Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search locked by Google

Started by detaylor12 , Oct 28 2010 06:16 PM

  • Please log in to reply

#1
detaylor12
Posted 28 October 2010 - 06:16 PM

detaylor12

    New Member

  • Member
  • Pip
  • 1 posts
SYstem Windows 7 Ultimate. Office 2010 Ultimate

All of a sudden two days ago My search engine on IE 8 got changed from Bing to Google and set as the default. I have tried to delete it and also thought that If I upgraded to IE 9 maybe it would go away. Also at the same time my passwords for my email (Outlook)disappeared and I have tried to edit the profiles and the passwords keep disappearing. When it asks for the password and I type it in it works once then the next time it does a send/receive I have to put the password in again.

OTL Output below

OTL logfile created on: 10/28/2010 5:00:18 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\PSM Monster\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 22.87 Gb Free Space | 30.72% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 465.65 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 301.24 Gb Free Space | 64.68% Space Free | Partition Type: NTFS

Computer Name: PSMMONSTER-PC | User Name: PSM Monster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/28 17:00:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\PSM Monster\Downloads\OTL.exe
PRC - [2010/10/21 13:39:18 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/09/22 13:19:36 | 000,273,672 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe
PRC - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2010/07/23 09:50:49 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2010/05/17 14:24:16 | 000,308,592 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008/09/10 13:17:40 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2010/10/28 17:00:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\PSM Monster\Downloads\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/03 20:12:46 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/05/17 14:24:16 | 000,308,592 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 18:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/21 16:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/07 18:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:07 | 000,543,744 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ltmdm64.sys -- (ltmodem5)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/16 08:43:08 | 003,479,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 8F 53 E7 DA 76 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWow64\conime.exe File not found
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Users\PSM Monster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/18 12:08:03 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{22328d21-9fd0-11df-bbda-0017315f463e}\Shell - "" = AutoRun
O33 - MountPoints2\{22328d21-9fd0-11df-bbda-0017315f463e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/28 12:45:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2010/10/26 19:41:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/10/26 17:04:05 | 000,000,000 | ---D | C] -- C:\Users\PSM Monster\AppData\Local\Diagnostics
[2010/10/25 16:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2010/10/25 10:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoHotkey
[2010/10/24 16:14:18 | 000,000,000 | ---D | C] -- C:\Users\PSM Monster\Desktop\RGT Online Book
[2010/10/23 11:40:15 | 000,000,000 | R--D | C] -- C:\Users\PSM Monster\Documents\Documents
[2010/10/23 11:32:01 | 000,000,000 | --SD | C] -- C:\Users\PSM Monster\Documents\background test
[2010/10/23 11:32:01 | 000,000,000 | ---D | C] -- C:\Users\PSM Monster\Documents\Blend Training
[2010/10/23 11:32:00 | 000,000,000 | ---D | C] -- C:\Users\PSM Monster\Documents\ASP_Net_TUT
[2010/10/23 11:31:59 | 000,000,000 | ---D | C] -- C:\Users\PSM Monster\Documents\Adobe
[2010/10/23 11:31:58 | 000,000,000 | ---D | C] -- C:\Users\PSM Monster\Documents\aaa-trip planning
[2010/10/22 17:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NaturalSoft Co. Ltd
[2010/10/22 17:01:47 | 000,000,000 | ---D | C] -- C:\Users\PSM Monster\AppData\Roaming\Acapela Group
[2010/10/22 17:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TTS1.4
[2010/10/22 17:01:28 | 000,000,000 | ---D | C] -- C:\Users\PSM Monster\Documents\Naturalsoft
[2010/10/22 17:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\naturalsoft
[2010/10/22 17:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NaturalSoft
[2010/10/22 10:12:17 | 000,000,000 | ---D | C] -- C:\Users\PSM Monster\AppData\Roaming\Nuance
[2010/10/22 10:10:13 | 000,000,000 | ---D | C] -- C:\Users\PSM Monster\AppData\Roaming\FLEXnet
[2010/10/22 10:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IVA
[2010/10/22 10:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nuance
[2010/10/22 10:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2010/10/22 10:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance
[2010/10/20 19:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2010/10/20 18:41:54 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/20 18:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/10/20 18:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010/10/20 17:10:21 | 000,000,000 | ---D | C] -- C:\Users\PSM Monster\AppData\Local\Windows Live
[2010/10/20 17:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/10/20 17:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/10/20 16:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2 C:\Users\PSM Monster\*.tmp files -> C:\Users\PSM Monster\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/28 15:51:26 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/28 15:51:26 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/28 12:58:00 | 000,001,441 | ---- | M] () -- C:\Users\PSM Monster\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/28 12:55:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/28 12:55:27 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/26 20:20:16 | 000,447,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/26 11:19:52 | 000,002,075 | ---- | M] () -- C:\Users\PSM Monster\AppData\Roaming\SAS7_000.DAT
[2010/10/23 13:08:26 | 000,951,192 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/23 13:08:26 | 000,783,914 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/23 13:08:26 | 000,165,206 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/22 17:01:45 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\NaturalReader 10.lnk
[2010/10/22 10:04:42 | 000,002,799 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
[2010/10/21 13:35:28 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/21 13:35:28 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/20 16:46:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2010/10/20 16:46:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2010/10/20 16:45:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2010/10/19 22:48:06 | 000,944,792 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/06 11:11:53 | 000,019,979 | ---- | M] () -- C:\Users\PSM Monster\Documents\Moms Service.docx
[2010/10/02 16:06:26 | 000,001,352 | ---- | M] () -- C:\Users\PSM Monster\Documents\AutoHotkey.ahk
[2 C:\Users\PSM Monster\*.tmp files -> C:\Users\PSM Monster\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/28 12:48:42 | 000,072,533 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010/10/28 12:48:41 | 000,072,533 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/10/23 11:31:58 | 000,081,408 | ---- | C] () -- C:\Users\PSM Monster\Documents\LD-2010-05
[2010/10/23 11:31:58 | 000,037,774 | ---- | C] () -- C:\Users\PSM Monster\Documents\llcc-Planning Aug 10.docx
[2010/10/23 11:31:58 | 000,019,979 | ---- | C] () -- C:\Users\PSM Monster\Documents\Moms Service.docx
[2010/10/23 11:31:57 | 001,003,845 | ---- | C] () -- C:\Users\PSM Monster\Documents\FT Account Application.pdf
[2010/10/23 11:31:57 | 000,128,325 | ---- | C] () -- C:\Users\PSM Monster\Documents\2010 09 Inn Minutes.pdf
[2010/10/23 11:31:57 | 000,022,943 | ---- | C] () -- C:\Users\PSM Monster\Documents\Contact form Code from CTRFX.docx
[2010/10/23 11:31:57 | 000,012,433 | ---- | C] () -- C:\Users\PSM Monster\Documents\2010-07-Greens.pdf
[2010/10/23 11:31:57 | 000,001,352 | ---- | C] () -- C:\Users\PSM Monster\Documents\AutoHotkey.ahk
[2010/10/23 11:31:57 | 000,000,000 | -H-- | C] () -- C:\Users\PSM Monster\Documents\Default.rdp
[2010/10/23 10:33:32 | 000,002,075 | ---- | C] () -- C:\Users\PSM Monster\AppData\Roaming\SAS7_000.DAT
[2010/10/22 17:01:45 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\NaturalReader 10.lnk
[2010/10/22 10:04:42 | 000,002,799 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
[2010/10/20 16:46:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2010/10/20 16:46:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2010/10/20 16:45:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2010/08/03 21:30:57 | 000,006,656 | ---- | C] () -- C:\Users\PSM Monster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/02 19:24:21 | 000,000,088 | RHS- | C] () -- C:\ProgramData\DB3A156452.sys
[2010/08/02 19:24:20 | 000,006,110 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/31 15:11:54 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ZLIB.DLL
[2010/07/31 13:17:17 | 000,000,236 | ---- | C] () -- C:\Users\PSM Monster\AppData\Local\LaunchHomeCenter.log
[2010/07/31 10:33:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/29 17:04:46 | 000,944,792 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/12 13:44:02 | 000,000,587 | ---- | C] () -- C:\Windows\SysWow64\AcaTTS.ini
[2008/09/10 13:17:24 | 000,154,144 | ---- | C] () -- C:\Windows\SysWow64\RTLCPAPI.dll
[2007/11/09 13:53:34 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\AcaTtsSapi5.dll
[2007/06/19 08:59:36 | 000,070,400 | ---- | C] () -- C:\Windows\SysWow64\PhysXLoader.dll
[2007/04/20 07:57:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2006/06/29 11:19:26 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\id3vx_ocx.dll
[2004/09/10 18:34:26 | 000,220,160 | ---- | C] () -- C:\Windows\SysWow64\WnASPI32.dll
[2004/02/28 05:30:12 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\TrustSupport.dll
[2003/08/07 14:01:52 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2001/08/13 20:09:48 | 000,659,520 | ---- | C] () -- C:\Windows\SysWow64\vbid3lib.dll

========== LOP Check ==========

[2010/10/22 17:01:47 | 000,000,000 | ---D | M] -- C:\Users\PSM Monster\AppData\Roaming\Acapela Group
[2010/07/31 15:18:00 | 000,000,000 | ---D | M] -- C:\Users\PSM Monster\AppData\Roaming\Likno Software
[2010/07/31 10:40:14 | 000,000,000 | ---D | M] -- C:\Users\PSM Monster\AppData\Roaming\MySQL
[2010/10/22 10:12:17 | 000,000,000 | ---D | M] -- C:\Users\PSM Monster\AppData\Roaming\Nuance
[2010/07/31 10:48:28 | 000,000,000 | ---D | M] -- C:\Users\PSM Monster\AppData\Roaming\PhotoScape
[2010/08/08 10:53:19 | 000,000,000 | ---D | M] -- C:\Users\PSM Monster\AppData\Roaming\Temp
[2010/07/31 14:12:15 | 000,000,000 | ---D | M] -- C:\Users\PSM Monster\AppData\Roaming\Ulead Systems
[2010/08/02 19:38:08 | 000,000,000 | ---D | M] -- C:\Users\PSM Monster\AppData\Roaming\Windows Live Writer
[2009/07/13 22:08:49 | 000,020,398 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:9E22BBE8

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP