Roy_4

7 Posts

2323

October 7th, 2010 20:00

I think my email was Hijacked, and I can not run Hijackthis as Administrator

A few days ago, I started getting phone calls from friends and family saying they were getting some suspicious looking emails from me. I have downloaded and run HijackThis, but when I run it I get a message that says my system denied access to the Host file, and then continues the scan resulting in a blank Notepad. It suggests that I simply right click on HijackThis and run as administrator, but when I right click the run as administrator option is not there.

Responses(11)

kevinf80_1d0ac6

1.1K Posts

0

October 8th, 2010 02:00

Hello Roy_4 and welcome,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
If you are using any P2P applications such as BitTorrent, uTorrent, Limewire etc etc please remove them before we start.
If you are using any Cracked or illegal software your thread will be locked and closed, all help will cease.

Before we start please disable Spybots Teatimer if you have it installed, it will effect any changes we try to make:

1) Open Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

Please proceed as follows :-

Step 1

Download user posted image

TFC to your desktop, from either of the following links
Link 1
Link 2

Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.

Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Step 2

Download user posted image

OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Copy and paste OTL Txt and ExtrasTxt in your reply.

Step 3

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

What i`d like to see in your reply :-

OTL Txt and Extras Txt
Log from Security Checks

Kevin

Roy_4

7 Posts

0

October 8th, 2010 04:00

Kevin, first let me thank you for your willingness to help.

Here is the OTL.txt file

OTL logfile created on: 10/8/2010 5:23:28 AM - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Roy Abshier\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,021.00 Mb Total Physical Memory | 304.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 183.86 Gb Free Space | 63.83% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.95 Gb Free Space | 59.52% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.91 Gb Total Space | 1.87 Gb Free Space | 98.00% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROYABSHIER-PC
Current User Name: Roy Abshier
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/08 05:21:11 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Roy Abshier\Desktop\OTL.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/03/07 07:29:15 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/11/13 20:24:12 | 000,027,392 | ---- | M] () -- C:\Program Files\TweakNow PowerPack 2009\Module32\RAM2_XP.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe
PRC - [2009/02/06 18:08:58 | 000,454,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsui.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

========== Modules (SafeList) ==========

MOD - [2010/10/08 05:21:11 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Roy Abshier\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 02:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/02/06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/22 21:33:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006/11/07 13:27:02 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\yeddef.sys -- (yeddef)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\tclondrv.sys -- (tclondrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/11/10 10:27:06 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/04/14 03:33:00 | 007,766,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/06 18:08:52 | 000,055,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2008/01/18 23:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/03/21 16:48:05 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/03/21 16:48:05 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/03/21 16:48:05 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070321

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070321
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.swagbucks.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/06/01 10:32:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.7\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/09/09 22:53:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.7\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/09/09 22:53:42 | 000,000,000 | ---D | M]

[2010/09/09 22:54:37 | 000,000,000 | ---D | M] -- C:\Users\Roy Abshier\AppData\Roaming\Mozilla\Extensions
[2010/09/09 22:54:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roy Abshier\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/09/09 22:54:37 | 000,000,000 | ---D | M] -- C:\Users\Roy Abshier\AppData\Roaming\Mozilla\SeaMonkey\Profiles\uy329ntq.default\extensions

O1 HOSTS File: ([2010/10/06 21:18:04 | 000,420,602 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14507 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack 2009\Module32\RAM2_XP.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Roy Abshier\Pictures\Keri Bluebonnets 042-2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Roy Abshier\Pictures\Keri Bluebonnets 042-2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ea913d48-d9af-11db-a94c-001676bc3649}\Shell - "" = AutoRun
O33 - MountPoints2\{ea913d48-d9af-11db-a94c-001676bc3649}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/08 05:21:03 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Roy Abshier\Desktop\OTL.exe
[2010/10/08 04:57:34 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Roy Abshier\Desktop\TFC.exe
[2010/10/05 20:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/05 20:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/05 20:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/10/05 10:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/28 20:23:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/14 22:09:50 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/09/14 20:56:48 | 000,000,000 | ---D | C] -- C:\Users\Roy Abshier\Documents\Heartfelt2009taxes
[2010/09/11 09:08:06 | 000,401,484 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrtd.dll
[2010/09/11 09:08:05 | 000,831,776 | ---- | C] (WeOnlyDo! Inc.) -- C:\Windows\System32\wodFtpDLX.dll
[2010/09/11 09:08:05 | 000,274,976 | ---- | C] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\Windows\System32\XceedFtp.dll
[2010/09/11 09:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\CoffeeCup Software
[2010/09/09 22:54:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Abshier\AppData\Roaming\Mozilla
[2010/09/09 22:54:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Abshier\AppData\Local\Mozilla
[2010/09/09 22:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\SeaMonkey
[2010/09/09 22:30:51 | 000,000,000 | ---D | C] -- C:\Users\Roy Abshier\AppData\Roaming\FileZilla
[2010/09/09 22:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[1 C:\Users\Roy Abshier\Documents\*.tmp files -> C:\Users\Roy Abshier\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/08 05:25:18 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EB3E1811-CEE9-47BF-BB45-E4E3F2790756}.job
[2010/10/08 05:23:09 | 007,602,176 | -HS- | M] () -- C:\Users\Roy Abshier\ntuser.dat
[2010/10/08 05:21:11 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Roy Abshier\Desktop\OTL.exe
[2010/10/08 05:13:10 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/08 05:13:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/08 05:13:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/08 05:12:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/08 05:12:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/08 05:12:16 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Abshier\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/10/08 05:12:16 | 000,065,536 | -HS- | M] () -- C:\Users\Roy Abshier\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/10/08 04:57:41 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Roy Abshier\Desktop\TFC.exe
[2010/10/08 04:49:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/08 04:37:41 | 002,613,016 | -H-- | M] () -- C:\Users\Roy Abshier\AppData\Local\IconCache.db
[2010/10/07 21:40:48 | 000,002,535 | ---- | M] () -- C:\Users\Roy Abshier\Desktop\HiJackThis.lnk
[2010/10/07 16:34:39 | 000,023,669 | ---- | M] () -- C:\Users\Roy Abshier\Documents\checkbook2010.xlsx
[2010/10/06 22:07:07 | 000,322,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/06 21:18:04 | 000,420,602 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/06 19:24:49 | 000,080,248 | ---- | M] () -- C:\Users\Roy Abshier\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/10/06 15:45:14 | 000,013,441 | ---- | M] () -- C:\Users\Roy Abshier\Documents\Christmas labels 2010.xlsx
[2010/10/05 20:42:38 | 000,001,081 | ---- | M] () -- C:\Users\Roy Abshier\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/05 20:42:38 | 000,001,057 | ---- | M] () -- C:\Users\Roy Abshier\Desktop\Spybot - Search & Destroy.lnk
[2010/10/05 20:41:18 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/10/05 20:30:18 | 000,000,940 | ---- | M] () -- C:\Users\Roy Abshier\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/05 13:22:27 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/05 13:14:54 | 000,005,008 | ---- | M] () -- C:\Users\Roy Abshier\Documents\cc_20101005_131449.reg
[2010/10/05 13:07:39 | 000,000,806 | ---- | M] () -- C:\Users\Roy Abshier\Desktop\CCleaner.lnk
[2010/09/23 15:57:18 | 000,330,077 | ---- | M] () -- C:\Users\Roy Abshier\Documents\hfcreciept to CindyLewis2010.docx
[2010/09/18 15:09:13 | 000,000,081 | ---- | M] () -- C:\Users\Roy Abshier\AppData\Roaming\ftpfile.dat
[2010/09/13 11:11:49 | 000,330,041 | ---- | M] () -- C:\Users\Roy Abshier\Documents\hfcreciept to roykayabshier2010.docx
[2010/09/11 09:08:04 | 000,001,064 | ---- | M] () -- C:\Users\Roy Abshier\Desktop\CoffeeCup Visual Site Designer.lnk
[2010/09/09 22:53:45 | 000,001,712 | ---- | M] () -- C:\Users\Roy Abshier\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2010/09/09 22:53:45 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2010/09/09 22:30:28 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/09/09 10:56:36 | 000,330,057 | ---- | M] () -- C:\Users\Roy Abshier\Documents\hfcrecipettracyfitzgerald2010.docx
[1 C:\Users\Roy Abshier\Documents\*.tmp files -> C:\Users\Roy Abshier\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/06 15:45:10 | 000,013,441 | ---- | C] () -- C:\Users\Roy Abshier\Documents\Christmas labels 2010.xlsx
[2010/10/05 20:42:38 | 000,001,081 | ---- | C] () -- C:\Users\Roy Abshier\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/05 20:42:38 | 000,001,057 | ---- | C] () -- C:\Users\Roy Abshier\Desktop\Spybot - Search & Destroy.lnk
[2010/10/05 20:41:18 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/10/05 13:14:52 | 000,005,008 | ---- | C] () -- C:\Users\Roy Abshier\Documents\cc_20101005_131449.reg
[2010/10/05 10:55:02 | 000,002,535 | ---- | C] () -- C:\Users\Roy Abshier\Desktop\HiJackThis.lnk
[2010/09/23 15:57:16 | 000,330,077 | ---- | C] () -- C:\Users\Roy Abshier\Documents\hfcreciept to CindyLewis2010.docx
[2010/09/13 11:11:48 | 000,330,041 | ---- | C] () -- C:\Users\Roy Abshier\Documents\hfcreciept to roykayabshier2010.docx
[2010/09/11 21:13:48 | 000,000,081 | ---- | C] () -- C:\Users\Roy Abshier\AppData\Roaming\ftpfile.dat
[2010/09/11 09:08:29 | 000,000,106 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2010/09/11 09:08:29 | 000,000,041 | -H-- | C] () -- C:\Windows\trfntw32.cfg
[2010/09/11 09:08:04 | 000,001,064 | ---- | C] () -- C:\Users\Roy Abshier\Desktop\CoffeeCup Visual Site Designer.lnk
[2010/09/09 22:53:45 | 000,001,712 | ---- | C] () -- C:\Users\Roy Abshier\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2010/09/09 22:53:45 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2010/09/09 22:30:28 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/09/09 10:56:34 | 000,330,057 | ---- | C] () -- C:\Users\Roy Abshier\Documents\hfcrecipettracyfitzgerald2010.docx
[2010/04/02 13:35:57 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/12/26 17:28:06 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2009/08/18 15:12:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2007/11/27 22:39:36 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{08a155c5-9c49-11dc-acbe-001676bc3649}.TMContainer00000000000000000002.regtrans-ms
[2007/11/27 22:39:36 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{08a155c5-9c49-11dc-acbe-001676bc3649}.TMContainer00000000000000000001.regtrans-ms
[2007/11/27 22:39:36 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{08a155c5-9c49-11dc-acbe-001676bc3649}.TM.blf
[2007/11/27 22:39:35 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2007/11/27 22:39:35 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2007/11/27 22:39:35 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2007/11/17 20:07:04 | 000,012,478 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/08/08 23:16:28 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/03/26 19:33:51 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2007/03/23 22:16:39 | 000,056,832 | ---- | C] () -- C:\Users\Roy Abshier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/21 09:04:22 | 000,000,228 | ---- | C] () -- C:\Windows\wininit.ini
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/27 21:58:16 | 000,229,376 | ---- | C] () -- C:\Windows\System32\ISP2000.dll
[2006/09/27 21:58:14 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2006/09/27 21:58:14 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

========== LOP Check ==========

[2008/08/26 19:23:19 | 000,000,000 | ---D | M] -- C:\Users\Roy Abshier\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/03 20:29:03 | 000,000,000 | ---D | M] -- C:\Users\Roy Abshier\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
[2010/03/04 17:47:27 | 000,000,000 | ---D | M] -- C:\Users\Roy Abshier\AppData\Roaming\E-centives
[2010/09/09 22:44:16 | 000,000,000 | ---D | M] -- C:\Users\Roy Abshier\AppData\Roaming\FileZilla
[2010/03/21 14:06:28 | 000,000,000 | ---D | M] -- C:\Users\Roy Abshier\AppData\Roaming\Research In Motion
[2010/02/28 16:07:02 | 000,000,000 | ---D | M] -- C:\Users\Roy Abshier\AppData\Roaming\TweakNow PowerPack 2009
[2009/08/10 16:44:52 | 000,000,000 | ---D | M] -- C:\Users\Roy Abshier\AppData\Roaming\W Photo Studio
[2009/08/10 16:44:47 | 000,000,000 | ---D | M] -- C:\Users\Roy Abshier\AppData\Roaming\W Photo Studio Viewer
[2009/07/13 19:43:45 | 000,000,000 | ---D | M] -- C:\Users\Roy Abshier\AppData\Roaming\Walgreens
[2010/10/08 05:12:09 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/08 05:25:18 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EB3E1811-CEE9-47BF-BB45-E4E3F2790756}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B174FAE
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

Here is the Extras.txt

OTL Extras logfile created on: 10/8/2010 5:23:28 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Roy Abshier\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,021.00 Mb Total Physical Memory | 304.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 183.86 Gb Free Space | 63.83% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.95 Gb Free Space | 59.52% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.91 Gb Total Space | 1.87 Gb Free Space | 98.00% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROYABSHIER-PC
Current User Name: Roy Abshier
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ ]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ \shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B89B437E-85C4-4F5E-BB0C-B7AAA40B9A08}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FBFE0DBB-034D-4A8C-8781-527164E2054F}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20CB9367-1387-4474-AF4F-D4D52F965281}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{27C49076-420F-4F77-AB71-B4C148DCD20E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{28C5EF74-9048-4529-BC62-216425E2E1C0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3737B562-9F0D-4BE3-9B5D-42D6E44C792A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{639F460B-BD73-4190-81BA-467701AA76AA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{88BAC570-501E-4526-B9DC-3E375FAEC443}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8C475FAF-DC2F-493B-93A6-0949B537A071}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8F306E49-3169-4AAA-8174-94B5ADA2142F}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{95992C74-C001-4E8C-AFB5-C4DC8B810E67}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{99B2DD5B-00BA-4002-9537-81A1D6C41A83}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{A77C95C0-F175-47B5-B504-11F64DD24483}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B3096B78-2771-448A-B26A-02A1655E3F9D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC48A86C-02D5-4E66-BFD0-4844A7A16CD0}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{F3D57D86-D18F-413C-9C87-B579E9269030}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{F4543438-69EF-4C40-B823-A2BEAE92BA49}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F55B6201-0100-4F69-B79E-0C08BB713F2E}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{FA5D8C1A-A3F9-4075-B4F2-5F9EB74D6C89}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{FA75FD20-66A6-47EF-AC0C-B736DBFB2B69}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{2E254AA3-B8B3-4FD0-956C-CB08D1962FF7}C:\program files\coffeecup software\coffeecup visual site designer\vsd.exe" = protocol=6 | dir=in | app=c:\program files\coffeecup software\coffeecup visual site designer\vsd.exe |
"UDP Query User{6CF46C19-7C6A-42E6-B22F-6A13E17D29DE}C:\program files\coffeecup software\coffeecup visual site designer\vsd.exe" = protocol=17 | dir=in | app=c:\program files\coffeecup software\coffeecup visual site designer\vsd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{73B69C5C-87D6-471E-B695-0BD736C4B644}" = Retrospect 6.5
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8E6AE459-9D8F-7365-E848-877D508F5A48}" = Picaboo X
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB15DB2C-3FD9-4A6E-B99C-C346F116BB9D}" = Print Perfect Fonts Deluxe
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD76AF27-5CD9-4848-87FC-12285A90AE6A}" = c7200_Help
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"CCleaner" = CCleaner
"CoffeeCup Visual Site Designer Software" = CoffeeCup Visual Site Designer Software
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"FileZilla Client" = FileZilla Client 3.3.4.1
"Font Installer4.0.0.0" = Font Installer
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"iOrgSoft Video Converter" = iOrgSoft Video Converter 1.6.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PCFriendly" = PCFriendly
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"SeaMonkey (2.0.7)" = SeaMonkey (2.0.7)
"Shop for HP Supplies" = Shop for HP Supplies
"SystemRequirementsLab" = System Requirements Lab
"TweakNow PowerPack 2009_is1" = TweakNow PowerPack 2009
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"myPhotopipe ROES" = myPhotopipe ROES

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/14/2010 9:21:29 AM | Computer Name = RoyAbshier-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18943 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 2d6c Start Time: 01cb540e69a60390 Termination Time: 107

Error - 9/22/2010 7:37:10 PM | Computer Name = RoyAbshier-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b2c Start Time: 01cb54b0b491e3be Termination Time: 4571

Error - 9/22/2010 7:38:36 PM | Computer Name = RoyAbshier-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18943 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 17a0 Start Time: 01cb5aa25aa994c0 Termination Time: 843

Error - 9/23/2010 9:20:44 AM | Computer Name = RoyAbshier-PC | Source = VSS | ID = 8194
Description =

Error - 9/23/2010 9:25:43 AM | Computer Name = RoyAbshier-PC | Source = VSS | ID = 8194
Description =

Error - 10/1/2010 9:48:54 PM | Computer Name = RoyAbshier-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18943, time stamp
0x4c25813d, faulting module IEToolbar.dll_unloaded, version 0.0.0.0, time stamp
0x4c2b331a, exception code 0xc0000005, fault offset 0x0318a4d2, process id 0x1b48,
application start time 0x01cb61d3d67b9d64.

Error - 10/1/2010 9:49:18 PM | Computer Name = RoyAbshier-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18943, time stamp
0x4c25813d, faulting module IEToolbar.dll_unloaded, version 0.0.0.0, time stamp
0x4c2b331a, exception code 0xc0000005, fault offset 0x0afca4d2, process id 0x1f94,
application start time 0x01cb61ca82b8fb94.

Error - 10/4/2010 10:57:20 AM | Computer Name = RoyAbshier-PC | Source = VSS | ID = 8194
Description =

Error - 10/4/2010 10:58:57 AM | Computer Name = RoyAbshier-PC | Source = ESENT | ID = 490
Description = Catalog Database (1760) Catalog Database: An attempt to open the file
"C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for
read / write access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 10/4/2010 10:58:59 AM | Computer Name = RoyAbshier-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

[ Media Center Events ]
Error - 5/24/2008 3:49:32 PM | Computer Name = RoyAbshier-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/26/2008 6:41:40 PM | Computer Name = RoyAbshier-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/9/2008 3:48:08 AM | Computer Name = RoyAbshier-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 9:01:00 AM | Computer Name = RoyAbshier-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/28/2008 6:02:31 AM | Computer Name = RoyAbshier-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/30/2009 5:30:16 PM | Computer Name = RoyAbshier-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 2/12/2009 9:32:50 PM | Computer Name = RoyAbshier-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 73 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/7/2010 1:58:36 PM | Computer Name = RoyAbshier-PC | Source = DCOM | ID = 10016
Description =

Error - 10/7/2010 9:16:28 PM | Computer Name = RoyAbshier-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 10/8/2010 5:41:51 AM | Computer Name = RoyAbshier-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/8/2010 5:41:55 AM | Computer Name = RoyAbshier-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/8/2010 5:58:27 AM | Computer Name = RoyAbshier-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/8/2010 6:10:49 AM | Computer Name = RoyAbshier-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/8/2010 6:10:50 AM | Computer Name = RoyAbshier-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/8/2010 6:11:15 AM | Computer Name = RoyAbshier-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/8/2010 6:15:38 AM | Computer Name = RoyAbshier-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/8/2010 6:15:39 AM | Computer Name = RoyAbshier-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

Here is the checkup.txt

OTL Extras logfile created on: 10/8/2010 5:23:28 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Roy Abshier\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,021.00 Mb Total Physical Memory | 304.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 183.86 Gb Free Space | 63.83% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.95 Gb Free Space | 59.52% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.91 Gb Total Space | 1.87 Gb Free Space | 98.00% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROYABSHIER-PC
Current User Name: Roy Abshier
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ ]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ \shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B89B437E-85C4-4F5E-BB0C-B7AAA40B9A08}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FBFE0DBB-034D-4A8C-8781-527164E2054F}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20CB9367-1387-4474-AF4F-D4D52F965281}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{27C49076-420F-4F77-AB71-B4C148DCD20E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{28C5EF74-9048-4529-BC62-216425E2E1C0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3737B562-9F0D-4BE3-9B5D-42D6E44C792A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{639F460B-BD73-4190-81BA-467701AA76AA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{88BAC570-501E-4526-B9DC-3E375FAEC443}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8C475FAF-DC2F-493B-93A6-0949B537A071}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8F306E49-3169-4AAA-8174-94B5ADA2142F}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{95992C74-C001-4E8C-AFB5-C4DC8B810E67}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{99B2DD5B-00BA-4002-9537-81A1D6C41A83}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{A77C95C0-F175-47B5-B504-11F64DD24483}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B3096B78-2771-448A-B26A-02A1655E3F9D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC48A86C-02D5-4E66-BFD0-4844A7A16CD0}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{F3D57D86-D18F-413C-9C87-B579E9269030}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{F4543438-69EF-4C40-B823-A2BEAE92BA49}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F55B6201-0100-4F69-B79E-0C08BB713F2E}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{FA5D8C1A-A3F9-4075-B4F2-5F9EB74D6C89}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{FA75FD20-66A6-47EF-AC0C-B736DBFB2B69}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{2E254AA3-B8B3-4FD0-956C-CB08D1962FF7}C:\program files\coffeecup software\coffeecup visual site designer\vsd.exe" = protocol=6 | dir=in | app=c:\program files\coffeecup software\coffeecup visual site designer\vsd.exe |
"UDP Query User{6CF46C19-7C6A-42E6-B22F-6A13E17D29DE}C:\program files\coffeecup software\coffeecup visual site designer\vsd.exe" = protocol=17 | dir=in | app=c:\program files\coffeecup software\coffeecup visual site designer\vsd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{73B69C5C-87D6-471E-B695-0BD736C4B644}" = Retrospect 6.5
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8E6AE459-9D8F-7365-E848-877D508F5A48}" = Picaboo X
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB15DB2C-3FD9-4A6E-B99C-C346F116BB9D}" = Print Perfect Fonts Deluxe
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD76AF27-5CD9-4848-87FC-12285A90AE6A}" = c7200_Help
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"CCleaner" = CCleaner
"CoffeeCup Visual Site Designer Software" = CoffeeCup Visual Site Designer Software
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"FileZilla Client" = FileZilla Client 3.3.4.1
"Font Installer4.0.0.0" = Font Installer
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"iOrgSoft Video Converter" = iOrgSoft Video Converter 1.6.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PCFriendly" = PCFriendly
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"SeaMonkey (2.0.7)" = SeaMonkey (2.0.7)
"Shop for HP Supplies" = Shop for HP Supplies
"SystemRequirementsLab" = System Requirements Lab
"TweakNow PowerPack 2009_is1" = TweakNow PowerPack 2009
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"myPhotopipe ROES" = myPhotopipe ROES

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/14/2010 9:21:29 AM | Computer Name = RoyAbshier-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18943 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 2d6c Start Time: 01cb540e69a60390 Termination Time: 107

Error - 9/22/2010 7:37:10 PM | Computer Name = RoyAbshier-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b2c Start Time: 01cb54b0b491e3be Termination Time: 4571

Error - 9/22/2010 7:38:36 PM | Computer Name = RoyAbshier-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18943 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 17a0 Start Time: 01cb5aa25aa994c0 Termination Time: 843

Error - 9/23/2010 9:20:44 AM | Computer Name = RoyAbshier-PC | Source = VSS | ID = 8194
Description =

Error - 9/23/2010 9:25:43 AM | Computer Name = RoyAbshier-PC | Source = VSS | ID = 8194
Description =

Error - 10/1/2010 9:48:54 PM | Computer Name = RoyAbshier-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18943, time stamp
0x4c25813d, faulting module IEToolbar.dll_unloaded, version 0.0.0.0, time stamp
0x4c2b331a, exception code 0xc0000005, fault offset 0x0318a4d2, process id 0x1b48,
application start time 0x01cb61d3d67b9d64.

Error - 10/1/2010 9:49:18 PM | Computer Name = RoyAbshier-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18943, time stamp
0x4c25813d, faulting module IEToolbar.dll_unloaded, version 0.0.0.0, time stamp
0x4c2b331a, exception code 0xc0000005, fault offset 0x0afca4d2, process id 0x1f94,
application start time 0x01cb61ca82b8fb94.

Error - 10/4/2010 10:57:20 AM | Computer Name = RoyAbshier-PC | Source = VSS | ID = 8194
Description =

Error - 10/4/2010 10:58:57 AM | Computer Name = RoyAbshier-PC | Source = ESENT | ID = 490
Description = Catalog Database (1760) Catalog Database: An attempt to open the file
"C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for
read / write access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 10/4/2010 10:58:59 AM | Computer Name = RoyAbshier-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

[ Media Center Events ]
Error - 5/24/2008 3:49:32 PM | Computer Name = RoyAbshier-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/26/2008 6:41:40 PM | Computer Name = RoyAbshier-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/9/2008 3:48:08 AM | Computer Name = RoyAbshier-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 9:01:00 AM | Computer Name = RoyAbshier-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/28/2008 6:02:31 AM | Computer Name = RoyAbshier-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/30/2009 5:30:16 PM | Computer Name = RoyAbshier-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 2/12/2009 9:32:50 PM | Computer Name = RoyAbshier-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 73 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/7/2010 1:58:36 PM | Computer Name = RoyAbshier-PC | Source = DCOM | ID = 10016
Description =

Error - 10/7/2010 9:16:28 PM | Computer Name = RoyAbshier-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 10/8/2010 5:41:51 AM | Computer Name = RoyAbshier-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/8/2010 5:41:55 AM | Computer Name = RoyAbshier-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/8/2010 5:58:27 AM | Computer Name = RoyAbshier-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/8/2010 6:10:49 AM | Computer Name = RoyAbshier-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/8/2010 6:10:50 AM | Computer Name = RoyAbshier-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/8/2010 6:11:15 AM | Computer Name = RoyAbshier-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/8/2010 6:15:38 AM | Computer Name = RoyAbshier-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/8/2010 6:15:39 AM | Computer Name = RoyAbshier-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

Thanks again,

-Roy

kevinf80_1d0ac6

1.1K Posts

0

October 8th, 2010 05:00

Hiya Roy,

You`ve posted two OTL extras logs and no Security Checks log, I need the Security Check log to see an overview of your security set up, Also Java and Adobe status.
I dont see any obvious malware in the logs, from a clean computer change your email passwords etc until we know this one is clean for sure.

Proceed as follows please :-

Step 1

OTL Fix

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following from between the dotted lines

-------------------------------------------------------------------------------------------

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

-----------------------------------------------------------------------------------------------------------
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log it produces in your next reply.

Step 2

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

Combofix

Don`t forget Combofix must be saved to your desktop. <--Very important

Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

Please include the C:\ComboFix.txt in your next reply for further review.

Examples of how to disable realtime protection available at the following link :-

Disable realtime protection

Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

*EXTRA NOTES*

If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post logs from OTL, Combofix and Security Checks in your reply,

Kevin

Roy_4

7 Posts

0

October 8th, 2010 19:00

Hey Kevin,

Sorry for the double post of the OTL extras. Here are the items you requested.

...................................................................................................................................................................

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Roy Abshier
->Temp folder emptied: 131212 bytes
->Temporary Internet Files folder emptied: 44763583 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7208 bytes
RecycleBin emptied: 6967 bytes

Total Files Cleaned = 43.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Roy Abshier
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 10082010_183102

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

...............................................................................................................................................................................................................

ComboFix 10-10-07.02 - Roy Abshier 10/08/2010 19:50:51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1021.458 [GMT -5:00]
Running from: c:\users\Roy Abshier\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2010-09-09 to 2010-10-09 )))))))))))))))))))))))))))))))
.

2010-10-09 00:58 . 2010-10-09 00:58 -------- d-----w- c:\users\Roy Abshier\AppData\Local\temp
2010-10-08 23:31 . 2010-10-08 23:31 -------- d-----w- C:\_OTL
2010-10-07 02:34 . 2010-10-07 02:34 -------- d-----w- c:\users\Administrator\AppData\Roaming\HP
2010-10-06 01:42 . 2010-10-06 11:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-10-06 01:42 . 2010-10-06 01:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-06 01:41 . 2010-10-06 01:42 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-10-06 01:28 . 2010-10-06 01:28 -------- d-----w- c:\users\Administrator\AppData\Local\Google
2010-10-06 01:26 . 2007-03-21 14:04 696463 ----a-w- c:\users\Administrator\AppData\Roaming\GTek\GTUpdate\AUpdate\Channels\ch_u3\HTML\AutoMaintenance\AutoMaintenance.dll
2010-10-06 01:26 . 2007-03-21 14:04 233472 ----a-w- c:\users\Administrator\AppData\Roaming\GTek\GTUpdate\AUpdate\Channels\ch_u3\HTML\AutoMaintenance\Images.dll
2010-10-06 01:26 . 2007-03-21 14:04 123138 ----a-w- c:\users\Administrator\AppData\Roaming\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\MakeDesktopShortcut.EXE
2010-10-06 01:26 . 2007-03-21 14:04 72704 ----a-w- c:\users\Administrator\AppData\Roaming\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\fix\DellSupportODBK.exe
2010-10-06 01:26 . 2007-03-21 14:04 68608 ----a-w- c:\users\Administrator\AppData\Roaming\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\fix\DellSupportLauncher.exe
2010-10-06 01:26 . 2007-03-21 14:04 36864 ----a-w- c:\users\Administrator\AppData\Roaming\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\DellSommelierFix.exe
2010-10-06 01:25 . 2010-10-06 01:27 -------- d-----w- c:\users\Administrator\AppData\Local\ApplicationHistory
2010-10-06 01:25 . 2010-10-06 01:25 78680 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-10-06 01:24 . 2010-10-06 01:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\GTek
2010-10-05 15:55 . 2010-10-05 15:55 388096 ----a-r- c:\users\Roy Abshier\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-05 15:55 . 2010-10-05 15:55 -------- d-----w- c:\program files\Trend Micro
2010-09-29 20:59 . 2010-09-29 20:59 331176 ------w- c:\programdata\Adobe\Reader\9.3\ARM\3259\ReaderUpdater.exe
2010-09-29 01:23 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-15 03:29 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 03:09 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 03:09 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 03:09 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-11 14:08 . 2002-08-01 00:55 106 --sh--w- c:\windows\WSYS049.SYS
2010-09-11 14:08 . 2004-03-18 16:36 401484 ----a-w- c:\windows\system32\msvcrtd.dll
2010-09-11 14:08 . 2006-01-26 23:56 831776 ----a-w- c:\windows\system32\wodFtpDLX.dll
2010-09-11 14:08 . 2003-10-09 19:10 274976 ----a-w- c:\windows\system32\XceedFtp.dll
2010-09-11 14:04 . 2010-09-11 14:04 -------- d-----w- c:\program files\CoffeeCup Software
2010-09-10 03:54 . 2010-09-10 03:54 -------- d-----w- c:\users\Roy Abshier\AppData\Local\Mozilla
2010-09-10 03:53 . 2010-09-10 03:53 -------- d-----w- c:\program files\SeaMonkey
2010-09-10 03:30 . 2010-09-10 03:44 -------- d-----w- c:\users\Roy Abshier\AppData\Roaming\FileZilla
2010-09-10 03:30 . 2010-09-10 03:30 -------- d-----w- c:\program files\FileZilla FTP Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 17:58 . 2009-10-02 18:35 -------- d-----w- c:\program files\Coupons
2010-10-07 10:19 . 2010-03-21 19:26 -------- d-----w- c:\programdata\avg9
2010-10-07 00:24 . 2007-03-24 02:20 80248 ----a-w- c:\users\Roy Abshier\AppData\Local\GDIPFONTCACHEV1.DAT
2010-10-05 18:22 . 2010-02-18 02:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-05 18:07 . 2010-04-25 17:51 -------- d-----w- c:\program files\CCleaner
2010-09-18 20:09 . 2010-09-12 02:13 81 ----a-w- c:\users\Roy Abshier\AppData\Roaming\ftpfile.dat
2010-09-15 08:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-15 08:10 . 2007-03-21 14:05 -------- d-----w- c:\programdata\Microsoft Help
2010-08-16 17:37 . 2010-08-16 17:37 331176 ------w- c:\programdata\Adobe\Reader\9.3\ARM\1098\ReaderUpdater.exe
2002-08-01 00:55 . 2010-09-11 14:08 106 --sh--w- c:\windows\WSYS049.SYS
2007-03-21 21:48 . 2007-03-21 21:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-07 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-16 1831936]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 92704]
"RAM Idle Professional"="c:\program files\TweakNow PowerPack 2009\Module32\RAM2_XP.exe" [2009-11-14 27392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Roy Abshier^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-11-12 07:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 03:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-16 00:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 23:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys
R0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2009-11-10 19456]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 12:29]

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 12:29]

2010-10-09 c:\windows\Tasks\User_Feed_Synchronization-{EB3E1811-CEE9-47BF-BB45-E4E3F2790756}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.swagbucks.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: turbotax.com
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SigmatelSysTrayApp - sttray.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS

.
Completion time: 2010-10-08 20:03:38
ComboFix-quarantined-files.txt 2010-10-09 01:03

Pre-Run: 197,345,968,128 bytes free
Post-Run: 197,262,589,952 bytes free

- - End Of File - - 56AB952B72F85FC445B5BEEBAAAE5EDB

...........................................................................................................................................................................................................

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
Microsoft Security Essentials successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Adobe Flash Player
Adobe Reader 9.3.1
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Spybot Teatimer.exe is disabled!
Microsoft Security Essentials msseces.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

..........................................................................................................................................

Thanks

-Roy

kevinf80_1d0ac6

1.1K Posts

0

October 9th, 2010 03:00

Hi Roy,

Those logs look OK, proceed as follows please :-

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

You can refer to this animation by neomage if needed.
Frequently asked questions available Here

Post the log ffrom ESET, also give system review please, any specific issues?

Kevin

Roy_4

7 Posts

0

October 9th, 2010 08:00

Kevin,

I ran the scan, there were no threats detected. there was not an option for list of found threats.

System review:

The system is sluggish. If the screen saver has activated, it sometimes takes a long time to wake up. I see the phrase (Not Responding) at the top of the open window quite often. It especially slows down if there are two or three different windows open. We use Adobe Photoshop Elements 6.0 from time to time, and that really slows down the system. Also, when sending emails, it takes longer than I think it should even if it is just text. If there is an attachment, (picture, etc) it is obviously a longer process. Usually, when this starts getting really bad, I run CCleaner and it seems to pick back up temporarily.

-Roy

kevinf80_1d0ac6

1.1K Posts

0

October 9th, 2010 09:00

Hiya Roy,

Proceed as follows please :-

Step 1

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

ComboFix and its associated files and folders.
VundoFix backups, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

Step 2

Download OTC by OldTimer and save it to your desktop. Alternative mirror
Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
Then Click the big button.
You will get a prompt saying "Being Cleanup Process". Please select Yes.
Restart your computer when prompted.

Your system is clean, nothing to worry about with regard to malware. The sluggishness is a different issue altogether. From the OTL log you only have 1 gig of ram and only 30% free after start up. Vista is a very resource hungry system, you would benefit by upgrading from 1 gig of Ram to 2 gig.

Dont use a screen saver, that is using valuable resources, same with your Desktop, just have a basic background.

A bit of system maintenance may help also, how long since you defragged your Hard drive? Instructions for Vista available Here

You have CCleaner installed, run the cleaner function on a regular basis to keep your system clutter free and optimized.

Too many unnecessary startup items will also slow you down. D/L & run Malwarebytes Startuplite from Here it is very easy to use, all instructions are in the link, basically d/l run and follow the prompts

Post back and let me know if steps 1 and 2 completed OK especially the Combofix /Uninstall.

Kevin

kevinf80_1d0ac6

1.1K Posts

0

October 9th, 2010 10:00

Hiya Roy,

Are you OK for me to close out this thread?

Kevin

Roy_4

7 Posts

0

October 9th, 2010 10:00

Yes, I believe so.

Thanks.

Roy_4

7 Posts

0

October 9th, 2010 10:00

Kevin,

I performed step 1 & 2 successfully.

Disk defragg has been run weekly.

Thank you for all of your assistance.

-Roy

kevinf80_1d0ac6

1.1K Posts

0

October 9th, 2010 11:00

Since this issue appears to be resolved the topic has been closed. Glad we could help. :emotion-21:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.

View All

No Events found!

Virus & Spyware

I think my email was Hijacked, and I can not run Hijackthis as Administrator