[KristinMW]

First, THANK YOU for all you do to help those of us who do stupid things that bring us to you! You are amazing people!

Second, my computer has been running super slow lately. I've done disc clean daily but that's not helping. I did upgrade to IE9 today but it's been running super slow for a while now. That is not what started it. We've had our settings change suddenly on us too. Like my desktop picture suddenly wasn't set to the 'fit' size for the screen. Just all of a sudden. Now it won't let me do a disc defrag.

Before this we had other problems, some of which have magically disappeared on us:
1. Error Message 1:
Desktop Gadgets
Settings.ini is being used by another process. Close the other program and then click Retry, or click Cancel to exit.
- this is no longer coming up but I didn't do anything to stop it, that I know of.

2. Error Message 2:
OpenOffice.org 3.3
Either another instance of OpenOffice.org is accessing your personal settings or your personal settings are locked. Simultaneous access can lead to inconsistencies in your personal settings. Before continuing, you should make sure user "closes OpenOffice.org on host".
- this is another that has magically disappeared.

3. I ran Spybot last week and was trying to find the registry entries I didn't want from that log and could not find them where the log said they'd be. Weird is all I can say on that.

4. I couldn't even run my Avast virus program because of these settings being locked. I was locked out of doing anything like install a program, save a file, or anything at all.

NOTE: now I just run super slow but not sure when the rest of this will come up again, so I'm here.

Here is my OTL log from just running it now:

OTL logfile created on: 7/21/2011 8:08:17 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.71% Memory free
3.98 Gb Paging File | 2.63 Gb Available in Paging File | 66.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 365.42 Gb Free Space | 78.47% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/11 11:12:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/19 17:44:17 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011/06/07 12:09:40 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/03/28 17:31:14 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\owner\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/08/28 04:43:14 | 001,486,848 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2002/04/16 16:11:28 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe


========== Modules (SafeList) ==========

MOD - [2011/07/11 11:12:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
MOD - [2011/07/04 06:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/02/20 09:55:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 06:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 06:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 06:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 06:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 06:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/07/04 06:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/06/13 10:53:54 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/08/23 00:06:38 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/08/17 06:17:44 | 001,077,760 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/15 22:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB DB 85 5A 05 0F CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\owner\AppData\Roaming\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/02/19 12:35:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/19 12:35:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/20 21:05:07 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DW6] File not found
O4 - HKCU..\Run: [SansaDispatch] C:\Users\owner\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinn...am/skillgam.cab (SkillGam Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinn...0/pool/pool.cab (Pool Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinn...cubis/cubis.cab (Cubis Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab (Hangman Control)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinn...ly/monopoly.cab (Monopoly Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinn...royal/royal.cab (Royal Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{582d1e1f-8ec7-11df-bae8-485b3930a63f}\Shell - "" = AutoRun
O33 - MountPoints2\{582d1e1f-8ec7-11df-bae8-485b3930a63f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/19 11:25:14 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{628EE233-4B9B-4B6C-A9A8-8BEFB3ADBC78}
[2011/07/18 12:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/16 10:59:30 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{29027C19-939D-46D5-8A47-524BFC38F0CB}
[2011/07/15 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{BC2696C9-45FC-4485-B2C2-61C9F704E003}
[2011/07/15 12:15:35 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{F1BDE0EB-FAD2-431E-9497-40BAEE85E1F1}
[2011/07/15 12:14:33 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{47AF583C-68E3-4B0C-9D80-D871C8896998}
[2011/07/15 12:07:55 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Shalimar Videos
[2011/07/11 11:12:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2011/07/10 20:38:16 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Spybot - Search & Destroy
[2011/07/10 20:38:16 | 000,000,000 | ---D | C] -- C:\PERepairData
[2011/06/22 18:01:26 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2004/09/08 09:47:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\RCCOLLAB.DLL

========== Files - Modified Within 30 Days ==========

[2011/07/21 20:01:41 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 20:01:41 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 19:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/21 19:54:28 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/21 19:54:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/21 19:54:14 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/20 21:23:44 | 000,001,793 | ---- | M] () -- C:\Users\owner\Desktop\Ironman2011 - Photos.lnk
[2011/07/20 21:10:31 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/07/18 11:17:43 | 000,000,137 | ---- | M] () -- C:\Users\owner\Desktop\Results Ironman 70.3 Racine.url
[2011/07/17 21:04:47 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/17 21:04:47 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/17 18:12:22 | 000,000,173 | ---- | M] () -- C:\Users\owner\Desktop\Pair of Australians rules at Ironman 70.3 Racine Triathlon.url
[2011/07/16 12:46:50 | 000,000,114 | ---- | M] () -- C:\Users\owner\Desktop\Ironman 70.3 Racine Racine, Wisconsin - July 17, 2011.url
[2011/07/15 10:08:02 | 000,000,122 | ---- | M] () -- C:\Users\owner\Desktop\Futuretainment Inc..url
[2011/07/15 09:02:33 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/07/14 10:38:38 | 000,001,115 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Sound Recorder.lnk
[2011/07/11 11:12:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2011/07/04 06:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 06:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/07/04 06:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/07/04 06:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/07/04 06:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/07/04 06:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/07/04 06:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/07/04 06:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/06/23 19:18:33 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

========== Files Created - No Company Name ==========

[2011/07/20 21:23:44 | 000,001,793 | ---- | C] () -- C:\Users\owner\Desktop\Ironman2011 - Photos.lnk
[2011/07/18 11:17:43 | 000,000,137 | ---- | C] () -- C:\Users\owner\Desktop\Results Ironman 70.3 Racine.url
[2011/07/17 18:12:22 | 000,000,173 | ---- | C] () -- C:\Users\owner\Desktop\Pair of Australians rules at Ironman 70.3 Racine Triathlon.url
[2011/07/16 12:46:50 | 000,000,114 | ---- | C] () -- C:\Users\owner\Desktop\Ironman 70.3 Racine Racine, Wisconsin - July 17, 2011.url
[2011/07/15 10:08:02 | 000,000,122 | ---- | C] () -- C:\Users\owner\Desktop\Futuretainment Inc..url
[2011/03/28 18:03:51 | 000,003,584 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/24 13:18:26 | 000,000,017 | ---- | C] () -- C:\Users\owner\AppData\Local\resmon.resmoncfg
[2011/02/05 11:51:00 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS7L.DLL
[2011/01/06 13:52:29 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/07/26 08:36:25 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/07/17 09:20:30 | 000,000,004 | ---- | C] () -- C:\Users\owner\AppData\Roaming\5208E3
[2010/07/17 09:20:29 | 000,870,128 | ---- | C] () -- C:\Users\owner\AppData\Roaming\mcs.rma
[2010/07/12 13:38:05 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2010/06/18 18:21:35 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/06/18 11:25:58 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/06/18 11:21:22 | 000,025,326 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/06/18 11:18:29 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/06/18 11:18:25 | 000,018,893 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/15 22:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,389,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,615,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,103,496 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

========== Files - Unicode (All) ==========
[2011/07/16 20:46:15 | 000,000,167 | ---- | M] ()(C:\Users\owner\Desktop\?blueoctoberofficial's Channel?? - YouTube.url) -- C:\Users\owner\Desktop\blueoctoberofficial's Channel‏ - YouTube.url
[2011/07/16 20:37:38 | 000,000,167 | ---- | C] ()(C:\Users\owner\Desktop\?blueoctoberofficial's Channel?? - YouTube.url) -- C:\Users\owner\Desktop\blueoctoberofficial's Channel‏ - YouTube.url

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F9819010

< End of report >


~~~~~~~~~~~~~~~~~~~ Following is the extras file that was created by OTL from the scan ~~~~~~~~~~~~~~~~~~~~~~~~


OTL Extras logfile created on: 7/21/2011 8:08:17 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.71% Memory free
3.98 Gb Paging File | 2.63 Gb Available in Paging File | 66.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 365.42 Gb Free Space | 78.47% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
"{03FB76DA-AFE2-F29B-6147-3D1F60812BA3}" = Fanbase
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A419-40A5-BD20-04BF618CA0F9}" = QuickBooks Simple Start 2010 Free Edition
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D92D5D0-624F-4ED3-98C2-CEE6A3285544}" = WebDwarf V2
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{16480125-0428-4097-9A2A-74464004D169}" = EOS Capture 1.3
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A81B632-07AB-4CAC-BB04-DF20DFFBFFA0}" = ArcSoft PhotoStudio 5.5
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5662C158-CA24-4228-BF6C-596FADA08682}" = Camera Support Core Library
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789CF5F1-3326-4B7B-9D01-31047E0F5651}" = Canon Utilities Digital Photo Professional 1.6.1
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Camera Window DS
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{862983D7-FA08-493E-A9ED-6B7859E069D3}" = Canon PhotoRecord
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}" = RAW Image Task 2.0
"{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}" = TWC Customer Controls
"{A35C2323-3CEA-405C-9569-EF5DDE930B2F}" = PrintMaster
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Camera Window DVC
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA4DF4C3-196E-4128-969A-00996B5A46F8}" = Canon MP500
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E73534D5-CC93-4C63-9072-5A9734255C74}" = Camera Window MC
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"Canon RAW Codec" = Canon RAW Codec
"com.atlanticrecords.Fanbase.A6C8DD5DA30F5C18C5C42884996720F649F6ED37.1" = Fanbase
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"doPDF 7 printer_is1" = doPDF 7.2 printer
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"Free CD Music Converter 10" = Free CD Music Converter 10
"Free Sound Recorder_is1" = Free Sound Recorder v9.2.7
"FreeChess" = 100% Free Chess 7.30
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{16480125-0428-4097-9A2A-74464004D169}" = Canon Utilities EOS Capture 1.3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{5662C158-CA24-4228-BF6C-596FADA08682}" = Canon Camera Support Core Library
"InstallShield_{789CF5F1-3326-4B7B-9D01-31047E0F5651}" = Canon Utilities Digital Photo Professional 1.6.1
"InstallShield_{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{E73534D5-CC93-4C63-9072-5A9734255C74}" = Canon Camera Window for ZoomBrowser EX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MP Navigator 2.0" = Canon MP Navigator 2.0
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer
"Rhapsody" = Rhapsody
"Shockwave" = Shockwave
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TVWiz" = Intel® TV Wizard
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/7/2011 7:42:57 AM | Computer Name = owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 6/7/2011 9:15:45 AM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x11ded158 Faulting process id:
0xdb4 Faulting application start time: 0x01cc25143d2c74a0 Faulting application path:
C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown Report
Id: 40347698-9108-11e0-9e73-485b3930a63f

Error - 6/7/2011 11:54:50 AM | Computer Name = owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/7/2011 11:59:04 AM | Computer Name = owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/7/2011 11:59:16 AM | Computer Name = owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/7/2011 11:59:17 AM | Computer Name = owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/7/2011 11:59:20 AM | Computer Name = owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/9/2011 10:35:25 AM | Computer Name = owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 6/9/2011 11:47:55 AM | Computer Name = owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 6/10/2011 9:39:18 AM | Computer Name = owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 7/21/2011 2:09:33 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/21/2011 4:10:34 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/21/2011 5:11:40 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/21/2011 5:44:05 PM | Computer Name = owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:43:25 PM on ?7/?21/?2011 was unexpected.

Error - 7/21/2011 5:44:14 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/21/2011 6:44:06 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/21/2011 8:16:41 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/21/2011 8:25:56 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/21/2011 8:50:02 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/21/2011 8:54:29 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2


< End of report >


I have no clue what any of this means. Your help is greatly appreciated!!!


Again .... a BIG THANK YOU!!!!!

kristin wilson, idiot.

[Advertisements]

bump, no replies yet. Still slow but was able to uninstall the Bing toolbar at least.

[KristinMW]

bump, no replies yet. Still slow but was able to uninstall the Bing toolbar at least.

[BlackOxide]

Hi, Kristin! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
• I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
• If you are not sure of anything along the way, just ask.

OK, lets start


Sorry for the delay in someone getting to you. I'll see if I can help out with the problems you're getting.

I could do with a fresh OTL log and a scan being done with aswMBR, so if you could follow the steps below, then get back to me with the logs that are created please.



1)
OTL Quick Scan

• Double click on the OTL icon to run it.
• When the window appears, underneath Output at the top, make sure Standard Output is selected.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open a notepad window.
• Please post the contents of this log

2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.




On completion of the scan click save log, save it to your desktop and post it in your next reply.






3)
Could you give me an update on how your PC is running at the moment. Is it still very slow loading Windows etc?




In your next reply
Please post the contents of...
OTL log
aswMBR log
Update on how the PC is behaving

[KristinMW]

Ok, will do so in a minute. Need to close some stuff out right now.

[KristinMW]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~ OTL Log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 8/2/2011 10:01:50 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.50% Memory free
3.98 Gb Paging File | 3.07 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 363.86 Gb Free Space | 78.14% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/11 11:12:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/07 12:09:40 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/03/28 17:31:14 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\owner\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/08/28 04:43:14 | 001,486,848 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2002/04/16 16:11:28 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe


========== Modules (SafeList) ==========

MOD - [2011/07/11 11:12:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
MOD - [2011/07/04 06:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/04/05 07:26:34 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/02/20 09:55:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 06:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 06:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 06:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 06:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 06:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/07/04 06:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/06/13 10:53:54 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/08/23 00:06:38 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/08/17 06:17:44 | 001,077,760 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/15 22:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB DB 85 5A 05 0F CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\owner\AppData\Roaming\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/20 21:05:07 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DW6] File not found
O4 - HKCU..\Run: [SansaDispatch] C:\Users\owner\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinn...cubis/cubis.cab (Cubis Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{582d1e1f-8ec7-11df-bae8-485b3930a63f}\Shell - "" = AutoRun
O33 - MountPoints2\{582d1e1f-8ec7-11df-bae8-485b3930a63f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/02 09:52:21 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\owner\Desktop\aswMBR.exe
[2011/07/23 18:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/23 18:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/23 17:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/21 20:37:39 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{C653994B-9066-4D23-AF4E-B18FC9FD036A}
[2011/07/19 11:25:14 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{628EE233-4B9B-4B6C-A9A8-8BEFB3ADBC78}
[2011/07/18 12:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/16 10:59:30 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{29027C19-939D-46D5-8A47-524BFC38F0CB}
[2011/07/15 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{BC2696C9-45FC-4485-B2C2-61C9F704E003}
[2011/07/15 12:15:35 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{F1BDE0EB-FAD2-431E-9497-40BAEE85E1F1}
[2011/07/15 12:14:33 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{47AF583C-68E3-4B0C-9D80-D871C8896998}
[2011/07/15 12:07:55 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Shalimar Videos
[2011/07/11 11:12:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2011/07/10 20:38:16 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Spybot - Search & Destroy
[2011/07/10 20:38:16 | 000,000,000 | ---D | C] -- C:\PERepairData
[2004/09/08 09:47:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\RCCOLLAB.DLL

========== Files - Modified Within 30 Days ==========

[2011/08/02 10:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/02 10:00:37 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/02 10:00:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/02 10:00:23 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/02 09:52:23 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\owner\Desktop\aswMBR.exe
[2011/08/02 08:57:48 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/02 08:57:48 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/02 08:56:26 | 000,000,169 | ---- | M] () -- C:\Users\owner\Desktop\Wild Root Market organizers launch ownership campaign.url
[2011/08/01 16:03:37 | 000,449,414 | ---- | M] () -- C:\Users\owner\Documents\TransUnion08012011_Jim.pdf
[2011/08/01 15:58:26 | 000,093,925 | ---- | M] () -- C:\Users\owner\Documents\Equifax_FACT_Rpt_08012011_Jim_1-10898965814.pdf
[2011/08/01 14:47:35 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/01 14:47:35 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/29 09:31:14 | 000,012,516 | ---- | M] () -- C:\Users\owner\Documents\BOA_0811Pmnt.pdf
[2011/07/26 19:21:24 | 001,313,280 | ---- | M] () -- C:\Users\owner\Documents\10YrAnniversary-Ours.hcr
[2011/07/21 21:14:20 | 000,000,235 | ---- | M] () -- C:\Users\owner\Desktop\Super Slow PC - Settings Change Suddenly - Geeks to Go Forums.url
[2011/07/20 21:10:31 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/07/15 09:02:33 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/07/14 10:38:38 | 000,001,115 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Sound Recorder.lnk
[2011/07/11 11:12:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2011/07/04 06:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 06:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/07/04 06:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/07/04 06:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/07/04 06:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/07/04 06:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/07/04 06:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/07/04 06:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/08/02 08:56:26 | 000,000,169 | ---- | C] () -- C:\Users\owner\Desktop\Wild Root Market organizers launch ownership campaign.url
[2011/08/01 16:03:37 | 000,449,414 | ---- | C] () -- C:\Users\owner\Documents\TransUnion08012011_Jim.pdf
[2011/08/01 15:58:25 | 000,093,925 | ---- | C] () -- C:\Users\owner\Documents\Equifax_FACT_Rpt_08012011_Jim_1-10898965814.pdf
[2011/07/29 09:31:14 | 000,012,516 | ---- | C] () -- C:\Users\owner\Documents\BOA_0811Pmnt.pdf
[2011/07/26 19:20:19 | 001,313,280 | ---- | C] () -- C:\Users\owner\Documents\10YrAnniversary-Ours.hcr
[2011/07/21 20:25:47 | 000,000,235 | ---- | C] () -- C:\Users\owner\Desktop\Super Slow PC - Settings Change Suddenly - Geeks to Go Forums.url
[2011/03/28 18:03:51 | 000,003,584 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/24 13:18:26 | 000,000,017 | ---- | C] () -- C:\Users\owner\AppData\Local\resmon.resmoncfg
[2011/02/05 11:51:00 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS7L.DLL
[2011/01/06 13:52:29 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/07/26 08:36:25 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/07/17 09:20:30 | 000,000,004 | ---- | C] () -- C:\Users\owner\AppData\Roaming\5208E3
[2010/07/17 09:20:29 | 000,870,128 | ---- | C] () -- C:\Users\owner\AppData\Roaming\mcs.rma
[2010/07/12 13:38:05 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2010/06/18 18:21:35 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/06/18 11:25:58 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/06/18 11:21:22 | 000,025,326 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/06/18 11:18:29 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/06/18 11:18:25 | 000,018,893 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/15 22:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,389,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,615,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,103,496 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2011/05/23 15:34:42 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Canon
[2011/03/06 12:12:39 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\com.atlanticrecords.Fanbase.A6C8DD5DA30F5C18C5C42884996720F649F6ED37.1
[2011/05/26 12:08:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Cool Record Edit Pro
[2011/05/11 08:09:20 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Free Sound Recorder
[2010/06/18 17:26:08 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OpenOffice.org
[2011/03/28 17:30:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SanDisk
[2010/09/02 09:43:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SmartDraw
[2010/06/27 11:01:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Softland
[2011/03/31 09:19:32 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Trusteer
[2010/10/31 09:56:51 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Virtual Mechanics
[2011/07/16 10:59:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Windows Live Writer
[2011/07/31 11:13:56 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F9819010

< End of report >





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~ aswMBR Log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-02 10:06:31
-----------------------------
10:06:31.708 OS Version: Windows 6.1.7601 Service Pack 1
10:06:31.708 Number of processors: 2 586 0x170A
10:06:31.708 ComputerName: OWNER-PC UserName: owner
10:06:37.402 Initialize success
10:06:37.621 AVAST engine defs: 11080101
10:06:46.825 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
10:06:46.825 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
10:06:48.868 Disk 0 MBR read successfully
10:06:48.868 Disk 0 MBR scan
10:06:48.884 Disk 0 Windows 7 default MBR code
10:06:48.884 Disk 0 scanning sectors +976771072
10:06:48.978 Disk 0 scanning C:\Windows\system32\drivers
10:06:56.746 Service scanning
10:06:59.071 Modules scanning
10:07:14.702 Disk 0 trace - called modules:
10:07:14.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys
10:07:14.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c358a0]
10:07:14.718 3 CLASSPNP.SYS[88f9f59e] -> nt!IofCallDriver -> [0x85b677e0]
10:07:14.733 5 ACPI.sys[88a8d3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85b5a338]
10:07:18.696 AVAST engine scan C:\Windows
10:07:23.298 AVAST engine scan C:\Windows\system32
10:08:53.341 AVAST engine scan C:\Windows\system32\drivers
10:09:06.866 AVAST engine scan C:\Users\owner
10:10:06.006 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
10:10:06.022 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"
10:21:34.900 AVAST engine scan C:\ProgramData
10:23:48.935 Scan finished successfully
10:23:57.375 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
10:23:57.375 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~ PC Update ~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. Nothing really going on anymore. All the issues seemed to have misteriously disappeared on me.

2. However, computer is running really, really slow. Is it too much pinned on the taskbar or my photo on the desktop? I try to cleanup the desktop icons on a regular basis. Sometimes I have a bunch on there, other times just a couple shortcuts.

NOTE: The computer was just bought last summer. It was fast when we first got it. However, I download programs like OpenOffice.org, QuickBooks Simple Start, and Google Earth and it slows it down ... I know that does. Is there a way to get them to not show up in the background processes -when I open the task manager I see them there. Is it something in the preferences of the programs or do we just have to deal with that?

Not much else to tell at this point.

THANK YOU! so much for being able to get to me!!! I know you all volunteer and are inundated with requests. You are our heroes!!!!!!!!

Kristin

[BlackOxide]

Hi Kristin, no problem, happy to help

Those two logs look good to me. We'll do a scan with MBAM now to see if it picks anything up, but it may not be a malware issue. Either way, we'll try and get it running better

In answer to your points above:

1. I wouldn't worry about the earlier issues, things should hopefully be ok from now onwards. If any strange behaviour does appear, just let me know.

2. Desktop icons can sometimes make a little bit of difference to boot speed, but generally not too much. We'll have a look at getting it running more quickly very soon.

I know that does. Is there a way to get them to not show up in the background processes -when I open the task manager I see them there. Is it something in the preferences of the programs or do we just have to deal with that?

Nope, they can be removed from running all of the time, we'll get to this very shortly




If could do the following steps below, then get back to me with the logs please...


1)
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




2)
Autoruns - Startup Items

• Click here to download Autoruns and Save it to your Desktop
• Extract the contents of Autoruns.zip by Right clicking it and choose Extract All (or Extract here if using WinRar)
• Once the contents have been extracted you will see a folder called Autoruns
• Open the folder and Right Click on autoruns and click Run as Administrator to launch the program
• Let the program finish scanning your PC until it says Ready in the bottom left
• Click File then Save, then in the Save as type box select Text (.txt) then in the File Name box above, call it StartupItems.txt and save it to your Desktop
• Please attach the StartupItems.txt to your next reply

To attach a file...

• Click Add Reply as you would do normally
• Then within the 'Attachments' area, click Browse and select the file that you want to attach
• Click the Attach This File button
• Now click Add to Post on the right hand side, to insert the attachment into your post.

In your next reply
Please post the contents of...
MBAM log
Attach the Autoruns log

[KristinMW]

I'll have to do this all tomorrow as a severe storm is rolling in right now. I've got this page bookmarked to check back and will do as you last asked tomorrow. Thank you so very, very much!!!

[BlackOxide]

No worries at all, that's fine, thanks for letting me know.

[KristinMW]

Sorry I ran out of time yesterday. Crazy day. But am working on now. Have a doctor appt this morning I need to get ready for now but here's the Malware Bytes log from just now (I hate that sneaky websearch thingy that always winds up in my registry! & a TROJAN I didn't expect!):


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7374

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

8/4/2011 7:13:53 AM
mbam-log-2011-08-04 (07-13-53).txt

Scan type: Quick scan
Objects scanned: 159192
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[KristinMW]

Here is the StartupItems.txt file you asked me to do. Thank you, thank you, thank you .... a million times over!!!!



Kristin

Attached Files

•  StartupItems.txt   60.98KB   93 downloads

[BlackOxide]

Hey,

No probs, let's do one more malware scan to make sure things are clean. We'll use Kasperksy's Virus Removal Tool. It may run for a few hours, just so you are aware. After that, I'd like you to go back into Autoruns and disable some startup items. Hopefully, this will speed things up a bit

Once you have done the following steps, if you could get back to me with the kaspersky log and let me know if disabling those startup items has made any difference with the speed of the PC.




1)
Kaspersky Virus Removal Tool

Click here to download the Kaspersky Virus Removal Tool.

• Save it to your desktop.
• Double click the setup file to run it.
• Follow the onscreen prompts until it is installed
• Click the Options button (the 'cog' icon), then make sure only the following are ticked:

• System Memory
• Hidden startup objects
• Disk boot sectors
• Local Disk (C:)
• Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

• Then click on Automatic Scan
• Now click the Start Scanning button, to run the scan
• If a message appears asking how to handle an infection, tick the Apply to all objects box, then click Disinfection
• If it says it cannot be Disinfected, then chooose the Delete option when prompted.
• After the scan is complete, click the reports button ('Paper icon', next to the 'cog' icon) on the right hand side
• Click Detected threats on the left
• Now click the Save button, and save it as kaslog.txt to your Desktop
• Please copy and paste the contents of kaslog.txt in your next reply.

2)
Autoruns Startup Modify
Open Autoruns by Right Clicking on autoruns.exe and click Run as Administrator
Once it has finished scanning and you see Ready in the bottom left corner, click the Logon tab at the top
Untick the following items:

• Adobe ARM
• Adobe Reader Speed Launcher
• IgfxTray
• Persistence
• TkBellExe
• Ulead Photo Express 4.0 SE Calendar Checker .lnk
• OpenOffice.org 3.3.lnk

Once you have unticked those items, just close Autoruns using the top right X
Now reboot your PC




In your next reply
Please post the contents of...
Kaspersky log

[KristinMW]

Okey dokey. I'll do the virus run overnight and post the log tomorrow. Sorry I didn't get to this sooner today. I'll post in the AM CT USA and do the startup cleanup. Thanks a gigagillion, word?!!!

[KristinMW]

Okey dokey. Got it done, the scan and the logon changes. Here's the scan report:
I don't know if it's showing but there were a few things that couldn't be disinfected and had to be deleted. I see I had some nice thing going with a trojan!!!! God I hate those things.

Status: Disinfected (events: 6)
8/5/2011 12:09:27 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.jn C:\Documents and Settings\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\4dbf747a-617714c4 High
8/5/2011 12:09:27 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.dm C:\Documents and Settings\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\4dbf747a-617714c4/mark2/plugin.class High
8/5/2011 12:09:26 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.jn C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\4dbf747a-617714c4 High
8/5/2011 12:09:26 AM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.dm C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\4dbf747a-617714c4/mark2/plugin.class High
8/5/2011 12:09:26 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.jn C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\4dbf747a-617714c4/powerColor/c2.class High
8/5/2011 12:09:27 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.jn C:\Documents and Settings\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\4dbf747a-617714c4/powerColor/c2.class High


As always ... thanks a million!!!!!!!!!!!

Kristin

[BlackOxide]

Hey Kristin,

Thanks a gigagillion, word?!!!

I somehow don't think it is, but I like it

I don't know if it's showing but there were a few things that couldn't be disinfected and had to be deleted. I see I had some nice thing going with a trojan!!!! God I hate those things.

Those Trojans are all located in your Java cache. We'll clear that up now. It's good that it didn't find anything else on your PC other than those


Lets clear your Java cache, Update Java, then remove some junk files. After doing these steps, could you let me know if you see any improvement in your PC's performance please.




1)
Clear Java Cache

Please click here, and then follow the instructions on clearing your Java's cache.




2)
Java updates

• Click the Start button
• Click Control Panel
• Double Click Java
• Click the Update tab
• Click Update Now
• Allow any updates to be downloaded and installed

If the Java icon is not visible in Control Panel, please go to here and click "Free Java Download" to get the latest version.




3)
Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Let me know if the above has helped with the performance at all

[KristinMW]

Hey, new problems! The settings.ini file isn't being allowed to be accessed again and my taskbar and windows is in that boxy, square and gray look. Settings have been changed again! And not by me. Also, I did clean up the Java as you instructed above but I could not find the update tab or button to update it. Is there anything you want me to do before the TFC??? Gosh this sucks!!!