Antispyware Soft

Hi guys!
My daughter caught Antispyware Soft, and I need some help, please. I have a HighjackThis log that I ran in Safe Mode, but this bugger won't allow me to open it to post. Any suggestions?

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

• Please Download Rkill.com. Save it to your Desktop.
  
• Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  
  
• NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.
  
  
• Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  
• Please be patient while the program looks for various malware programs and ends them.
  
• When it has finished, the black window will automatically close and you can continue with the next step.
  

NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Can you open it now?

Thanks so much!
I was able to download and click on it. Rkill ran, and gave me a short log. Do you need it?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:17:30 PM, on 5/23/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM\aim.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Elizabeth\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [tgxvarvl] C:\Users\Elizabeth\AppData\Local\jrunxvcxi\ddsiibstssd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6428 bytes

Hello.

• Open HijackThis.
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
  O4 - HKCU\..\Run: [tgxvarvl] C:\Users\Elizabeth\AppData\Local\jrunxvcxi\ddsiibstssd.exe
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Remove the Proxy setting in Internet Explorer and/or in FireFox.

In Internet Explorer

1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
   

In Firefox

1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
   
2. Click the apply button and restart that computer in normal mode.
   

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Done.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

5/24/2010 10:35:27 AM
mbam-log-2010-05-24 (10-35-27).txt

Scan type: Quick scan
Objects scanned: 119942
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.

Dang! There is another one!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4139

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

5/24/2010 11:59:20 AM
mbam-log-2010-05-24 (11-59-20).txt

Scan type: Quick scan
Objects scanned: 123859
Time elapsed: 8 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Elizabeth\AppData\Local\Temp\knmxwn.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

OK, after pasting that, I clicked out of it and found the Malwarebytes said to restart my computer. I did, and then ran MWB agaim. Here is the result aftre the restart:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4139

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

5/24/2010 12:35:15 PM
mbam-log-2010-05-24 (12-35-15).txt

Scan type: Quick scan
Objects scanned: 124065
Time elapsed: 7 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

I played around with OTL, and found I needed to change settings to get an Extras.txt. Here are both of the new ones:

OTL logfile created on: 5/25/2010 10:03:55 AM - Run 7
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Elizabeth\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.52 Gb Total Space | 101.21 Gb Free Space | 45.90% Space Free | Partition Type: NTFS
Drive D: | 12.36 Gb Total Space | 1.69 Gb Free Space | 13.68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 298.02 Gb Total Space | 156.62 Gb Free Space | 52.55% Space Free | Partition Type: FAT32

Computer Name: ELIZABETH-PC
Current User Name: Elizabeth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/25 09:58:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Elizabeth\Downloads\OTL(3).exe
PRC - [2009/10/05 12:10:02 | 003,634,024 | ---- | M] (AOL LLC) -- C:\Program Files\AIM\aim.exe
PRC - [2009/08/28 09:05:50 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/28 09:05:49 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/28 09:05:47 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/28 09:05:45 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/28 09:05:39 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/27 18:28:05 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 19:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/05/25 09:58:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Elizabeth\Downloads\OTL(3).exe
MOD - [2009/08/28 09:05:50 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 19:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/28 09:05:45 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/28 09:05:39 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/03/03 14:53:32 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008/02/03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 09:05:50 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/28 09:05:50 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/17 09:37:09 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/11/11 10:15:12 | 002,236,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/26 23:51:00 | 007,478,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/26 03:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/09/09 17:58:08 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008/08/01 05:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/21 09:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 09:12:22 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 02:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 19:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 19:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/03/11 12:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: hufftoolbar@huffingtonpost.com:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: hufftheme@huffingtonpost.com:0.0.6
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=chrff-brandt_off&type=000101X001US&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/23 17:13:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/23 20:44:19 | 000,000,000 | ---D | M]

[2009/02/22 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Extensions
[2010/05/24 17:54:37 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\p8vo75t7.default\extensions
[2009/09/03 06:42:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\p8vo75t7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/04 09:51:31 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\p8vo75t7.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/02/25 12:40:40 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\p8vo75t7.default\extensions\hufftheme@huffingtonpost.com
[2009/02/25 12:40:42 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\p8vo75t7.default\extensions\hufftoolbar@huffingtonpost.com
[2009/04/10 19:24:41 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\p8vo75t7.default\extensions\moveplayer@movenetworks.com
[2009/02/25 12:40:43 | 000,002,273 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\p8vo75t7.default\searchplugins\ask.xml
[2009/02/25 12:40:43 | 000,000,567 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\p8vo75t7.default\searchplugins\yahoo.xml
[2010/05/23 20:44:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/23 20:44:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/23 20:44:10 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/24 10:12:23 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\Desktop\backups
[2010/05/23 20:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/23 20:44:19 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/23 17:52:08 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\.SunDownloadManager
[2010/05/23 16:11:19 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\jrunxvcxi
[2010/05/23 13:52:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2010/05/23 13:52:02 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\Last.fm
[2010/05/23 13:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Last.fm
[2010/05/04 15:47:51 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\Documents\Hallelujah

========== Files - Modified Within 30 Days ==========

[2010/05/25 10:03:55 | 003,145,728 | -HS- | M] () -- C:\Users\Elizabeth\NTUSER.DAT
[2010/05/25 10:02:39 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/25 10:02:39 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/25 10:02:39 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/25 09:55:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/25 09:55:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/25 09:55:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/25 09:54:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/25 09:54:41 | 1878,163,456 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/25 09:52:43 | 000,524,288 | -HS- | M] () -- C:\Users\Elizabeth\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/25 09:52:43 | 000,065,536 | -HS- | M] () -- C:\Users\Elizabeth\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/25 09:52:07 | 002,050,664 | -H-- | M] () -- C:\Users\Elizabeth\AppData\Local\IconCache.db
[2010/05/25 08:18:34 | 060,360,981 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/23 20:44:10 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/23 20:44:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/23 20:44:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/23 20:44:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/23 16:27:36 | 000,000,036 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\housecall.guid.cache
[2010/05/22 13:05:30 | 000,018,944 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/20 15:31:13 | 000,022,620 | ---- | M] () -- C:\Users\Elizabeth\Documents\Nice Things.rtf
[2010/05/19 23:36:36 | 000,016,172 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\wklnhst.dat
[2010/05/19 23:35:56 | 000,068,681 | ---- | M] () -- C:\Users\Elizabeth\Documents\Hoes B4 Bros.fdr
[2010/05/19 10:31:08 | 000,142,856 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/19 10:24:00 | 000,636,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/18 21:46:42 | 000,001,146 | ---- | M] () -- C:\Users\Elizabeth\Documents\punch.rtf
[2010/05/18 15:30:11 | 000,004,823 | ---- | M] () -- C:\Users\Elizabeth\Documents\Tumblr Tuesday.rtf
[2010/05/16 17:51:54 | 000,001,714 | ---- | M] () -- C:\Users\Elizabeth\Documents\30 Days of Movies.rtf
[2010/05/13 20:11:14 | 000,001,521 | ---- | M] () -- C:\Users\Elizabeth\Documents\hehe SNL snark.rtf
[2010/05/12 16:26:27 | 000,029,184 | ---- | M] () -- C:\Users\Elizabeth\Documents\Take Home Final.doc
[2010/05/12 16:26:16 | 000,019,456 | ---- | M] () -- C:\Users\Elizabeth\Documents\Take-home Final.wps
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/09 20:29:56 | 000,004,706 | ---- | M] () -- C:\Users\Elizabeth\Documents\may 9.rtf
[2010/05/07 16:56:52 | 000,033,280 | ---- | M] () -- C:\Users\Elizabeth\Documents\OTHELLO FINAL.doc
[2010/05/07 16:56:26 | 000,028,160 | ---- | M] () -- C:\Users\Elizabeth\Documents\OTHELLOOOOOOOOOOOOOOOOOOO.wps
[2010/05/03 18:50:30 | 000,003,690 | ---- | M] () -- C:\Users\Elizabeth\Documents\99.rtf
[2010/05/02 15:01:21 | 000,003,180 | ---- | M] () -- C:\Users\Elizabeth\Documents\Donnie Darko By Yourself.rtf
[2010/04/30 21:59:47 | 000,000,971 | ---- | M] () -- C:\Users\Elizabeth\Documents\Things that make me laugh.rtf
[2010/04/29 21:59:17 | 000,004,328 | ---- | M] () -- C:\Users\Elizabeth\Documents\Golden State of Mind.rtf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 20:28:25 | 000,009,216 | ---- | M] () -- C:\Users\Elizabeth\Documents\jobs.wps
[2010/04/28 20:05:25 | 000,012,800 | ---- | M] () -- C:\Users\Elizabeth\Documents\coco.wps
[2010/04/27 21:24:47 | 000,003,195 | ---- | M] () -- C:\Users\Elizabeth\Documents\ARG.rtf
[2010/04/27 19:24:17 | 000,010,752 | ---- | M] () -- C:\Users\Elizabeth\Documents\ARFORMAT.wps
[2010/04/27 18:34:11 | 000,001,727 | ---- | M] () -- C:\Users\Elizabeth\Documents\30 days of TV.rtf
[2010/04/27 17:12:20 | 000,013,312 | ---- | M] () -- C:\Users\Elizabeth\Documents\Death.wps

========== Files Created - No Company Name ==========

[2010/05/23 17:19:57 | 1878,163,456 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/23 16:27:36 | 000,000,036 | ---- | C] () -- C:\Users\Elizabeth\AppData\Local\housecall.guid.cache
[2010/05/18 21:46:42 | 000,001,146 | ---- | C] () -- C:\Users\Elizabeth\Documents\punch.rtf
[2010/05/18 15:30:11 | 000,004,823 | ---- | C] () -- C:\Users\Elizabeth\Documents\Tumblr Tuesday.rtf
[2010/05/13 20:11:14 | 000,001,521 | ---- | C] () -- C:\Users\Elizabeth\Documents\hehe SNL snark.rtf
[2010/05/12 16:26:24 | 000,029,184 | ---- | C] () -- C:\Users\Elizabeth\Documents\Take Home Final.doc
[2010/05/12 15:23:03 | 000,019,456 | ---- | C] () -- C:\Users\Elizabeth\Documents\Take-home Final.wps
[2010/05/09 20:29:56 | 000,004,706 | ---- | C] () -- C:\Users\Elizabeth\Documents\may 9.rtf
[2010/05/07 16:56:47 | 000,033,280 | ---- | C] () -- C:\Users\Elizabeth\Documents\OTHELLO FINAL.doc
[2010/05/07 12:37:30 | 000,028,160 | ---- | C] () -- C:\Users\Elizabeth\Documents\OTHELLOOOOOOOOOOOOOOOOOOO.wps
[2010/05/03 18:50:30 | 000,003,690 | ---- | C] () -- C:\Users\Elizabeth\Documents\99.rtf
[2010/04/30 21:59:47 | 000,000,971 | ---- | C] () -- C:\Users\Elizabeth\Documents\Things that make me laugh.rtf
[2010/04/28 20:28:25 | 000,009,216 | ---- | C] () -- C:\Users\Elizabeth\Documents\jobs.wps
[2010/04/28 18:35:05 | 000,004,328 | ---- | C] () -- C:\Users\Elizabeth\Documents\Golden State of Mind.rtf
[2010/04/28 17:26:03 | 000,012,800 | ---- | C] () -- C:\Users\Elizabeth\Documents\coco.wps
[2010/04/27 21:24:47 | 000,003,195 | ---- | C] () -- C:\Users\Elizabeth\Documents\ARG.rtf
[2010/04/27 19:24:17 | 000,010,752 | ---- | C] () -- C:\Users\Elizabeth\Documents\ARFORMAT.wps
[2010/04/27 18:34:10 | 000,001,727 | ---- | C] () -- C:\Users\Elizabeth\Documents\30 days of TV.rtf
[2010/04/27 16:37:21 | 000,013,312 | ---- | C] () -- C:\Users\Elizabeth\Documents\Death.wps
[2009/10/20 15:04:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/18 10:21:48 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/18 10:21:48 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/02/09 18:43:46 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2009/02/09 18:43:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >

OTL Extras logfile created on: 5/25/2010 10:03:55 AM - Run 7
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Elizabeth\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.52 Gb Total Space | 101.21 Gb Free Space | 45.90% Space Free | Partition Type: NTFS
Drive D: | 12.36 Gb Total Space | 1.69 Gb Free Space | 13.68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 298.02 Gb Total Space | 156.62 Gb Free Space | 52.55% Space Free | Partition Type: FAT32

Computer Name: ELIZABETH-PC
Current User Name: Elizabeth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E2CBC1A-F02F-41F5-9774-C3752D842FC8}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{23B9C665-CDAE-4D0C-8689-AE3F7FC4A981}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{289421EC-4146-4D3E-87E8-8E30FC07A6B6}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{3A5EC91E-3AD1-45F5-950B-B6FB3F207A64}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{3BE7E1BF-F781-425B-AF9C-B537E5754028}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{48BF5F71-B1B1-448C-8638-00D576A9F5C0}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{51D9BAB3-B62A-451C-A2A4-957908B59559}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{51F6C493-C806-4257-9B83-778E0DAE2658}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{6C4C9747-F467-4195-8FB9-D099D7A2A713}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{7322BC43-C624-4491-9E06-4D44EAAEA40C}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{74944659-F6B5-42BF-9582-839A9F6DDF3B}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{8036D11E-72AE-4D86-A7E4-1024ABD61CA1}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{82C6FA5F-7E79-407B-AB30-CF14929C2A40}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{85204707-A45B-4EAC-A505-AADD4E26FEAF}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{85EF1BD0-9160-4B1F-8693-DDA4FC6121F1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8DEB5C3D-F279-495E-9CA4-F4717BB61B90}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{93E4895B-32BC-40A8-AC42-1B5C08FC3C34}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{ADCA2B7B-C471-4A49-9818-B9087A3E2222}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{B8899725-1691-49DD-9C1A-CA08DFB0A258}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C149525E-61A3-4CD5-A887-FEF98CEABF6A}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{C1769074-0C41-430A-BD6F-BD108D78A464}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{CD4A4E4E-7556-47A4-B680-9A5312428B58}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{EB5CDF87-AE08-4C7B-8991-50D1BA364C04}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{EE66B786-5957-4608-9957-7A1546F5190F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{FFF80221-814E-41A8-97D8-E022D337F8F0}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3AF47C4E-065B-FF3F-93DE-8D9AD4E8C10D}" = TweetDeck
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2016015-8323-4AF8-8B3E-F56239D7D59D}" = HP Demo
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}" = eMedia Guitar Basics
"{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3File" = AC3File (remove only)
"AC3Filter_is1" = AC3Filter 1.60b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AIM_7" = AIM 7
"AVG8Uninstall" = AVG Free 8.5
"AviSynth" = AviSynth 2.5
"BlackBerry_{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Videora iPod Converter" = Videora iPod Converter 5.04
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 5.9.2
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/19/2010 1:32:03 PM | Computer Name = Elizabeth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/19/2010 1:32:03 PM | Computer Name = Elizabeth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/19/2010 1:32:03 PM | Computer Name = Elizabeth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/19/2010 1:32:10 PM | Computer Name = Elizabeth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/19/2010 1:32:11 PM | Computer Name = Elizabeth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/19/2010 1:32:12 PM | Computer Name = Elizabeth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/20/2010 2:03:02 PM | Computer Name = Elizabeth-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/21/2010 12:35:41 PM | Computer Name = Elizabeth-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/21/2010 7:28:47 PM | Computer Name = Elizabeth-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/21/2010 7:28:47 PM | Computer Name = Elizabeth-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 5/24/2010 1:22:36 PM | Computer Name = Elizabeth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/24/2010 1:22:36 PM | Computer Name = Elizabeth-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/24/2010 2:04:14 PM | Computer Name = Elizabeth-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.3 for the Network Card with network address
0021296EDC25 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent
a DHCPNACK message).

Error - 5/24/2010 2:46:41 PM | Computer Name = Elizabeth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/24/2010 2:46:41 PM | Computer Name = Elizabeth-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/24/2010 3:27:03 PM | Computer Name = Elizabeth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/24/2010 3:27:03 PM | Computer Name = Elizabeth-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/25/2010 8:38:43 AM | Computer Name = Elizabeth-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetbiosSmb because
another computer on the network has the same name. The server could not start.

Error - 5/25/2010 12:56:20 PM | Computer Name = Elizabeth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/25/2010 12:56:20 PM | Computer Name = Elizabeth-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Hello.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  [2010/05/23 16:11:19 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\jrunxvcxi
  
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Here you go!

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Elizabeth\AppData\Local\jrunxvcxi folder moved successfully.

OTL by OldTimer - Version 3.2.5.0 log created on 05252010_143841

Hello.

• Click Start >> Control Panel.
  
• Under the Programs click Uninstall a Program
  
• Highlight the following:
  
  Adobe Reader 9.3.1
  Java(TM) 6 Update 7
  Viewpoint Media Player
  
  
• Click on the Uninstall/Change button at the top.
  

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 20.
  
• Click the "Download JRE" button to the right.
  
• In the Window that opens, select your platform, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.
  

Then download and install Adobe Reader 9.3.2

Please download Firefox 3.6.3 and install it. It will install over version 3.0 you currently have installed, so you won't lose any bookmarked websites.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

The scan finished, and there were no threats found. However, there is no C:\Program Files\esetonlinescanner\log.txt. on the computer. There is an ESET folder, with a log.txt in it, but the file is from when the scan started, not when it finished:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

I have searched the computer over, to no avail. Any suggestions, or should we call it clean, without the txt file?

Hello.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

How is the machine running now?

It seems to be running well. Thanks so much for all the help!

The computer seems to be working ok now. Thanks so much!

I do have a question though: The HighjackThis and the rkill.com are still on the computer. Should I just delete them?

Yes.