Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Problem installing Security Updates

Started by a_to_z , Nov 01 2009 08:32 AM

  • Please log in to reply

#1
a_to_z
Posted 01 November 2009 - 08:32 AM

a_to_z

    Member

  • Member
  • PipPip
  • 93 posts
Thanks in advance for your help. I'm not sure this is a virus or malware problem but it has been suggested elsewhere that it may be.

Windows Vista Home Premium sp1, 32-bit X86-based HP Desktop, Norton Internet Security as the AV program.

Problem: Since early September Windows Update repeatedly offers the same 6 Security Updates. Until I turned Automatic Updates off, Updates would download and successfully install them (according to the Update History page)(meaning NO error messages). However, if I check the View Installed Updates page, they are NOT there, and Updates downloads and installs them again and again. Other updates have installed with no problem. The problem updates are:

KB967723 Security update for Windows Vista
KB970710 Security update for Windows Vista
KB973768 Security update for Windows Vista
KB968816 Security update for Windows Media Format Runtime
KB905866 September Junk Mail Filter
KB971961 Security update for Jscript 5.7 for Vista

I'm not experiencing any problems with functionality but I want to make some upgrades to my little system and I won't do it until this problem is solved.

I have posted several times to the Microsoft Vista Update forums and gotten a variety of responses, none of which worked, and often indicated that the responders weren't even paying attention to the nature of my problem. They include:

Uninstalling the problem updates (can't do it since they're not to be found on the Installed Updates page!)
Installing them in Safe Mode (no effect)
Diabling Norton during installation (no effect)
Running Microsoft's online virus/malware scanner (no infections found)
Manually downloading and installing updates (no effect)
Resetting Windows Update components (no effect)

There were a few more suggestions but I'll stop here. If this is not a virus/malware problem, I'll call Microsoft Support and take my chances with them but I wanted to address this possiblity first. Note: I DID follow all the steps in the Cleaning Guide before posting here.

My logs:

Malwarebytes' Anti-Malware 1.41
Database version: 3074
Windows 6.0.6001 Service Pack 1

10/31/2009 11:37:20 PM
mbam-log-2009-10-31 (23-37-20).txt

Scan type: Quick Scan
Objects scanned: 106146
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/01 00:00
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_diskdump.sys
Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys
Address: 0x8E56F000 Size: 40960 File Visible: No Signed: -
Status: -

Name: dump_nvstor32.sys
Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys
Address: 0x8E579000 Size: 118784 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9C57A000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1188 Status: Locked to the Windows API!

SSDT
-------------------
#: 013 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8d5cad78

#: 014 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8e6cf600

#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8e6d1688

#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "<unknown>" at address 0x8d4482c8

#: 042 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x8d5ba068

#: 067 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8e6d1070

#: 077 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x8d5d2f18

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8f1837c0

#: 116 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x8d5a5120

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x8e6ce808

#: 147 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8e6d1568

#: 156 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8d5d3958

#: 158 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8d5ca298

#: 165 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x8d449300

#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8e6d14c8

#: 184 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8d5c6cf0

#: 194 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8e697118

#: 195 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8ef03608

#: 197 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x8d53e9f8

#: 201 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x8e6ced38

#: 210 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x8d5d2bb0

#: 282 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8d5a41e8

#: 289 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8d5e88f8

#: 305 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8e6d13f0

#: 317 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x8d5b8bd8

#: 330 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8d5e8f10

#: 331 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8d5e98c8

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8e7e68f8

#: 335 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8d5e9848

#: 348 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8d5e84c8

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8e6d15f8

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "<unknown>" at address 0x8e9eb978

==EOF==

OTL logfile created on: 11/1/2009 8:19:35 AM - Run 1
OTL by OldTimer - Version 3.1.1.8 Folder = C:\Users\Angie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.82 Mb Total Physical Memory | 331.05 Mb Available Physical Memory | 37.04% Memory free
1.81 Gb Paging File | 0.86 Gb Available in Paging File | 47.20% Paging File free
Paging file location(s): c:\pagefile.sys 1000 1300 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.62 Gb Total Space | 123.86 Gb Free Space | 54.65% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEN_MAIN
Current User Name: Angie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/01 08:18:20 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe
PRC - [2009/08/22 02:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/22 02:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 15:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/16 11:03:18 | 00,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/05/22 20:49:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/01/19 02:38:32 | 00,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2008/01/19 02:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/19 02:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/01/19 02:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/01/19 02:33:12 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2008/01/19 02:33:12 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2008/01/19 02:33:12 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2008/01/19 02:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/19 02:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/15 10:26:18 | 04,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/10/18 14:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/01/05 14:04:10 | 00,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/10/19 16:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/09/28 08:42:24 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2005/07/19 10:05:32 | 00,135,168 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2005/02/02 10:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2003/06/26 17:50:24 | 00,212,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe


========== Win32 Services (SafeList) ==========

SRV - File not found --
SRV - File not found --
SRV - [2009/09/17 10:36:49 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SRV - [2009/08/22 02:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
SRV - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
SRV - [2008/09/16 11:03:18 | 00,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
SRV - [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
SRV - [2008/06/19 20:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
SRV - [2008/06/19 20:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
SRV - [2008/06/19 20:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
SRV - [2008/05/22 20:49:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll
SRV - [2008/01/19 02:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
SRV - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
SRV - [2008/01/19 02:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe
SRV - [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
SRV - [2007/10/18 14:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
SRV - [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
SRV - [2007/01/05 14:04:10 | 02,918,008 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
SRV - [2007/01/05 14:04:10 | 00,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll
SRV - [2006/11/01 14:58:02 | 00,078,752 | R--- | M] (MicroVision Development, Inc.) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
SRV - [2006/10/19 16:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe


========== Modules (SafeList) ==========

MOD - [2009/11/01 08:18:20 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe
MOD - [2008/01/19 02:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.c...mp;shva=1#inbox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ File not found


O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Angie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...8/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/09 16:41:48 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/10/09 09:56:02 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/01 08:18:12 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe
[2009/10/31 22:57:35 | 00,472,064 | ---- | C] ( ) -- C:\Users\Angie\Desktop\RootRepeal.exe
[2009/10/31 22:24:47 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/31 22:24:12 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/31 22:22:33 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Angie\Desktop\erunt_setup.exe
[2009/10/31 22:17:36 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Angie\Desktop\SysRestorePoint.exe
[2009/10/31 21:40:49 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Users\Angie\Desktop\TFC.exe
[2009/10/31 21:12:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2009/10/31 14:20:29 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/10/30 22:33:45 | 00,000,000 | ---D | C] -- C:\Users\Angie\Desktop\kk_template_pack06
[2009/10/29 15:37:53 | 00,000,000 | ---D | C] -- C:\Users\Angie\Desktop\kk_masks_grungymasks1
[2009/10/29 15:36:20 | 00,000,000 | ---D | C] -- C:\Users\Angie\Desktop\kk_kit_bestfirstdate
[2009/10/25 21:49:08 | 00,000,000 | ---D | C] -- C:\Users\Angie\Desktop\Grassy
[2009/10/25 08:06:12 | 00,000,000 | ---D | C] -- C:\Users\Angie\Desktop\genia Beana - Gratitude

========== Files - Modified Within 14 Days ==========

[2009/11/01 08:19:50 | 03,407,872 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT
[2009/11/01 08:18:20 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Desktop\OTL.exe
[2009/11/01 08:14:55 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/01 08:14:55 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/31 23:00:02 | 00,000,000 | ---- | M] () -- C:\Users\Angie\Desktop\settings.dat
[2009/10/31 22:57:40 | 00,472,064 | ---- | M] ( ) -- C:\Users\Angie\Desktop\RootRepeal.exe
[2009/10/31 22:24:14 | 00,000,735 | ---- | M] () -- C:\Users\Angie\Desktop\NTREGOPT.lnk
[2009/10/31 22:24:14 | 00,000,716 | ---- | M] () -- C:\Users\Angie\Desktop\ERUNT.lnk
[2009/10/31 22:22:35 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Angie\Desktop\erunt_setup.exe
[2009/10/31 22:17:37 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Angie\Desktop\SysRestorePoint.exe
[2009/10/31 22:13:31 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/31 22:13:28 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/31 22:06:03 | 00,524,288 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/10/31 22:06:03 | 00,065,536 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/10/31 21:40:56 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Users\Angie\Desktop\TFC.exe
[2009/10/31 20:28:53 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{29F925DB-4C47-4380-B034-2D6941047914}.job
[2009/10/31 12:10:18 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{15CDE5A0-FA41-416A-BAAE-EDEC14C185D1}.job
[2009/10/26 06:06:36 | 00,428,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/25 12:49:37 | 00,131,648 | ---- | M] () -- C:\Users\Angie\AppData\Local\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2009/10/31 23:00:02 | 00,000,000 | ---- | C] () -- C:\Users\Angie\Desktop\settings.dat
[2009/10/31 22:24:14 | 00,000,735 | ---- | C] () -- C:\Users\Angie\Desktop\NTREGOPT.lnk
[2009/10/31 22:24:14 | 00,000,716 | ---- | C] () -- C:\Users\Angie\Desktop\ERUNT.lnk
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/01/22 19:54:01 | 00,008,547 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/08/09 19:39:51 | 00,024,206 | ---- | C] () -- C:\Users\Angie\AppData\Roaming\UserTile.png
[2008/07/23 19:31:21 | 00,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2008/07/23 19:31:20 | 00,000,149 | ---- | C] () -- C:\Windows\KPCMS.INI
[2007/04/28 15:33:17 | 00,007,680 | ---- | C] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/28 15:26:24 | 00,000,093 | ---- | C] () -- C:\Users\Angie\AppData\Local\fusioncache.dat
[2007/04/28 14:41:17 | 00,002,405 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/13 16:45:41 | 00,131,648 | ---- | C] () -- C:\Users\Angie\AppData\Local\GDIPFONTCACHEV1.DAT
[2006/12/09 16:30:11 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2006/12/09 16:30:11 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2006/11/09 09:19:08 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:31 | 00,000,179 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/11 02:00:40 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 02:00:40 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2004/09/16 15:24:26 | 03,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== LOP Check ==========

[2007/08/12 21:05:06 | 00,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\demo
[2009/08/09 09:13:27 | 00,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Download Manager
[2006/11/02 07:37:34 | 00,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Media Center Programs
[2009/04/15 19:19:22 | 00,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Move Networks
[2008/03/29 21:22:49 | 00,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\OverDrive
[2009/10/07 20:44:12 | 00,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2008/10/02 21:23:15 | 00,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\Roxio
[2008/10/10 16:03:31 | 00,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\SanDisk
[2007/02/28 21:44:26 | 00,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\WildTangent
[2007/06/19 18:23:33 | 00,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\WinBatch
[2009/10/31 22:13:31 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/10/31 22:05:38 | 00,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/10/31 12:10:18 | 00,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{15CDE5A0-FA41-416A-BAAE-EDEC14C185D1}.job
[2009/10/31 20:28:53 | 00,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{29F925DB-4C47-4380-B034-2D6941047914}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2007/01/05 20:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2007/01/05 20:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_bd7fd3de\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/02/13 03:05:13 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/02/13 03:05:13 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 03:05:12 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:8247A199
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:6F1F66C0
< End of report >

OTL Extras logfile created on: 11/1/2009 8:19:35 AM - Run 1
OTL by OldTimer - Version 3.1.1.8 Folder = C:\Users\Angie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.82 Mb Total Physical Memory | 331.05 Mb Available Physical Memory | 37.04% Memory free
1.81 Gb Paging File | 0.86 Gb Available in Paging File | 47.20% Paging File free
Paging file location(s): c:\pagefile.sys 1000 1300 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.62 Gb Total Space | 123.86 Gb Free Space | 54.65% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEN_MAIN
Current User Name: Angie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B4EC24-2794-43D4-90F6-184C516281CA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{06C8E1F0-3A46-49B4-A15C-D45FEA74DD57}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{2666018C-7F07-475D-B387-508AA63D393D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3532B06A-30A0-41A8-8CE3-D098E7DD96F0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6FD967D7-2AD6-4FDA-B957-E98A052500EB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8D4CD302-6709-4291-81F9-FC24AD5CB8DB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BB6CAF9D-7845-45A2-9C07-AA9803B6F6FB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C5DCD0A4-835D-4D1B-A063-1486F31464A0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D225AE65-0BFF-4F8E-AFFA-933C7C96E90E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F9EE76EE-8C05-4C2A-B272-3CC0BC580076}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0e4a0db5-801d-489e-85c0-6c3f96335d20}" = 1300Trb
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1CAD83B0-87A3-4206-BF70-644546808731}" = Overland
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{34D6EED8-7650-4E1C-BC26-F5B2DDE185C6}" = OverDrive Media Console
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6dc18d50-8cc3-4dea-a666-ea6f01907663}" = 1300
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7E91306C-899F-45F3-B5E9-4B480A27A63D}" = Tiger Woods PGA TOUR 2004
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = PhotoshopdotcomInspirationBrowser
"{b17cf867-a4e5-41ba-a646-50f237810eca}" = 1300_Help
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6829D65-F5C5-47F0-00BC-F5906EA94F4C}" = Tiger Woods PGA TOUR 07
"{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}" = muvee autoProducer 5.0
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C3DC29BC-A8CF-4578-9DFC-37F049C44771}" = OcxSetup
"{c46485b1-6527-4937-9dc0-29bb5d5613fe}" = 1300Tour
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3B7C24-30A1-4961-8039-94919F5ED2EE}" = Noiseware Community Edition
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 5.0.2" = Adobe Photoshop 5.0.2
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"BFGC" = Big Fish Games Client
"BFG-Mahjong Towers Eternity" = Mahjong Towers Eternity (remove only)
"BFG-Mystic Inn" = Mystic Inn
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Creative Delights Companion" = Creative Delights Companion
"ERUNT_is1" = ERUNT 1.1j
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"WildTangent hpdesktop Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/27/2008 10:08:30 PM | Computer Name = Den_Main | Source = Application Error | ID = 1000
Description = Faulting application ccApp.exe, version 106.2.0.21, time stamp 0x45a467ef,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000005, fault offset 0x000599f0, process id 0xd14, application start time
0x01c9386a6a0398de.

Error - 11/3/2008 9:36:25 PM | Computer Name = Den_Main | Source = EventSystem | ID = 4621
Description =

Error - 11/5/2008 4:03:18 AM | Computer Name = Den_Main | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/5/2008 4:03:22 AM | Computer Name = Den_Main | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/5/2008 4:03:24 AM | Computer Name = Den_Main | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/5/2008 4:05:31 AM | Computer Name = Den_Main | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/5/2008 4:05:34 AM | Computer Name = Den_Main | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/5/2008 4:05:36 AM | Computer Name = Den_Main | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/9/2008 4:37:10 PM | Computer Name = Den_Main | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1148 Start Time: 01c94299620ed00a Termination Time: 0

Error - 11/16/2008 7:17:10 PM | Computer Name = Den_Main | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 11.0.6001.7000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 124c Start Time: 01c9475b36bf0187 Termination Time: 84

[ Media Center Events ]
Error - 10/29/2007 11:41:43 PM | Computer Name = Den_Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/14/2007 8:52:31 PM | Computer Name = Den_Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/17/2007 10:56:15 PM | Computer Name = Den_Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/1/2007 6:49:06 PM | Computer Name = Den_Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/8/2007 12:58:07 AM | Computer Name = Den_Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/26/2008 6:03:24 PM | Computer Name = Den_Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 7/16/2008 6:50:10 PM | Computer Name = Den_Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/28/2008 10:54:20 AM | Computer Name = Den_Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/17/2008 2:41:51 AM | Computer Name = Den_Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/11/2009 9:32:44 PM | Computer Name = Den_Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/31/2009 10:55:09 PM | Computer Name = Den_Main | Source = Service Control Manager | ID = 7000
Description =

Error - 10/31/2009 10:56:44 PM | Computer Name = Den_Main | Source = Service Control Manager | ID = 7011
Description =

Error - 10/31/2009 10:57:03 PM | Computer Name = Den_Main | Source = Service Control Manager | ID = 7034
Description =

Error - 10/31/2009 10:57:04 PM | Computer Name = Den_Main | Source = Service Control Manager | ID = 7031
Description =

Error - 10/31/2009 10:57:04 PM | Computer Name = Den_Main | Source = Service Control Manager | ID = 7034
Description =

Error - 10/31/2009 10:57:04 PM | Computer Name = Den_Main | Source = Service Control Manager | ID = 7034
Description =

Error - 10/31/2009 10:57:04 PM | Computer Name = Den_Main | Source = Service Control Manager | ID = 7031
Description =

Error - 10/31/2009 10:57:04 PM | Computer Name = Den_Main | Source = Service Control Manager | ID = 7034
Description =

Error - 10/31/2009 11:13:31 PM | Computer Name = Den_Main | Source = HTTP | ID = 15016
Description =

Error - 10/31/2009 11:15:01 PM | Computer Name = Den_Main | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 09 November 2009 - 04:13 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello a_to_z,

I am wondering if the reason that those updates are not installing is because the software on your machine is not compatible with the particular update. Other updates are installing OK I take it?

I see at least two of those updates are for Windows Media, I wonder what version you have? I think this one for example KB973768 Security update for Windows Vista is for Windows Media 5 and won't install on say Windows Media 2.

Have a look and see what version you have and come back and tell me.
  • 0

#3
a_to_z
Posted 10 November 2009 - 02:41 PM

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Hey, thanks for your response! In answer to your suggestion:

Windows Media Player version 11.0.6001.7007
-and-
Windows Media Center version 6.0.6001.18254 (I never ever use this app but my husband does on occasion)
  • 0

#4
emeraldnzl
Posted 10 November 2009 - 04:33 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello a_to_z,

I don't think this is malware related but we need to discount that before we look for a technical problem.

Let's do this:

It is a pretty big download at 28mb's but is very useful at detecting\cleaning rootkits or whatever it finds.

Make sure you disable your ant-virus/anti-malware programs.

Then:

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file, name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#5
a_to_z
Posted 12 November 2009 - 07:01 AM

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Sorry for the delay in responding. That scan took a lot longer than I thought. In any case, it did not find any threats:

Scan
----
Scanned: 1192777
Detected: 0
Untreated: 0
Start time: 11/11/2009 9:52:09 PM
Duration: 07:01:21
Finish time: 11/12/2009 4:53:30 AM


Detected
--------
Status Object
------ ------

Thanks!
  • 0

#6
emeraldnzl
Posted 12 November 2009 - 12:35 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello a_to_z,

I think your machine is clean of malware and that this is a technical problem.

Not my territory really.

You can open a topic in the Vista operating system forum here. The technical wizards there are much better placed to answer your machines problem. When you go there make sure you tell them you have been here first so that they can see what has been done so far.

Now

We have a couple of last steps to perform and then you're all set.Posted Image

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. Erunt can also be uninstalled via the add/remove programs utility, for some though, it may be a useful backup program to hold on to.

Next, we need to clean your restore points and set a new one:

Reset and Re-enable your System Restore in Vista to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.Click on the Start button to open your Start Menu.
Click on the Control Panel menu option.
Click on the System and Maintenance menu option.
Click on the System menu option.
Click on System Protection in the left-hand task list.
Click on the System Protection tab.
Uncheck the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.

When you uncheck a disk you will be presented with this screen Posted Image
Click on the Turn System Protection Off button.

Press the Apply button and then the OK button.
2. Restart your computer.

3. Turn ON System Restore.Click on the Start button to open your Start Menu.
Click on the Control Panel menu option.
Click on the System and Maintenance menu option.
Click on the System menu option.
Click on System Protection in the left-hand task list.
Put a checkmark in the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know a bout them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.
  • Download from here Java Runtime Environment (JDK) Update
  • Scroll to where it says "Windows XP/Vista/2000/2003/2008 online" and download and follow the instructions to install.

    Reboot your computer.
    You also need to uininstall older versions of Java.

  • Click Start > Control Panel > Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program:--------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is more secure than Internet Explorer. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

NoScripts is a good Add-on for Firefox that prevents execution of malicious scripts.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:


An antivirus program is essential.

Here are a couple of to choose from (these are also free for personal use):
  • Avast
  • AVIRA Note: AVIRA free comes with adware that promotes their paid for version each time it updates.
I like Avira but some people find the pop up advertisements each time it updates a bit trying.

A firewall is essential to help prevent hackers from infiltrating your computer.

Here are two good firewalls free for personal use:

Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!
  • 0

#7
a_to_z
Posted 12 November 2009 - 12:52 PM

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Ok, well you told me what I needed to know before I went any further. Since these were all security updates I was having trouble with I wanted to make absolutely sure nothing snuck in. Thanks for your help. I'll continue my quest in the other forum!
  • 0

#8
emeraldnzl
Posted 12 November 2009 - 01:15 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Best of luck. :)

I will keep this topic open for a short while in case any issues arise.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP