921699D
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    How is redirection now?
     
  5. valee

    valee TS Rookie Topic Starter

    Appears to be gone, no redirects on links i previously tried, and everything is running faster and smoother.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Cool :)
    Let's run couple more tests to make sure, your computer is totally clean.

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Restart computer.

    ========================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. valee

    valee TS Rookie Topic Starter

    OTL.txt part 1

    OTL logfile created on: 7/3/2010 12:43:50 AM - Run 2
    OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Dawn\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.13 Gb Total Space | 106.56 Gb Free Space | 77.15% Space Free | Partition Type: NTFS
    Drive D: | 10.92 Gb Total Space | 1.83 Gb Free Space | 16.78% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: LAPTOP
    Current User Name: Dawn
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/07/03 00:35:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
    PRC - [2010/07/02 21:02:11 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    PRC - [2008/10/09 09:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
    PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    PRC - [2002/01/08 18:02:02 | 000,740,352 | ---- | M] (TypingMaster Inc) -- C:\Program Files\Cosmi\Perfect Typing Pro English\kboost.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/07/03 00:35:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
    MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
    MOD - [2008/01/20 21:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx
    MOD - [2001/03/26 17:47:34 | 000,024,576 | ---- | M] (TypingMaster Oy) -- C:\Program Files\Cosmi\Perfect Typing Pro English\KBSatellite.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/04/30 17:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2010/04/30 17:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/04/09 05:32:45 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2009/04/09 05:32:45 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2009/04/09 05:32:45 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2008/12/20 02:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
    DRV - [2008/07/06 15:15:24 | 002,378,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2008/06/29 09:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2008/06/10 13:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2008/06/05 11:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2008/04/17 13:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2007/10/31 20:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2007/10/31 20:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2007/10/31 20:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\elagopro.sys -- (elagopro)
    DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\elaunidr.sys -- (elaunidr)
    DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 02:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\yk60x86.sys -- (yukonwlh)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.myquickfinder.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
    FF - prefs.js..extensions.enabledItems: {F2DDDB92-1605-4260-9B25-45A4DAE87B50}:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/02 21:08:03 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/02 22:45:51 | 000,000,000 | ---D | M]

    [2009/11/29 10:45:36 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\Mozilla\Extensions
    [2010/07/02 22:54:33 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\dfzylxv8.default\extensions
    [2010/06/19 09:09:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\dfzylxv8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/11/29 10:47:37 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\dfzylxv8.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
    [2010/07/02 22:54:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/02 22:40:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/05/27 03:00:40 | 000,000,000 | ---D | M] (QuestService) -- C:\Program Files\Mozilla Firefox\extensions\{F2DDDB92-1605-4260-9B25-45A4DAE87B50}
     
  8. valee

    valee TS Rookie Topic Starter

    [2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nptgeqplugin.dll

    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
    O4 - HKCU..\Run: [TypingSatellite] C:\Program Files\Cosmi\Perfect Typing Pro English\KBOOST.EXE (TypingMaster Inc)
    O4 - Startup: C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\WINDOWS\System32\ias [2008/01/20 21:34:27 | 000,000,000 | ---D | M]
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/07/03 00:35:39 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
    [2010/07/03 00:23:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/07/03 00:23:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/07/03 00:23:37 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\temp
    [2010/07/03 00:07:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/07/02 22:52:52 | 000,000,000 | ---D | C] -- C:\Users\Dawn\Desktop\logs
    [2010/07/02 22:45:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2010/07/02 22:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/07/02 22:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/07/02 21:37:06 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\Avira
    [2010/07/02 21:33:31 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2010/07/02 21:33:31 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2010/07/02 21:33:31 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
    [2010/07/02 21:33:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2010/07/02 21:33:31 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
    [2010/07/02 21:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2010/07/02 21:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/06/27 21:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2010/06/27 20:40:56 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\SUPERAntiSpyware.com
    [2010/06/27 20:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/06/26 19:22:28 | 000,000,000 | -H-D | C] -- C:\Users\Dawn\AppData\Roaming\GTek
    [2010/06/26 19:21:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\GTek
    [2010/06/26 19:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys EasyLink Advisor
    [2010/06/26 16:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-HSI
    [2010/06/26 16:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
    [2010/06/26 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
    [2010/05/29 09:44:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/05/29 09:44:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/05/29 09:32:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2010/05/29 09:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
    [2010/05/29 06:39:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
    [2010/05/29 06:39:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
    [2010/05/29 06:39:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
    [2010/05/29 06:18:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2010/05/28 20:23:44 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\usurhrngh
    [2010/05/22 15:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime
    [2010/05/22 15:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\ASL Deluxe
    [2010/04/23 18:57:53 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\Apple Computer
    [2010/04/09 20:26:08 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\Template
    [2010/04/07 20:24:18 | 000,000,000 | ---D | C] -- C:\Users\Dawn\Documents\comma_quiz_files
    [2010/04/07 20:18:17 | 000,000,000 | ---D | C] -- C:\Users\Dawn\Documents\nova2_files
    [2010/04/07 20:12:26 | 000,000,000 | ---D | C] -- C:\Users\Dawn\Documents\nova1_files

    ========== Files - Modified Within 90 Days ==========

    [2010/07/03 00:48:24 | 002,621,440 | -HS- | M] () -- C:\Users\Dawn\NTUSER.DAT
    [2010/07/03 00:48:00 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/07/03 00:48:00 | 000,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/07/03 00:48:00 | 000,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/07/03 00:42:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/07/03 00:42:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/07/03 00:42:00 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2010/07/03 00:41:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/07/03 00:41:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/07/03 00:41:29 | 3149,082,624 | -HS- | M] () -- C:\hiberfil.sys
    [2010/07/03 00:40:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2010/07/03 00:40:52 | 000,524,288 | -HS- | M] () -- C:\Users\Dawn\NTUSER.DAT{59d82961-2bce-11df-a7df-001f16d1fc99}.TMContainer00000000000000000001.regtrans-ms
    [2010/07/03 00:40:52 | 000,065,536 | -HS- | M] () -- C:\Users\Dawn\NTUSER.DAT{59d82961-2bce-11df-a7df-001f16d1fc99}.TM.blf
    [2010/07/03 00:40:49 | 001,716,491 | -H-- | M] () -- C:\Users\Dawn\AppData\Local\IconCache.db
    [2010/07/03 00:35:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
    [2010/07/03 00:20:47 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2010/07/02 22:45:51 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/07/02 21:33:41 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/06/28 20:09:28 | 000,008,741 | ---- | M] () -- C:\Users\Dawn\Documents\bills.xlsx
    [2010/06/27 20:23:11 | 000,001,874 | ---- | M] () -- C:\Users\Dawn\Desktop\HijackThis.lnk
    [2010/06/26 19:22:42 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Linksys EasyLink Advisor.lnk
    [2010/06/19 08:29:43 | 000,259,125 | ---- | M] () -- C:\Users\Dawn\Documents\send to chris.docx
    [2010/06/16 21:28:55 | 000,609,441 | ---- | M] () -- C:\Users\Dawn\Documents\Boot camp.docx
    [2010/06/02 22:50:34 | 000,497,433 | ---- | M] () -- C:\Users\Dawn\Documents\June 2.docx
    [2010/05/29 09:44:52 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/05/29 09:32:18 | 245,495,922 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/05/29 09:23:20 | 000,000,943 | ---- | M] () -- C:\Users\Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/05/29 06:41:55 | 000,389,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/05/25 20:56:07 | 000,454,785 | ---- | M] () -- C:\Users\Dawn\Documents\Hi.docx
    [2010/05/22 15:58:02 | 000,001,686 | ---- | M] () -- C:\Windows\vpd.properties
    [2010/05/22 11:20:48 | 000,450,124 | ---- | M] () -- C:\Users\Dawn\Documents\Chris 1.docx
    [2010/05/22 11:00:17 | 000,011,036 | ---- | M] () -- C:\Users\Dawn\Documents\Chris.docx
    [2010/05/12 21:31:47 | 000,000,109 | ---- | M] () -- C:\Users\Dawn\webct_upload_applet.properties
    [2010/05/12 21:31:13 | 000,023,715 | ---- | M] () -- C:\Users\Dawn\Documents\Final Essay.docx
    [2010/05/12 11:28:35 | 000,017,408 | ---- | M] () -- C:\Users\Dawn\Documents\rough draft.wps
    [2010/05/12 11:28:35 | 000,000,094 | ---- | M] () -- C:\Users\Dawn\AppData\Roaming\wklnhst.dat
    [2010/05/08 13:39:23 | 000,305,882 | ---- | M] () -- C:\Users\Dawn\Documents\Happy Mothers Day.ppsx
    [2010/05/08 13:36:35 | 000,305,880 | ---- | M] () -- C:\Users\Dawn\Documents\Happy Mothers Day.pptx
    [2010/05/08 13:30:37 | 000,305,822 | ---- | M] () -- C:\Users\Dawn\Documents\MOTHER.ppsx
    [2010/05/08 13:29:16 | 000,011,776 | ---- | M] () -- C:\Users\Dawn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/08 12:52:17 | 000,142,439 | ---- | M] () -- C:\Users\Dawn\Documents\MOTHER.pptx
    [2010/05/08 11:51:44 | 000,655,863 | ---- | M] () -- C:\Users\Dawn\Documents\HAPPY MOTHERS DAY.docx
    [2010/05/02 15:20:41 | 000,023,097 | ---- | M] () -- C:\Users\Dawn\Documents\Jourals2.docx
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/04/19 20:07:00 | 000,023,096 | ---- | M] () -- C:\Users\Dawn\Documents\The Effects of Job Loss.docx
    [2010/04/11 20:36:28 | 001,246,417 | ---- | M] () -- C:\Users\Dawn\Documents\Effects of Job Loss.pptx
    [2010/04/09 22:20:37 | 002,170,138 | ---- | M] () -- C:\Users\Dawn\Documents\Our Ocean's.docx
    [2010/04/07 20:25:16 | 000,030,320 | ---- | M] () -- C:\Users\Dawn\Documents\comma_quiz.docx
    [2010/04/07 20:24:18 | 000,011,778 | ---- | M] () -- C:\Users\Dawn\Documents\comma_quiz.htm
    [2010/04/07 20:21:10 | 000,050,731 | ---- | M] () -- C:\Users\Dawn\Documents\nova2.docx
    [2010/04/07 20:20:40 | 000,012,532 | ---- | M] () -- C:\Users\Dawn\Documents\nova2.htm
    [2010/04/07 20:15:49 | 000,057,054 | ---- | M] () -- C:\Users\Dawn\Documents\nova1.docx
    [2010/04/07 20:12:26 | 000,013,995 | ---- | M] () -- C:\Users\Dawn\Documents\nova1.htm

    ========== Files Created - No Company Name ==========

    [2010/07/02 22:45:51 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/07/02 21:33:41 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/06/28 20:06:48 | 000,008,741 | ---- | C] () -- C:\Users\Dawn\Documents\bills.xlsx
    [2010/06/27 20:35:26 | 3149,082,624 | -HS- | C] () -- C:\hiberfil.sys
    [2010/06/27 20:23:11 | 000,001,874 | ---- | C] () -- C:\Users\Dawn\Desktop\HijackThis.lnk
    [2010/06/26 19:22:42 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Linksys EasyLink Advisor.lnk
    [2010/06/19 08:29:43 | 000,259,125 | ---- | C] () -- C:\Users\Dawn\Documents\send to chris.docx
    [2010/06/16 21:28:54 | 000,609,441 | ---- | C] () -- C:\Users\Dawn\Documents\Boot camp.docx
    [2010/06/02 22:34:05 | 000,497,433 | ---- | C] () -- C:\Users\Dawn\Documents\June
     
  9. valee

    valee TS Rookie Topic Starter

    [2010/06/02 22:50:34 | 000,497,433 | ---- | M] () -- C:\Users\Dawn\Documents\June 2.docx
    [2010/05/29 09:44:52 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/05/29 09:32:18 | 245,495,922 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/05/29 09:23:20 | 000,000,943 | ---- | M] () -- C:\Users\Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/05/29 06:41:55 | 000,389,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/05/25 20:56:07 | 000,454,785 | ---- | M] () -- C:\Users\Dawn\Documents\Hi.docx
    [2010/05/22 15:58:02 | 000,001,686 | ---- | M] () -- C:\Windows\vpd.properties
    [2010/05/22 11:20:48 | 000,450,124 | ---- | M] () -- C:\Users\Dawn\Documents\Chris 1.docx
    [2010/05/22 11:00:17 | 000,011,036 | ---- | M] () -- C:\Users\Dawn\Documents\Chris.docx
    [2010/05/12 21:31:47 | 000,000,109 | ---- | M] () -- C:\Users\Dawn\webct_upload_applet.properties
    [2010/05/12 21:31:13 | 000,023,715 | ---- | M] () -- C:\Users\Dawn\Documents\Final Essay.docx
    [2010/05/12 11:28:35 | 000,017,408 | ---- | M] () -- C:\Users\Dawn\Documents\rough draft.wps
    [2010/05/12 11:28:35 | 000,000,094 | ---- | M] () -- C:\Users\Dawn\AppData\Roaming\wklnhst.dat
    [2010/05/08 13:39:23 | 000,305,882 | ---- | M] () -- C:\Users\Dawn\Documents\Happy Mothers Day.ppsx
    [2010/05/08 13:36:35 | 000,305,880 | ---- | M] () -- C:\Users\Dawn\Documents\Happy Mothers Day.pptx
    [2010/05/08 13:30:37 | 000,305,822 | ---- | M] () -- C:\Users\Dawn\Documents\MOTHER.ppsx
    [2010/05/08 13:29:16 | 000,011,776 | ---- | M] () -- C:\Users\Dawn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/08 12:52:17 | 000,142,439 | ---- | M] () -- C:\Users\Dawn\Documents\MOTHER.pptx
    [2010/05/08 11:51:44 | 000,655,863 | ---- | M] () -- C:\Users\Dawn\Documents\HAPPY MOTHERS DAY.docx
    [2010/05/02 15:20:41 | 000,023,097 | ---- | M] () -- C:\Users\Dawn\Documents\Jourals2.docx
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/04/19 20:07:00 | 000,023,096 | ---- | M] () -- C:\Users\Dawn\Documents\The Effects of Job Loss.docx
    [2010/04/11 20:36:28 | 001,246,417 | ---- | M] () -- C:\Users\Dawn\Documents\Effects of Job Loss.pptx
    [2010/04/09 22:20:37 | 002,170,138 | ---- | M] () -- C:\Users\Dawn\Documents\Our Ocean's.docx
    [2010/04/07 20:25:16 | 000,030,320 | ---- | M] () -- C:\Users\Dawn\Documents\comma_quiz.docx
    [2010/04/07 20:24:18 | 000,011,778 | ---- | M] () -- C:\Users\Dawn\Documents\comma_quiz.htm
    [2010/04/07 20:21:10 | 000,050,731 | ---- | M] () -- C:\Users\Dawn\Documents\nova2.docx
    [2010/04/07 20:20:40 | 000,012,532 | ---- | M] () -- C:\Users\Dawn\Documents\nova2.htm
    [2010/04/07 20:15:49 | 000,057,054 | ---- | M] () -- C:\Users\Dawn\Documents\nova1.docx
    [2010/04/07 20:12:26 | 000,013,995 | ---- | M] () -- C:\Users\Dawn\Documents\nova1.htm

    ========== Files Created - No Company Name ==========

    [2010/07/02 22:45:51 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/07/02 21:33:41 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/06/28 20:06:48 | 000,008,741 | ---- | C] () -- C:\Users\Dawn\Documents\bills.xlsx
    [2010/06/27 20:35:26 | 3149,082,624 | -HS- | C] () -- C:\hiberfil.sys
    [2010/06/27 20:23:11 | 000,001,874 | ---- | C] () -- C:\Users\Dawn\Desktop\HijackThis.lnk
    [2010/06/26 19:22:42 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Linksys EasyLink Advisor.lnk
    [2010/06/19 08:29:43 | 000,259,125 | ---- | C] () -- C:\Users\Dawn\Documents\send to chris.docx
    [2010/06/16 21:28:54 | 000,609,441 | ---- | C] () -- C:\Users\Dawn\Documents\Boot camp.docx
    [2010/06/02 22:34:05 | 000,497,433 | ---- | C] () -- C:\Users\Dawn\Documents\June 2.docx
    [2010/05/29 09:44:52 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/05/29 09:32:18 | 245,495,922 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/05/29 09:23:20 | 000,000,943 | ---- | C] () -- C:\Users\Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/05/25 20:56:07 | 000,454,785 | ---- | C] () -- C:\Users\Dawn\Documents\Hi.docx
    [2010/05/22 15:58:02 | 000,001,686 | ---- | C] () -- C:\Windows\vpd.properties
    [2010/05/22 11:20:47 | 000,450,124 | ---- | C] () -- C:\Users\Dawn\Documents\Chris 1.docx
    [2010/05/22 11:00:16 | 000,011,036 | ---- | C] () -- C:\Users\Dawn\Documents\Chris.docx
    [2010/05/12 11:28:34 | 000,017,408 | ---- | C] () -- C:\Users\Dawn\Documents\rough draft.wps
    [2010/05/12 10:35:57 | 000,023,715 | ---- | C] () -- C:\Users\Dawn\Documents\Final Essay.docx
    [2010/05/08 13:39:23 | 000,305,882 | ---- | C] () -- C:\Users\Dawn\Documents\Happy Mothers Day.ppsx
    [2010/05/08 13:36:35 | 000,305,880 | ---- | C] () -- C:\Users\Dawn\Documents\Happy Mothers Day.pptx
    [2010/05/08 13:30:37 | 000,305,822 | ---- | C] () -- C:\Users\Dawn\Documents\MOTHER.ppsx
    [2010/05/08 12:34:16 | 000,142,439 | ---- | C] () -- C:\Users\Dawn\Documents\MOTHER.pptx
    [2010/05/08 11:51:43 | 000,655,863 | ---- | C] () -- C:\Users\Dawn\Documents\HAPPY MOTHERS DAY.docx
    [2010/04/25 12:56:51 | 000,023,097 | ---- | C] () -- C:\Users\Dawn\Documents\Jourals2.docx
    [2010/04/19 12:37:47 | 000,023,096 | ---- | C] () -- C:\Users\Dawn\Documents\The Effects of Job Loss.docx
    [2010/04/11 19:55:50 | 001,246,417 | ---- | C] () -- C:\Users\Dawn\Documents\Effects of Job Loss.pptx
    [2010/04/09 21:03:38 | 002,170,138 | ---- | C] () -- C:\Users\Dawn\Documents\Our Ocean's.docx
    [2010/04/09 20:26:07 | 000,000,094 | ---- | C] () -- C:\Users\Dawn\AppData\Roaming\wklnhst.dat
    [2010/04/07 20:25:16 | 000,030,320 | ---- | C] () -- C:\Users\Dawn\Documents\comma_quiz.docx
    [2010/04/07 20:24:18 | 000,011,778 | ---- | C] () -- C:\Users\Dawn\Documents\comma_quiz.htm
    [2010/04/07 20:21:09 | 000,050,731 | ---- | C] () -- C:\Users\Dawn\Documents\nova2.docx
    [2010/04/07 20:18:17 | 000,012,532 | ---- | C] () -- C:\Users\Dawn\Documents\nova2.htm
    [2010/04/07 20:15:48 | 000,057,054 | ---- | C] () -- C:\Users\Dawn\Documents\nova1.docx
    [2010/04/07 20:12:25 | 000,013,995 | ---- | C] () -- C:\Users\Dawn\Documents\nova1.htm
    [2009/10/22 13:49:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2008/07/06 15:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
    [2008/06/29 09:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

    ========== LOP Check ==========

    [2010/04/09 20:26:08 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\Template
    [2009/11/28 22:48:31 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\WildTangent
    [2010/07/03 00:41:37 | 000,032,578 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < >

    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2010/07/03 00:23:35 | 000,011,920 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/07/03 00:41:29 | 3149,082,624 | -HS- | M] () -- C:\hiberfil.sys
    [2010/07/03 00:41:28 | 3462,868,992 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/01/20 21:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/05/29 06:25:19 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\rsaenh.dll
    [2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\SLC.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
    [2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
    [2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

    < %systemroot%\system32\user32.dll /md5 >
    [2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\user32.dll

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/01/20 21:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\ws2_32.dll

    < %systemroot%\system32\ws2help.dll /md5 >
    [2006/11/02 04:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\WINDOWS\System32\ws2help.dll

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
    < End of report >
     
  10. valee

    valee TS Rookie Topic Starter

    extras

    OTL Extras logfile created on: 7/3/2010 12:37:11 AM - Run 1
    OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Dawn\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.13 Gb Total Space | 107.45 Gb Free Space | 77.79% Space Free | Partition Type: NTFS
    Drive D: | 10.92 Gb Total Space | 1.83 Gb Free Space | 16.78% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: LAPTOP
    Current User Name: Dawn
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{DBC64A49-C9DF-42E8-8E50-15844501ECF6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1BCF7CB4-F32E-4FD1-A171-6D109CAEF3A0}" = protocol=17 | dir=in | app=c:\users\dawn\appdata\local\temp\7zs3331.tmp\symnrt.exe |
    "{21D15578-A49E-4B2A-9444-A053FE816322}" = protocol=6 | dir=in | app=c:\users\dawn\appdata\local\temp\7zs3331.tmp\symnrt.exe |
    "{A5DB7705-B01A-40C7-9E6E-EFF021E2AC2E}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{D2C45D5E-10E2-4478-9705-48C8B81E66D1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    "{E3C397BB-2111-4B99-8FF6-5A2E24ADABB2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{EECF9ED4-FEBD-443E-9F44-88D42B2DFF79}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{FCDB5623-5A37-45FD-8E74-AB9FB838D857}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
    "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
    "{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}" = NetZero For Cosmi
    "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
    "{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
    "{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
    "{E2F6F3BF-0E50-4EC9-BDE3-4C296129C5F6}" = Perfect Typing Pro English
    "{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HijackThis" = HijackThis 2.0.2
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MozBackup" = MozBackup 1.4.9
    "Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WildTangent hp Master Uninstall" = My HP Games

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/30/2010 2:15:59 AM | Computer Name = laptop | Source = Microsoft-Windows-CAPI2 | ID = 131077
    Description =

    Error - 6/30/2010 5:35:03 PM | Computer Name = laptop | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
    0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0xfb090000, process id 0x41c, application start time
    0x01cb171f583c188f.

    Error - 6/30/2010 5:37:21 PM | Computer Name = laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 6/30/2010 9:41:40 PM | Computer Name = laptop | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
    0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
    exception code 0xc000071b, fault offset 0x000888f5, process id 0x17b4, application
    start time 0x01cb189c501540b0.

    Error - 6/30/2010 9:44:55 PM | Computer Name = laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 7/2/2010 10:01:05 PM | Computer Name = laptop | Source = Application Error | ID = 1000
    Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4c2943a6,
    faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
    0xc0000005, fault offset 0x00000000, process id 0x1f7c, application start time 0x01cb1a53817ade40.
     
  11. valee

    valee TS Rookie Topic Starter

    rest of extras

    Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4c2943a6,
    faulting module chrome.dll, version 5.0.375.99, time stamp 0x4c294377, exception
    code 0xc0000005, fault offset 0x0039fccf, process id 0x2028, application start time
    0x01cb1a53e33b2900.

    Error - 7/2/2010 10:23:44 PM | Computer Name = laptop | Source = SPP | ID = 16387
    Description =

    Error - 7/2/2010 10:23:44 PM | Computer Name = laptop | Source = System Restore | ID = 8193
    Description =

    Error - 7/2/2010 10:30:55 PM | Computer Name = laptop | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Users\Dawn\AppData\Local\Temp\RarSFX0\redist.dll".
    Dependent
    Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ Media Center Events ]
    Error - 1/19/2010 11:02:02 PM | Computer Name = laptop | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    [ System Events ]
    Error - 6/2/2010 7:32:06 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7032
    Description =

    Error - 6/2/2010 10:14:10 PM | Computer Name = laptop | Source = DCOM | ID = 10010
    Description =

    Error - 6/2/2010 10:17:19 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7043
    Description =

    Error - 6/2/2010 10:17:54 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7043
    Description =

    Error - 6/2/2010 10:19:37 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 6/2/2010 10:19:37 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 6/2/2010 10:19:37 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7026
    Description =

    Error - 6/2/2010 11:35:34 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 6/2/2010 11:35:34 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 6/2/2010 11:35:34 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good...

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Are you still out there?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...