Inactive Firefox redirecting searches to random search engines and sites

Status
Not open for further replies.
V

valee

Posts: 8   +0
When I google something and click on the link I often get redirected to other search engines or random junk sites.
 

Attachments

  • mbam-log-2010-07-02 (22-50-35) - Copy.txt
    894 bytes · Views: 1
  • Attach.txt
    15 KB · Views: 0
  • DDS.txt
    12.1 KB · Views: 1
  • gmer.log
    3.1 KB · Views: 1
You have some Norton's leftovers. Please, run Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE. If Combofix asks you to install Recovery Console, please allow it.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 10-07-01.02 - Dawn 07/03/2010 0:12.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1899 [GMT -5:00]
Running from: c:\users\Dawn\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\MegaSR.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 )))))))))))))))))))))))))))))))
.

2010-07-03 05:20 . 2010-07-03 05:20 -------- d-----w- c:\users\Dawn\AppData\Local\temp
2010-07-03 03:40 . 2010-07-03 03:40 -------- d-----w- c:\program files\Common Files\Java
2010-07-03 03:40 . 2010-07-03 03:39 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-03 02:37 . 2010-07-03 02:37 -------- d-----w- c:\users\Dawn\AppData\Roaming\Avira
2010-07-03 02:33 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-03 02:33 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-03 02:33 . 2009-05-11 17:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-03 02:33 . 2009-05-11 17:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-03 02:33 . 2010-07-03 02:33 -------- d-----w- c:\programdata\Avira
2010-07-03 02:33 . 2010-07-03 02:33 -------- d-----w- c:\program files\Avira
2010-06-28 02:01 . 2010-06-28 02:01 -------- d-----w- c:\programdata\WindowsSearch
2010-06-28 01:41 . 2010-06-28 01:41 63488 ----a-w- c:\users\Dawn\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-28 01:41 . 2010-06-28 01:41 52224 ----a-w- c:\users\Dawn\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-28 01:41 . 2010-06-28 01:41 117760 ----a-w- c:\users\Dawn\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-28 01:40 . 2010-06-28 01:40 -------- d-----w- c:\users\Dawn\AppData\Roaming\SUPERAntiSpyware.com
2010-06-28 01:23 . 2010-06-28 01:23 -------- d-----w- c:\program files\Trend Micro
2010-06-27 00:22 . 2010-06-30 03:55 -------- d-----w- c:\users\Tom\AppData\Roaming\Gtek
2010-06-27 00:22 . 2010-06-27 00:22 -------- d-----w- c:\users\Default\AppData\Roaming\Gtek
2010-06-27 00:22 . 2010-06-27 00:22 -------- d--h--w- c:\users\Dawn\AppData\Roaming\GTek
2010-06-27 00:21 . 2010-06-27 00:22 -------- d--ha-w- c:\programdata\GTek
2010-06-27 00:21 . 2010-06-27 00:22 -------- d-----w- c:\program files\Linksys EasyLink Advisor
2010-06-26 21:50 . 2010-06-26 21:50 -------- d-----w- c:\program files\ATT-HSI
2010-06-26 21:50 . 2010-06-26 21:50 -------- d-----w- c:\programdata\Motive
2010-06-26 21:50 . 2010-06-26 21:50 -------- d-----w- c:\program files\Common Files\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 05:10 . 2009-04-09 09:51 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-03 03:45 . 2009-04-09 11:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-03 03:38 . 2009-04-09 11:27 -------- d-----w- c:\program files\Java
2010-06-03 03:23 . 2009-04-09 11:12 -------- d-----w- c:\programdata\Microsoft Help
2010-05-29 14:53 . 2010-05-22 20:57 -------- d-----w- c:\program files\ASL Deluxe
2010-05-29 14:44 . 2009-11-29 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-29 14:23 . 2010-05-29 14:23 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-05-29 11:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-05-29 11:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-05-29 11:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-05-29 11:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-05-29 11:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-05-29 11:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-05-29 11:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-29 11:38 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-22 20:57 . 2010-05-22 20:57 -------- d-----w- c:\programdata\QuickTime
2010-05-12 16:28 . 2010-04-10 01:26 94 ----a-w- c:\users\Dawn\AppData\Roaming\wklnhst.dat
2010-05-12 16:21 . 2009-10-09 22:17 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 20:39 . 2010-05-29 14:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-05-29 14:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 14:13 . 2010-05-26 00:34 2048 ----a-w- c:\windows\system32\tzres.dll
2009-04-09 10:32 . 2009-04-09 10:25 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"TypingSatellite"="c:\program files\Cosmi\Perfect Typing Pro English\KBOOST.EXE" [2002-01-08 740352]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-16 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):5a,a2,2c,4e,24,ff,ca,01

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.myquickfinder.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
FF - ProfilePath - c:\users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\dfzylxv8.default\
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-7f9b6c98097631e8cdb422334bc6c6d0 - c:\program files\ASL Deluxe\_uninstall\uninstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-03 00:20
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-03 00:23:35
ComboFix-quarantined-files.txt 2010-07-03 05:23

Pre-Run: 115,297,583,104 bytes free
Post-Run: 115,251,773,440 bytes free

- - End Of File - - EE840435CB9A2FF4CE112AEBF921699D
 
Appears to be gone, no redirects on links i previously tried, and everything is running faster and smoother.
 
Cool :)
Let's run couple more tests to make sure, your computer is totally clean.

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Restart computer.

========================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL.txt part 1

OTL logfile created on: 7/3/2010 12:43:50 AM - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Dawn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.13 Gb Total Space | 106.56 Gb Free Space | 77.15% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.83 Gb Free Space | 16.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Dawn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/03 00:35:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
PRC - [2010/07/02 21:02:11 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/10/09 09:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2002/01/08 18:02:02 | 000,740,352 | ---- | M] (TypingMaster Inc) -- C:\Program Files\Cosmi\Perfect Typing Pro English\kboost.exe


========== Modules (SafeList) ==========

MOD - [2010/07/03 00:35:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx
MOD - [2001/03/26 17:47:34 | 000,024,576 | ---- | M] (TypingMaster Oy) -- C:\Program Files\Cosmi\Perfect Typing Pro English\KBSatellite.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/04/30 17:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 17:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/09 05:32:45 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/04/09 05:32:45 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/04/09 05:32:45 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/12/20 02:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/06 15:15:24 | 002,378,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/06/29 09:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/06/10 13:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 11:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/17 13:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/10/31 20:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 20:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 20:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\yk60x86.sys -- (yukonwlh)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.myquickfinder.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..extensions.enabledItems: {F2DDDB92-1605-4260-9B25-45A4DAE87B50}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/02 21:08:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/02 22:45:51 | 000,000,000 | ---D | M]

[2009/11/29 10:45:36 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\Mozilla\Extensions
[2010/07/02 22:54:33 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\dfzylxv8.default\extensions
[2010/06/19 09:09:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\dfzylxv8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/29 10:47:37 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\dfzylxv8.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2010/07/02 22:54:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/02 22:40:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/27 03:00:40 | 000,000,000 | ---D | M] (QuestService) -- C:\Program Files\Mozilla Firefox\extensions\{F2DDDB92-1605-4260-9B25-45A4DAE87B50}
 
[2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nptgeqplugin.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [TypingSatellite] C:\Program Files\Cosmi\Perfect Typing Pro English\KBOOST.EXE (TypingMaster Inc)
O4 - Startup: C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\WINDOWS\System32\ias [2008/01/20 21:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/07/03 00:35:39 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
[2010/07/03 00:23:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/03 00:23:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/03 00:23:37 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\temp
[2010/07/03 00:07:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/02 22:52:52 | 000,000,000 | ---D | C] -- C:\Users\Dawn\Desktop\logs
[2010/07/02 22:45:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/07/02 22:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/02 22:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/02 21:37:06 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\Avira
[2010/07/02 21:33:31 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/07/02 21:33:31 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/07/02 21:33:31 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/07/02 21:33:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/07/02 21:33:31 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/07/02 21:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/07/02 21:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/06/27 21:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/06/27 20:40:56 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\SUPERAntiSpyware.com
[2010/06/27 20:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/26 19:22:28 | 000,000,000 | -H-D | C] -- C:\Users\Dawn\AppData\Roaming\GTek
[2010/06/26 19:21:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\GTek
[2010/06/26 19:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys EasyLink Advisor
[2010/06/26 16:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-HSI
[2010/06/26 16:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2010/06/26 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/05/29 09:44:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/29 09:44:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/29 09:32:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/29 09:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/05/29 06:39:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/05/29 06:39:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/05/29 06:39:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/05/29 06:18:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/05/28 20:23:44 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\usurhrngh
[2010/05/22 15:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime
[2010/05/22 15:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\ASL Deluxe
[2010/04/23 18:57:53 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\Apple Computer
[2010/04/09 20:26:08 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\Template
[2010/04/07 20:24:18 | 000,000,000 | ---D | C] -- C:\Users\Dawn\Documents\comma_quiz_files
[2010/04/07 20:18:17 | 000,000,000 | ---D | C] -- C:\Users\Dawn\Documents\nova2_files
[2010/04/07 20:12:26 | 000,000,000 | ---D | C] -- C:\Users\Dawn\Documents\nova1_files

========== Files - Modified Within 90 Days ==========

[2010/07/03 00:48:24 | 002,621,440 | -HS- | M] () -- C:\Users\Dawn\NTUSER.DAT
[2010/07/03 00:48:00 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/03 00:48:00 | 000,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/03 00:48:00 | 000,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/03 00:42:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/03 00:42:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/03 00:42:00 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/07/03 00:41:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/03 00:41:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/03 00:41:29 | 3149,082,624 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/03 00:40:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/03 00:40:52 | 000,524,288 | -HS- | M] () -- C:\Users\Dawn\NTUSER.DAT{59d82961-2bce-11df-a7df-001f16d1fc99}.TMContainer00000000000000000001.regtrans-ms
[2010/07/03 00:40:52 | 000,065,536 | -HS- | M] () -- C:\Users\Dawn\NTUSER.DAT{59d82961-2bce-11df-a7df-001f16d1fc99}.TM.blf
[2010/07/03 00:40:49 | 001,716,491 | -H-- | M] () -- C:\Users\Dawn\AppData\Local\IconCache.db
[2010/07/03 00:35:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
[2010/07/03 00:20:47 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/02 22:45:51 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/02 21:33:41 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/06/28 20:09:28 | 000,008,741 | ---- | M] () -- C:\Users\Dawn\Documents\bills.xlsx
[2010/06/27 20:23:11 | 000,001,874 | ---- | M] () -- C:\Users\Dawn\Desktop\HijackThis.lnk
[2010/06/26 19:22:42 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Linksys EasyLink Advisor.lnk
[2010/06/19 08:29:43 | 000,259,125 | ---- | M] () -- C:\Users\Dawn\Documents\send to chris.docx
[2010/06/16 21:28:55 | 000,609,441 | ---- | M] () -- C:\Users\Dawn\Documents\Boot camp.docx
[2010/06/02 22:50:34 | 000,497,433 | ---- | M] () -- C:\Users\Dawn\Documents\June 2.docx
[2010/05/29 09:44:52 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/29 09:32:18 | 245,495,922 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/29 09:23:20 | 000,000,943 | ---- | M] () -- C:\Users\Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/29 06:41:55 | 000,389,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/25 20:56:07 | 000,454,785 | ---- | M] () -- C:\Users\Dawn\Documents\Hi.docx
[2010/05/22 15:58:02 | 000,001,686 | ---- | M] () -- C:\Windows\vpd.properties
[2010/05/22 11:20:48 | 000,450,124 | ---- | M] () -- C:\Users\Dawn\Documents\Chris 1.docx
[2010/05/22 11:00:17 | 000,011,036 | ---- | M] () -- C:\Users\Dawn\Documents\Chris.docx
[2010/05/12 21:31:47 | 000,000,109 | ---- | M] () -- C:\Users\Dawn\webct_upload_applet.properties
[2010/05/12 21:31:13 | 000,023,715 | ---- | M] () -- C:\Users\Dawn\Documents\Final Essay.docx
[2010/05/12 11:28:35 | 000,017,408 | ---- | M] () -- C:\Users\Dawn\Documents\rough draft.wps
[2010/05/12 11:28:35 | 000,000,094 | ---- | M] () -- C:\Users\Dawn\AppData\Roaming\wklnhst.dat
[2010/05/08 13:39:23 | 000,305,882 | ---- | M] () -- C:\Users\Dawn\Documents\Happy Mothers Day.ppsx
[2010/05/08 13:36:35 | 000,305,880 | ---- | M] () -- C:\Users\Dawn\Documents\Happy Mothers Day.pptx
[2010/05/08 13:30:37 | 000,305,822 | ---- | M] () -- C:\Users\Dawn\Documents\MOTHER.ppsx
[2010/05/08 13:29:16 | 000,011,776 | ---- | M] () -- C:\Users\Dawn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/08 12:52:17 | 000,142,439 | ---- | M] () -- C:\Users\Dawn\Documents\MOTHER.pptx
[2010/05/08 11:51:44 | 000,655,863 | ---- | M] () -- C:\Users\Dawn\Documents\HAPPY MOTHERS DAY.docx
[2010/05/02 15:20:41 | 000,023,097 | ---- | M] () -- C:\Users\Dawn\Documents\Jourals2.docx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/19 20:07:00 | 000,023,096 | ---- | M] () -- C:\Users\Dawn\Documents\The Effects of Job Loss.docx
[2010/04/11 20:36:28 | 001,246,417 | ---- | M] () -- C:\Users\Dawn\Documents\Effects of Job Loss.pptx
[2010/04/09 22:20:37 | 002,170,138 | ---- | M] () -- C:\Users\Dawn\Documents\Our Ocean's.docx
[2010/04/07 20:25:16 | 000,030,320 | ---- | M] () -- C:\Users\Dawn\Documents\comma_quiz.docx
[2010/04/07 20:24:18 | 000,011,778 | ---- | M] () -- C:\Users\Dawn\Documents\comma_quiz.htm
[2010/04/07 20:21:10 | 000,050,731 | ---- | M] () -- C:\Users\Dawn\Documents\nova2.docx
[2010/04/07 20:20:40 | 000,012,532 | ---- | M] () -- C:\Users\Dawn\Documents\nova2.htm
[2010/04/07 20:15:49 | 000,057,054 | ---- | M] () -- C:\Users\Dawn\Documents\nova1.docx
[2010/04/07 20:12:26 | 000,013,995 | ---- | M] () -- C:\Users\Dawn\Documents\nova1.htm

========== Files Created - No Company Name ==========

[2010/07/02 22:45:51 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/02 21:33:41 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/06/28 20:06:48 | 000,008,741 | ---- | C] () -- C:\Users\Dawn\Documents\bills.xlsx
[2010/06/27 20:35:26 | 3149,082,624 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/27 20:23:11 | 000,001,874 | ---- | C] () -- C:\Users\Dawn\Desktop\HijackThis.lnk
[2010/06/26 19:22:42 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Linksys EasyLink Advisor.lnk
[2010/06/19 08:29:43 | 000,259,125 | ---- | C] () -- C:\Users\Dawn\Documents\send to chris.docx
[2010/06/16 21:28:54 | 000,609,441 | ---- | C] () -- C:\Users\Dawn\Documents\Boot camp.docx
[2010/06/02 22:34:05 | 000,497,433 | ---- | C] () -- C:\Users\Dawn\Documents\June
 
[2010/06/02 22:50:34 | 000,497,433 | ---- | M] () -- C:\Users\Dawn\Documents\June 2.docx
[2010/05/29 09:44:52 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/29 09:32:18 | 245,495,922 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/29 09:23:20 | 000,000,943 | ---- | M] () -- C:\Users\Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/29 06:41:55 | 000,389,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/25 20:56:07 | 000,454,785 | ---- | M] () -- C:\Users\Dawn\Documents\Hi.docx
[2010/05/22 15:58:02 | 000,001,686 | ---- | M] () -- C:\Windows\vpd.properties
[2010/05/22 11:20:48 | 000,450,124 | ---- | M] () -- C:\Users\Dawn\Documents\Chris 1.docx
[2010/05/22 11:00:17 | 000,011,036 | ---- | M] () -- C:\Users\Dawn\Documents\Chris.docx
[2010/05/12 21:31:47 | 000,000,109 | ---- | M] () -- C:\Users\Dawn\webct_upload_applet.properties
[2010/05/12 21:31:13 | 000,023,715 | ---- | M] () -- C:\Users\Dawn\Documents\Final Essay.docx
[2010/05/12 11:28:35 | 000,017,408 | ---- | M] () -- C:\Users\Dawn\Documents\rough draft.wps
[2010/05/12 11:28:35 | 000,000,094 | ---- | M] () -- C:\Users\Dawn\AppData\Roaming\wklnhst.dat
[2010/05/08 13:39:23 | 000,305,882 | ---- | M] () -- C:\Users\Dawn\Documents\Happy Mothers Day.ppsx
[2010/05/08 13:36:35 | 000,305,880 | ---- | M] () -- C:\Users\Dawn\Documents\Happy Mothers Day.pptx
[2010/05/08 13:30:37 | 000,305,822 | ---- | M] () -- C:\Users\Dawn\Documents\MOTHER.ppsx
[2010/05/08 13:29:16 | 000,011,776 | ---- | M] () -- C:\Users\Dawn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/08 12:52:17 | 000,142,439 | ---- | M] () -- C:\Users\Dawn\Documents\MOTHER.pptx
[2010/05/08 11:51:44 | 000,655,863 | ---- | M] () -- C:\Users\Dawn\Documents\HAPPY MOTHERS DAY.docx
[2010/05/02 15:20:41 | 000,023,097 | ---- | M] () -- C:\Users\Dawn\Documents\Jourals2.docx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/19 20:07:00 | 000,023,096 | ---- | M] () -- C:\Users\Dawn\Documents\The Effects of Job Loss.docx
[2010/04/11 20:36:28 | 001,246,417 | ---- | M] () -- C:\Users\Dawn\Documents\Effects of Job Loss.pptx
[2010/04/09 22:20:37 | 002,170,138 | ---- | M] () -- C:\Users\Dawn\Documents\Our Ocean's.docx
[2010/04/07 20:25:16 | 000,030,320 | ---- | M] () -- C:\Users\Dawn\Documents\comma_quiz.docx
[2010/04/07 20:24:18 | 000,011,778 | ---- | M] () -- C:\Users\Dawn\Documents\comma_quiz.htm
[2010/04/07 20:21:10 | 000,050,731 | ---- | M] () -- C:\Users\Dawn\Documents\nova2.docx
[2010/04/07 20:20:40 | 000,012,532 | ---- | M] () -- C:\Users\Dawn\Documents\nova2.htm
[2010/04/07 20:15:49 | 000,057,054 | ---- | M] () -- C:\Users\Dawn\Documents\nova1.docx
[2010/04/07 20:12:26 | 000,013,995 | ---- | M] () -- C:\Users\Dawn\Documents\nova1.htm

========== Files Created - No Company Name ==========

[2010/07/02 22:45:51 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/02 21:33:41 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/06/28 20:06:48 | 000,008,741 | ---- | C] () -- C:\Users\Dawn\Documents\bills.xlsx
[2010/06/27 20:35:26 | 3149,082,624 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/27 20:23:11 | 000,001,874 | ---- | C] () -- C:\Users\Dawn\Desktop\HijackThis.lnk
[2010/06/26 19:22:42 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Linksys EasyLink Advisor.lnk
[2010/06/19 08:29:43 | 000,259,125 | ---- | C] () -- C:\Users\Dawn\Documents\send to chris.docx
[2010/06/16 21:28:54 | 000,609,441 | ---- | C] () -- C:\Users\Dawn\Documents\Boot camp.docx
[2010/06/02 22:34:05 | 000,497,433 | ---- | C] () -- C:\Users\Dawn\Documents\June 2.docx
[2010/05/29 09:44:52 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/29 09:32:18 | 245,495,922 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/29 09:23:20 | 000,000,943 | ---- | C] () -- C:\Users\Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/25 20:56:07 | 000,454,785 | ---- | C] () -- C:\Users\Dawn\Documents\Hi.docx
[2010/05/22 15:58:02 | 000,001,686 | ---- | C] () -- C:\Windows\vpd.properties
[2010/05/22 11:20:47 | 000,450,124 | ---- | C] () -- C:\Users\Dawn\Documents\Chris 1.docx
[2010/05/22 11:00:16 | 000,011,036 | ---- | C] () -- C:\Users\Dawn\Documents\Chris.docx
[2010/05/12 11:28:34 | 000,017,408 | ---- | C] () -- C:\Users\Dawn\Documents\rough draft.wps
[2010/05/12 10:35:57 | 000,023,715 | ---- | C] () -- C:\Users\Dawn\Documents\Final Essay.docx
[2010/05/08 13:39:23 | 000,305,882 | ---- | C] () -- C:\Users\Dawn\Documents\Happy Mothers Day.ppsx
[2010/05/08 13:36:35 | 000,305,880 | ---- | C] () -- C:\Users\Dawn\Documents\Happy Mothers Day.pptx
[2010/05/08 13:30:37 | 000,305,822 | ---- | C] () -- C:\Users\Dawn\Documents\MOTHER.ppsx
[2010/05/08 12:34:16 | 000,142,439 | ---- | C] () -- C:\Users\Dawn\Documents\MOTHER.pptx
[2010/05/08 11:51:43 | 000,655,863 | ---- | C] () -- C:\Users\Dawn\Documents\HAPPY MOTHERS DAY.docx
[2010/04/25 12:56:51 | 000,023,097 | ---- | C] () -- C:\Users\Dawn\Documents\Jourals2.docx
[2010/04/19 12:37:47 | 000,023,096 | ---- | C] () -- C:\Users\Dawn\Documents\The Effects of Job Loss.docx
[2010/04/11 19:55:50 | 001,246,417 | ---- | C] () -- C:\Users\Dawn\Documents\Effects of Job Loss.pptx
[2010/04/09 21:03:38 | 002,170,138 | ---- | C] () -- C:\Users\Dawn\Documents\Our Ocean's.docx
[2010/04/09 20:26:07 | 000,000,094 | ---- | C] () -- C:\Users\Dawn\AppData\Roaming\wklnhst.dat
[2010/04/07 20:25:16 | 000,030,320 | ---- | C] () -- C:\Users\Dawn\Documents\comma_quiz.docx
[2010/04/07 20:24:18 | 000,011,778 | ---- | C] () -- C:\Users\Dawn\Documents\comma_quiz.htm
[2010/04/07 20:21:09 | 000,050,731 | ---- | C] () -- C:\Users\Dawn\Documents\nova2.docx
[2010/04/07 20:18:17 | 000,012,532 | ---- | C] () -- C:\Users\Dawn\Documents\nova2.htm
[2010/04/07 20:15:48 | 000,057,054 | ---- | C] () -- C:\Users\Dawn\Documents\nova1.docx
[2010/04/07 20:12:25 | 000,013,995 | ---- | C] () -- C:\Users\Dawn\Documents\nova1.htm
[2009/10/22 13:49:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/07/06 15:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/06/29 09:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/04/09 20:26:08 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\Template
[2009/11/28 22:48:31 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\WildTangent
[2010/07/03 00:41:37 | 000,032,578 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< >

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/07/03 00:23:35 | 000,011,920 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/07/03 00:41:29 | 3149,082,624 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/03 00:41:28 | 3462,868,992 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/01/20 21:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/05/29 06:25:19 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 21:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 04:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\WINDOWS\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >
 
extras

OTL Extras logfile created on: 7/3/2010 12:37:11 AM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Dawn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.13 Gb Total Space | 107.45 Gb Free Space | 77.79% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.83 Gb Free Space | 16.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Dawn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DBC64A49-C9DF-42E8-8E50-15844501ECF6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BCF7CB4-F32E-4FD1-A171-6D109CAEF3A0}" = protocol=17 | dir=in | app=c:\users\dawn\appdata\local\temp\7zs3331.tmp\symnrt.exe |
"{21D15578-A49E-4B2A-9444-A053FE816322}" = protocol=6 | dir=in | app=c:\users\dawn\appdata\local\temp\7zs3331.tmp\symnrt.exe |
"{A5DB7705-B01A-40C7-9E6E-EFF021E2AC2E}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{D2C45D5E-10E2-4478-9705-48C8B81E66D1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E3C397BB-2111-4B99-8FF6-5A2E24ADABB2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EECF9ED4-FEBD-443E-9F44-88D42B2DFF79}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{FCDB5623-5A37-45FD-8E74-AB9FB838D857}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}" = NetZero For Cosmi
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E2F6F3BF-0E50-4EC9-BDE3-4C296129C5F6}" = Perfect Typing Pro English
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"PROPLUS" = Microsoft Office Professional Plus 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = My HP Games

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2010 2:15:59 AM | Computer Name = laptop | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 6/30/2010 5:35:03 PM | Computer Name = laptop | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0xfb090000, process id 0x41c, application start time
0x01cb171f583c188f.

Error - 6/30/2010 5:37:21 PM | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =

Error - 6/30/2010 9:41:40 PM | Computer Name = laptop | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc000071b, fault offset 0x000888f5, process id 0x17b4, application
start time 0x01cb189c501540b0.

Error - 6/30/2010 9:44:55 PM | Computer Name = laptop | Source = WinMgmt | ID = 10
Description =

Error - 7/2/2010 10:01:05 PM | Computer Name = laptop | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4c2943a6,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x1f7c, application start time 0x01cb1a53817ade40.
 
rest of extras

Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4c2943a6,
faulting module chrome.dll, version 5.0.375.99, time stamp 0x4c294377, exception
code 0xc0000005, fault offset 0x0039fccf, process id 0x2028, application start time
0x01cb1a53e33b2900.

Error - 7/2/2010 10:23:44 PM | Computer Name = laptop | Source = SPP | ID = 16387
Description =

Error - 7/2/2010 10:23:44 PM | Computer Name = laptop | Source = System Restore | ID = 8193
Description =

Error - 7/2/2010 10:30:55 PM | Computer Name = laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Dawn\AppData\Local\Temp\RarSFX0\redist.dll".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 1/19/2010 11:02:02 PM | Computer Name = laptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 6/2/2010 7:32:06 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7032
Description =

Error - 6/2/2010 10:14:10 PM | Computer Name = laptop | Source = DCOM | ID = 10010
Description =

Error - 6/2/2010 10:17:19 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7043
Description =

Error - 6/2/2010 10:17:54 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7043
Description =

Error - 6/2/2010 10:19:37 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 6/2/2010 10:19:37 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 6/2/2010 10:19:37 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7026
Description =

Error - 6/2/2010 11:35:34 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 6/2/2010 11:35:34 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 6/2/2010 11:35:34 PM | Computer Name = laptop | Source = Service Control Manager | ID = 7026
Description =


< End of report >
 
Looks good...

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
Status
Not open for further replies.

Similar threads

A
New study confirms the obvious, search results are only getting worse
2
Replies
25
Views
476
hahahanoobs
hahahanoobs
A
Google updates Search to fight low-quality spammy content, doesn't mention "AI" at all
Replies
5
Views
148
UdyrL
UdyrL
midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
145
James Ryan
J

Latest posts

Back