Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

started as thinking trojan.brisv.a but now not so sure

Started by silverlakeboyz , Dec 07 2009 09:34 AM

  • Please log in to reply

#1
silverlakeboyz
Posted 07 December 2009 - 09:34 AM

silverlakeboyz

    New Member

  • Member
  • Pip
  • 1 posts
I have a dell XPS 1530 laptop. My girlfriend downloaded limewire and has downloaded quite a bit of files. (all songs). I first noticed a problem when the CD/DVD would auto eject and the volume controls would have a mind of their own. If you are familiar with this laptop, the sound/cd/dvd controls are touch buttons at the top of the keyboard. They light up when i touch them to control their respective functions but now they just light up on their own and operate on their own. I was sure this was due to a virus and i contacted dell. They went through some steps and none of them helped. The unit had windows Vista with a 60 day trial of Norton, i let it expire and had no protection when i picked up the virus. i tried running multiple virus/antimalware software. I discovered i had three mp3 files with the trojan.brisv.a designation and a file with Zango adware. It deleted the Zango and quarantined the mp3's. I went to their location and deleted them and reran the virus software and it came up clean.
The problem continued. I got a deal on windows 7 from my university and i upgraded the system. The problem persists as if i have done nothing but the scans are coming up clean. I have Symantec Endpoint Protection 11.0.5 64-bit currently installed and have run every malware software i can find but they all come up empty...

I have not changed registry or other things i have seen suggested on internet but this trojan or whatever i have is driving me insane!!!


UPDATED 12.8.09
MBAM LOG

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/8/2009 9:42:28 AM
mbam-log-2009-12-08 (09-42-07).txt

Scan type: Quick Scan
Objects scanned: 91228
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL LOG

OTL logfile created on: 12/8/2009 10:18:22 AM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Users\Rachel\Desktop\Ray Help
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 71.78% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.29 Gb Total Space | 122.70 Gb Free Space | 55.70% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.81 Gb Free Space | 28.13% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RACHEL-PC
Current User Name: Rachel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/07 11:15:18 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Rachel\Desktop\Ray Help\OTL.exe
PRC - [2009/12/05 18:34:44 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/12/03 23:12:15 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/11/23 08:43:26 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/09/17 18:56:58 | 02,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 18:55:12 | 00,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2009/07/08 20:14:40 | 00,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 20:14:20 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/06/12 02:25:18 | 00,353,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
PRC - [2008/06/11 22:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/16 20:18:12 | 02,516,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2007/07/27 16:43:34 | 00,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/05/09 17:01:00 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe


========== Modules (SafeList) ==========

MOD - [2009/12/07 11:15:18 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Rachel\Desktop\Ray Help\OTL.exe
MOD - [2009/07/13 19:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 19:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 19:41:56 | 00,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 19:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 19:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 19:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 19:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 01,361,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 19:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 19:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 19:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 19:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 19:41:27 | 01,011,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 19:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 19:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 19:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 19:40:24 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 19:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 19:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 19:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 19:40:01 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 19:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 19:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 19:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 19:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2009/12/03 23:12:15 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/17 18:56:58 | 02,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 18:37:56 | 03,197,256 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 17:22:16 | 00,411,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/07/13 21:20:14 | 00,000,000 | ---D | M] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 21:20:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 19:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 14:30:11 | 00,061,056 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/07/13 12:06:15 | 03,093,880 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 20:14:20 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/06/10 14:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 62 0C 33 C8 75 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/12/05 18:36:17 | 00,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Mozilla\Extensions
[2009/12/05 18:36:17 | 00,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: (824 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Users\Rachel\Desktop\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 21:20:14 | 00,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/08 09:38:44 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\Malwarebytes
[2009/12/08 09:38:41 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/08 09:38:39 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/08 09:38:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/12/08 09:38:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/08 09:37:05 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/08 09:36:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/12/08 09:25:02 | 00,000,000 | ---D | C] -- C:\Users\Rachel\Desktop\Ray Help
[2009/12/06 10:05:58 | 00,000,000 | ---D | C] -- C:\Users\Rachel\Documents\Dell Webcam Center
[2009/12/06 10:05:51 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\Creative
[2009/12/05 18:49:58 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\vmm32
[2009/12/05 18:47:46 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2009/12/05 18:47:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Reallusion
[2009/12/05 18:46:57 | 05,627,904 | ---- | C] (Reallusion Inc.) -- C:\Windows\SysWow64\LiveCamVirtual.ocx
[2009/12/05 18:46:36 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\InstallShield
[2009/12/05 18:45:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Creative Live! Cam
[2009/12/05 18:45:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
[2009/12/05 18:45:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2009/12/05 18:44:38 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2009/12/05 18:44:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2009/12/05 18:36:17 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\Mozilla
[2009/12/05 18:35:57 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\LimeWire
[2009/12/05 18:34:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2009/12/05 15:47:00 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Local\Diagnostics
[2009/12/05 14:48:58 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/12/05 14:48:46 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\SUPERAntiSpyware.com
[2009/12/05 14:48:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/12/05 14:26:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2009/12/05 14:15:44 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Local\ElevatedDiagnostics
[2009/12/05 13:57:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2009/12/05 13:19:28 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\GetRightToGo
[2009/12/05 11:17:35 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\Macromedia
[2009/12/05 11:16:58 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2009/12/04 23:45:25 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009/12/03 23:23:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2009/12/03 23:23:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2009/12/03 23:23:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2009/12/03 23:22:43 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/12/03 23:22:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2009/12/03 23:20:22 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/12/03 23:20:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2009/12/03 23:18:54 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Local\Microsoft Help
[2009/12/03 23:18:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2009/12/03 23:18:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2009/12/03 23:17:23 | 00,000,000 | ---D | C] -- C:\Office Enterprise Edition 2007
[2009/12/03 23:12:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2009/12/03 23:12:15 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\Adobe
[2009/12/03 23:12:11 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Local\Adobe
[2009/12/03 23:07:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/12/03 23:07:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2009/12/03 23:07:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2009/12/03 23:04:51 | 00,000,000 | ---D | C] -- C:\Acrobat Pro 9
[2009/12/03 22:57:23 | 00,000,000 | ---D | C] -- C:\Users\Rachel\Bluetooth Software
[2009/12/03 22:55:17 | 00,000,000 | ---D | C] -- C:\Users\Rachel\Documents\LimeWire
[2009/12/03 22:55:17 | 00,000,000 | ---D | C] -- C:\Users\Rachel\Documents\Fundamentalof US
[2009/12/03 22:55:06 | 00,000,000 | ---D | C] -- C:\Users\Rachel\Documents\DMS Imaging
[2009/12/03 22:55:06 | 00,000,000 | ---D | C] -- C:\Users\Rachel\Documents\Bluetooth Exchange Folder
[2009/12/03 22:54:50 | 00,000,000 | ---D | C] -- C:\Users\Rachel\Documents\Papers
[2009/12/03 22:51:44 | 00,000,000 | ---D | C] -- C:\Users\Rachel\Desktop\Recipes
[2009/12/03 22:51:43 | 00,000,000 | ---D | C] -- C:\Users\Rachel\Desktop\R493 Physics
[2009/12/03 22:51:40 | 00,000,000 | ---D | C] -- C:\Users\Rachel\Desktop\R492
[2009/12/03 22:51:39 | 00,000,000 | ---D | C] -- C:\Users\Rachel\Desktop\R409 Senior Project
[2009/12/03 22:51:30 | 00,000,000 | ---D | C] -- C:\Users\Rachel\Desktop\LimeWire
[2009/12/03 22:43:50 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Local\MigWiz
[2009/12/03 20:54:26 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Local\Symantec
[2009/12/03 20:52:11 | 00,172,592 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2009/12/03 20:52:10 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/12/03 20:47:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/12/03 20:47:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2009/12/03 20:47:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2009/12/03 20:47:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2009/12/03 20:46:28 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009/12/03 20:46:22 | 00,000,000 | ---D | C] -- C:\Symantec Endpoint Protection 11.0.5 64-Bit
[2009/12/03 20:36:25 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/12/03 20:34:07 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/12/03 20:32:16 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/12/03 20:23:11 | 00,000,000 | ---D | C] -- C:\Windows.old
[2009/12/03 19:02:07 | 00,000,000 | ---D | C] -- C:\Program Files\Protector Suite
[2009/12/03 18:57:32 | 00,000,000 | R--D | C] -- C:\Users\Rachel\Searches
[2009/12/03 18:57:17 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\Identities
[2009/12/03 18:57:14 | 00,000,000 | R--D | C] -- C:\Users\Rachel\Contacts
[2009/12/03 18:57:12 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Local\VirtualStore
[2009/12/03 18:57:01 | 00,000,000 | --SD | C] -- C:\Users\Rachel\AppData\Roaming\Microsoft
[2009/12/03 18:57:01 | 00,000,000 | R--D | C] -- C:\Users\Rachel\Videos
[2009/12/03 18:57:01 | 00,000,000 | R--D | C] -- C:\Users\Rachel\Saved Games
[2009/12/03 18:57:01 | 00,000,000 | R--D | C] -- C:\Users\Rachel\Pictures
[2009/12/03 18:57:01 | 00,000,000 | R--D | C] -- C:\Users\Rachel\Music
[2009/12/03 18:57:01 | 00,000,000 | R--D | C] -- C:\Users\Rachel\Links
[2009/12/03 18:57:01 | 00,000,000 | R--D | C] -- C:\Users\Rachel\Favorites
[2009/12/03 18:57:01 | 00,000,000 | R--D | C] -- C:\Users\Rachel\Downloads
[2009/12/03 18:57:01 | 00,000,000 | R--D | C] -- C:\Users\Rachel\Documents
[2009/12/03 18:57:01 | 00,000,000 | R--D | C] -- C:\Users\Rachel\Desktop
[2009/12/03 18:57:01 | 00,000,000 | -HSD | C] -- C:\Users\Rachel\AppData\Local\Temporary Internet Files
[2009/12/03 18:57:01 | 00,000,000 | -HSD | C] -- C:\Users\Rachel\Templates
[2009/12/03 18:57:01 | 00,000,000 | -HSD | C] -- C:\Users\Rachel\Start Menu
[2009/12/03 18:57:01 | 00,000,000 | -HSD | C] -- C:\Users\Rachel\SendTo
[2009/12/03 18:57:01 | 00,000,000 | -HSD | C] -- C:\Users\Rachel\Recent
[2009/12/03 18:57:01 | 00,000,000 | -HSD | C] -- C:\Users\Rachel\PrintHood
[2009/12/03 18:57:01 | 00,000,000 | -HSD | C] -- C:\Users\Rachel\NetHood
[2009/12/03 18:57:01 | 00,000,000 | -HSD | C] -- C:\Users\Rachel\Documents\My Videos
[2009/12/03 18:57:01 | 00,000,000 | -HSD | C] -- C:\Users\Rachel\Documents\My Pictures
[2009/12/03 18:57:01 | 00,000,000 | -HSD | C] -- C:\Users\Rachel\Documents\My Music
[2009/12/03 18:57:01 | 00,000,000 | -HSD | C] -- C:\Users\Rachel\My Documents
[2009/12/03 18:57:01 | 00,000,000 | -HSD | C] -- C:\Users\Rachel\Local Settings
[2009/12/03 18:57:01 | 00,000,000 | -HSD | C] -- C:\Users\Rachel\AppData\Local\History
[2009/12/03 18:57:01 | 00,000,000 | -HSD | C] -- C:\Users\Rachel\Cookies
[2009/12/03 18:57:01 | 00,000,000 | -HSD | C] -- C:\Users\Rachel\Application Data
[2009/12/03 18:57:01 | 00,000,000 | -HSD | C] -- C:\Users\Rachel\AppData\Local\Application Data
[2009/12/03 18:57:01 | 00,000,000 | -H-D | C] -- C:\Users\Rachel\AppData
[2009/12/03 18:57:01 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Local\Temp
[2009/12/03 18:57:01 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Local\Microsoft
[2009/12/03 18:57:01 | 00,000,000 | ---D | C] -- C:\Users\Rachel\AppData\Roaming\Media Center Programs
[2009/12/03 18:56:47 | 00,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 14 Days ==========

[2009/12/08 10:20:13 | 01,048,576 | -HS- | M] () -- C:\Users\Rachel\NTUSER.DAT
[2009/12/08 09:51:47 | 00,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/12/08 09:51:47 | 00,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/12/08 09:51:47 | 00,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/12/08 09:51:44 | 00,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/08 09:51:44 | 00,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/08 09:44:32 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/08 09:44:14 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/08 09:44:01 | 32,197,01760 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/08 09:43:04 | 01,140,604 | -H-- | M] () -- C:\Users\Rachel\AppData\Local\IconCache.db
[2009/12/07 22:21:48 | 00,699,089 | ---- | M] () -- C:\Users\Rachel\Desktop\review book ch 1-7.docx
[2009/12/05 18:48:05 | 00,000,074 | RHS- | M] () -- C:\Windows\CT4CET.bin
[2009/12/05 18:36:31 | 00,001,484 | ---- | M] () -- C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/12/05 17:52:26 | 00,029,475 | ---- | M] () -- C:\Users\Rachel\Desktop\Research proposal.docx
[2009/12/05 17:49:03 | 00,038,346 | ---- | M] () -- C:\Users\Rachel\Desktop\Proposal rough draft.pdf
[2009/12/05 00:02:37 | 00,109,968 | ---- | M] () -- C:\Users\Rachel\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/05 00:01:53 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/12/04 23:31:23 | 00,421,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/12/03 23:19:33 | 00,000,478 | ---- | M] () -- C:\Windows\win.ini
[2009/12/03 23:10:59 | 00,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2009/12/03 20:52:20 | 00,172,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2009/12/03 20:52:20 | 00,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2009/12/03 20:52:20 | 00,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2009/12/03 20:37:51 | 00,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2009/12/03 20:37:51 | 00,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2009/12/03 20:32:03 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/12/03 19:05:02 | 00,524,288 | -HS- | M] () -- C:\Users\Rachel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009/12/03 19:05:02 | 00,524,288 | -HS- | M] () -- C:\Users\Rachel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009/12/03 19:05:02 | 00,065,536 | -HS- | M] () -- C:\Users\Rachel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009/12/03 19:02:17 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2009/12/03 19:02:17 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2009/12/03 18:57:01 | 00,000,020 | -HS- | M] () -- C:\Users\Rachel\ntuser.ini
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/03 16:13:58 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/11/30 18:15:34 | 00,015,710 | ---- | M] () -- C:\Users\Rachel\Desktop\Mutinodular Goiter of the Thyroid Gland.docx
[2009/11/30 18:15:30 | 00,011,935 | ---- | M] () -- C:\Users\Rachel\Desktop\thyroid works cited.docx
[2009/11/28 11:40:51 | 00,000,036 | RHS- | M] () -- C:\.uid_xxx
[2009/11/28 11:25:14 | 00,027,299 | ---- | M] () -- C:\Users\Rachel\Desktop\chat log.docx
[2009/11/25 20:55:06 | 00,027,289 | ---- | M] () -- C:\Users\Rachel\Documents\chat log.docx

========== Files Created - No Company Name ==========

[2009/12/05 18:48:05 | 00,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/12/05 18:36:31 | 00,001,484 | ---- | C] () -- C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/12/05 17:52:39 | 00,029,475 | ---- | C] () -- C:\Users\Rachel\Desktop\Research proposal.docx
[2009/12/05 17:49:03 | 00,038,346 | ---- | C] () -- C:\Users\Rachel\Desktop\Proposal rough draft.pdf
[2009/12/05 00:01:53 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/12/03 23:10:59 | 00,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2009/12/03 22:55:20 | 00,023,072 | ---- | C] () -- C:\Users\Rachel\Documents\EXAMS FOR CLINICALS.docx
[2009/12/03 22:55:19 | 00,027,289 | ---- | C] () -- C:\Users\Rachel\Documents\chat log.docx
[2009/12/03 22:55:19 | 00,010,775 | ---- | C] () -- C:\Users\Rachel\Documents\cover letter.docx
[2009/12/03 22:55:06 | 00,001,951 | ---- | C] () -- C:\Users\Rachel\Documents\WebEx Document Loader Port
[2009/12/03 22:54:53 | 00,013,906 | ---- | C] () -- C:\Users\Rachel\Documents\article critique 2.docx
[2009/12/03 22:51:44 | 00,699,089 | ---- | C] () -- C:\Users\Rachel\Desktop\review book ch 1-7.docx
[2009/12/03 22:51:44 | 00,463,018 | ---- | C] () -- C:\Users\Rachel\Desktop\repetitive & posture.pdf
[2009/12/03 22:51:44 | 00,091,677 | ---- | C] () -- C:\Users\Rachel\Desktop\Ambidextrous.pdf
[2009/12/03 22:51:44 | 00,069,664 | ---- | C] () -- C:\Users\Rachel\Desktop\Ergonomics.pdf
[2009/12/03 22:51:44 | 00,047,616 | ---- | C] () -- C:\Users\Rachel\Desktop\REVIEW+BOOK+TERMS.doc
[2009/12/03 22:51:44 | 00,045,056 | ---- | C] () -- C:\Users\Rachel\Desktop\resume.doc
[2009/12/03 22:51:44 | 00,033,580 | ---- | C] () -- C:\Users\Rachel\Desktop\review book cover page.docx
[2009/12/03 22:51:44 | 00,027,299 | ---- | C] () -- C:\Users\Rachel\Desktop\chat log.docx
[2009/12/03 22:51:44 | 00,027,245 | ---- | C] () -- C:\Users\Rachel\Desktop\WRMDs 5.htm
[2009/12/03 22:51:44 | 00,026,765 | ---- | C] () -- C:\Users\Rachel\Desktop\WRMDs 4.htm
[2009/12/03 22:51:44 | 00,026,415 | ---- | C] () -- C:\Users\Rachel\Desktop\WRMDs 3.htm
[2009/12/03 22:51:44 | 00,026,304 | ---- | C] () -- C:\Users\Rachel\Desktop\WRMDs 6.htm
[2009/12/03 22:51:44 | 00,026,219 | ---- | C] () -- C:\Users\Rachel\Desktop\WRMDs.htm
[2009/12/03 22:51:44 | 00,025,898 | ---- | C] () -- C:\Users\Rachel\Desktop\WRMDs 7.htm
[2009/12/03 22:51:44 | 00,024,778 | ---- | C] () -- C:\Users\Rachel\Desktop\WRMDs 2.htm
[2009/12/03 22:51:44 | 00,020,310 | ---- | C] () -- C:\Users\Rachel\Desktop\cover letter sample.docx
[2009/12/03 22:51:44 | 00,015,710 | ---- | C] () -- C:\Users\Rachel\Desktop\Mutinodular Goiter of the Thyroid Gland.docx
[2009/12/03 22:51:44 | 00,012,628 | ---- | C] () -- C:\Users\Rachel\Desktop\Hypothesis.docx
[2009/12/03 22:51:44 | 00,011,993 | ---- | C] () -- C:\Users\Rachel\Desktop\notes for ch8-12 physics test.docx
[2009/12/03 22:51:44 | 00,011,935 | ---- | C] () -- C:\Users\Rachel\Desktop\thyroid works cited.docx
[2009/12/03 22:51:44 | 00,001,950 | ---- | C] () -- C:\Users\Rachel\Desktop\Windows Photo Gallery.lnk
[2009/12/03 22:51:44 | 00,001,770 | ---- | C] () -- C:\Users\Rachel\Desktop\Windows Calendar.lnk
[2009/12/03 22:51:44 | 00,001,484 | ---- | C] () -- C:\Users\Rachel\Desktop\LimeWire 5.3.6.lnk
[2009/12/03 20:52:11 | 00,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2009/12/03 20:52:11 | 00,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2009/12/03 20:33:01 | 32,197,01760 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/03 19:02:17 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2009/12/03 19:02:17 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2009/12/03 18:57:01 | 00,524,288 | -HS- | C] () -- C:\Users\Rachel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009/12/03 18:57:01 | 00,524,288 | -HS- | C] () -- C:\Users\Rachel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009/12/03 18:57:01 | 00,065,536 | -HS- | C] () -- C:\Users\Rachel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009/12/03 18:57:01 | 00,000,020 | -HS- | C] () -- C:\Users\Rachel\ntuser.ini
[2009/12/03 18:57:00 | 01,048,576 | -HS- | C] () -- C:\Users\Rachel\NTUSER.DAT
[2009/12/03 18:20:10 | 00,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2009/11/28 11:40:51 | 00,000,036 | RHS- | C] () -- C:\.uid_xxx
[2009/07/13 17:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/12/05 14:39:05 | 00,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\GetRightToGo
[2009/12/08 09:45:33 | 00,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\LimeWire
[2009/07/13 23:08:49 | 00,004,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/11/02 06:03:16 | 00,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_c41411ff\AGP440.sys
[2009/07/13 19:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 19:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2008/01/20 20:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2008/01/20 20:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_986ce78a\AGP440.sys
[2008/01/20 20:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_eee87d92\AGP440.sys
[2008/01/20 20:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 20:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 19:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2008/01/20 20:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_1d87dda2\atapi.sys
[2008/01/20 20:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/12/12 06:50:00 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2006/11/02 06:01:02 | 00,020,072 | ---- | M] (Microsoft Corporation) MD5=DF96CF8885724430024B7522E5C95722 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_f8cccc79\atapi.sys
[2009/04/11 01:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009/04/11 01:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_b6d20d6f\atapi.sys
[2009/04/11 01:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2008/12/12 06:50:00 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_2e70e17b\atapi.sys
[2008/12/12 06:50:00 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows.old\Windows\System32\cngaudit.dll
[2006/11/02 05:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2009/07/13 19:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 19:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 19:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\SysWOW64\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[2009/07/13 19:40:20 | 00,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/04/16 23:47:30 | 00,044,544 | ---- | M] (UPEK Inc.) MD5=1C9548E5A7B9BB52A25EC2DC4707A822 -- C:\Windows.old\Program Files\Fingerprint Reader Suite\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/07/17 06:43:34 | 00,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Drivers\storage\R191846\IaStor.sys
[2008/09/22 05:44:28 | 00,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Drivers\storage\R198771\iastor.sys
[2008/07/17 06:43:34 | 00,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Windows.old\Windows\System32\drivers\iaStor.sys
[2008/07/17 06:43:34 | 00,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iaahci.inf_4299cc6b\iaStor.sys
[2008/07/17 06:43:34 | 00,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastor.inf_81169ae5\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 20:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2008/01/20 20:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_fbe95c71\iaStorV.sys
[2008/01/20 20:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006/11/02 05:51:48 | 00,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_69d79584\iaStorV.sys
[2009/07/13 19:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 19:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 20:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/07/13 19:41:52 | 00,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\SysWOW64\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 01:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows.old\Windows\System32\netlogon.dll
[2009/04/11 01:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 20:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2009/07/13 19:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 19:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 19:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 19:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 19:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2006/11/02 06:02:51 | 00,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_a5403adf\nvstor.sys
[2008/01/20 20:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2008/01/20 20:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_63cdbcfd\nvstor.sys
[2008/01/20 20:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 19:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 19:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 19:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2008/01/20 20:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 20:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/07/13 19:41:53 | 00,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\SysWOW64\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 01:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows.old\Windows\System32\scecli.dll
[2009/04/11 01:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

OTL EXTRAS LOG

OTL Extras logfile created on: 12/8/2009 10:18:22 AM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Users\Rachel\Desktop\Ray Help
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 71.78% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.29 Gb Total Space | 122.70 Gb Free Space | 55.70% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.81 Gb Free Space | 28.13% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RACHEL-PC
Current User Name: Rachel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{65482307-FE7D-4E7F-9DEF-3F0E841BC77A}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/6/2009 2:28:20 AM | Computer Name = Rachel-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 12/6/2009 3:28:20 AM | Computer Name = Rachel-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 12/6/2009 4:28:20 AM | Computer Name = Rachel-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 12/6/2009 5:28:20 AM | Computer Name = Rachel-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 12/6/2009 12:02:12 PM | Computer Name = Rachel-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 12/7/2009 6:26:08 PM | Computer Name = Rachel-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 12/7/2009 7:26:15 PM | Computer Name = Rachel-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 12/7/2009 8:26:15 PM | Computer Name = Rachel-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 12/7/2009 9:26:15 PM | Computer Name = Rachel-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 12/7/2009 10:20:11 PM | Computer Name = Rachel-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

[ System Events ]
Error - 12/8/2009 11:22:34 AM | Computer Name = Rachel-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/8/2009 11:23:05 AM | Computer Name = Rachel-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 12/8/2009 11:26:27 AM | Computer Name = Rachel-PC | Source = Service Control Manager | ID = 7031
Description = The Symantec Event Manager service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 200 milliseconds:
Restart the service.

Error - 12/8/2009 11:26:27 AM | Computer Name = Rachel-PC | Source = Service Control Manager | ID = 7031
Description = The Symantec Settings Manager service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 100
milliseconds: Restart the service.

Error - 12/8/2009 11:28:38 AM | Computer Name = Rachel-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/8/2009 11:28:38 AM | Computer Name = Rachel-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/8/2009 11:29:23 AM | Computer Name = Rachel-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 12/8/2009 11:44:00 AM | Computer Name = Rachel-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/8/2009 11:44:00 AM | Computer Name = Rachel-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 12/8/2009 11:44:40 AM | Computer Name = Rachel-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL


< End of report >

12.9.09 Update

The computer is worse than ever. Even when i try to open windows now (i.e. a word document that is open but i try to click in the tool bar to open and it wont let me). The mouse has a mind of its own and it generally seems that the computer is possessed. Functionality is getting worse daily. Started out as just affecting volume and dvd drive ejecting on its own but now it seems more widespread.

Help!

Edited by silverlakeboyz, 09 December 2009 - 01:21 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP