Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer slow

Started by above38 , Jan 29 2011 09:31 AM

  • This topic is locked This topic is locked

#1
above38
Posted 29 January 2011 - 09:31 AM

above38

    Member

  • Member
  • PipPipPip
  • 116 posts
I have windows vista. I have used all the malware removal recommended and it still isnt working as fast as it should. I have posted the OTL logs below.

thanks in advance

OTL logfile created on: 1/29/2011 10:25:42 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Marianne\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 637.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61.97 Gb Total Space | 29.50 Gb Free Space | 47.61% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.08 Gb Free Space | 60.82% Space Free | Partition Type: NTFS

Computer Name: MARIANNE-PC | User Name: Marianne | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/29 10:18:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe
PRC - [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/01/29 10:18:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/20 09:17:39 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/07/27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/09/03 00:09:42 | 000,024,576 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/10/06 13:59:06 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/03/03 01:51:06 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/30 09:37:42 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxbmcoms.exe -- (lxbm_device)


========== Driver Services (SafeList) ==========

DRV - [2008/03/03 02:02:09 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/03/03 02:02:09 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/03/03 02:02:09 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/14 22:54:26 | 000,111,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/12/14 22:53:56 | 001,674,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/12/12 01:02:00 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/29 00:31:54 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/07 01:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/06 11:43:26 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 00:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 00:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2006/11/02 21:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 21:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 21:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}:2.2

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/30 03:03:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 03:03:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/23 09:27:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/23 09:26:58 | 000,000,000 | ---D | M]

[2011/01/23 09:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\Mozilla\Extensions
[2011/01/23 09:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\i3ptb0cu.default\extensions
[2011/01/23 09:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\i3ptb0cu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/23 09:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\i3ptb0cu.default\extensions\staged-xpis
[2011/01/23 09:26:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/30 03:03:47 | 000,000,000 | ---D | M] (Default Manager) -- C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\DEFAULT MANAGER\DMEXTENSION
[2010/11/30 03:03:33 | 000,000,000 | ---D | M] ("Search Helper Extension") -- C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOL Radio Toolbar Loader) - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Radio Toolbar) - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨ă¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Radio Toolbar) - {9167DA98-6F9B-46F1-991D-826CAE46CAB6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Lexmark 4200 Series Fax Server] C:\Program Files\Lexmark 4200 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxbmmon.exe] C:\Program Files\Lexmark 4200 Series\lxbmmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Weather] File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysme...sCamControl.ocx (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Jigsaw%20Landscapes/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://fdl.msn.com/p...t/msnchat45.cab (MSN Chat Control 4.5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img26.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img26.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/29 10:18:45 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe
[2011/01/23 09:34:10 | 000,000,000 | ---D | C] -- C:\Users\Marianne\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/23 09:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/01/23 09:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/23 09:27:19 | 000,000,000 | ---D | C] -- C:\Users\Marianne\AppData\Roaming\Mozilla
[2011/01/23 09:27:19 | 000,000,000 | ---D | C] -- C:\Users\Marianne\AppData\Local\Mozilla
[2011/01/23 09:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/01/23 09:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/26 13:34:07 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbmserv.dll
[2010/07/26 13:34:07 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbmusb1.dll
[2010/07/26 13:34:07 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbminpa.dll
[2010/07/26 13:34:07 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbmiesc.dll
[2010/07/26 13:34:07 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBMhcp.dll
[2010/07/26 13:34:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbmpmui.dll
[2010/07/26 13:34:06 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbmlmpm.dll
[2010/07/26 13:34:06 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbmprox.dll
[2010/07/26 13:34:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbmpplc.dll
[2010/07/26 13:34:05 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbmhbn3.dll
[2010/07/26 13:34:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbmcomc.dll
[2010/07/26 13:34:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbmcomm.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/29 10:27:44 | 000,001,356 | ---- | M] () -- C:\Users\Marianne\AppData\Local\d3d9caps.dat
[2011/01/29 10:24:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/29 10:22:53 | 000,010,240 | ---- | M] () -- C:\Users\Marianne\Documents\resume July 14, 2010 2.wps
[2011/01/29 10:22:38 | 000,019,554 | ---- | M] () -- C:\Users\Marianne\AppData\Roaming\wklnhst.dat
[2011/01/29 10:22:38 | 000,011,264 | ---- | M] () -- C:\Users\Marianne\Documents\jan resume 2010.wps
[2011/01/29 10:18:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe
[2011/01/29 10:13:29 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3BB7B09D-FBE6-4706-9028-602C7CED1794}.job
[2011/01/29 10:12:02 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/29 10:12:01 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/25 18:52:37 | 000,000,564 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Marianne.job
[2011/01/23 13:32:57 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/23 13:32:57 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/23 13:27:38 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2011/01/23 09:34:06 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/23 09:27:06 | 000,001,750 | ---- | M] () -- C:\Users\Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/23 09:27:06 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/05 18:30:49 | 338,038,866 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/30 19:56:49 | 000,014,608 | ---- | M] () -- C:\Users\Marianne\Desktop\baby kenzy.jpg
[2010/12/30 19:18:47 | 000,013,965 | ---- | M] () -- C:\Users\Marianne\Desktop\melbourne.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/29 10:22:52 | 000,010,240 | ---- | C] () -- C:\Users\Marianne\Documents\resume July 14, 2010 2.wps
[2011/01/23 09:34:06 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/23 09:27:06 | 000,001,750 | ---- | C] () -- C:\Users\Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/23 09:27:06 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/26 13:43:41 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LXBRPMON.DLL
[2010/07/26 13:43:41 | 000,020,480 | ---- | C] () -- C:\Windows\System32\LXBRPMUI.DLL
[2010/07/26 13:40:51 | 000,000,328 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010/07/26 13:34:07 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbmutil.dll
[2010/07/26 13:34:07 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBMinst.dll
[2010/05/13 17:44:32 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/18 20:56:22 | 000,000,109 | ---- | C] () -- C:\Windows\PControl.ini
[2008/04/24 22:27:11 | 000,019,554 | ---- | C] () -- C:\Users\Marianne\AppData\Roaming\wklnhst.dat
[2008/03/11 17:57:31 | 000,001,356 | ---- | C] () -- C:\Users\Marianne\AppData\Local\d3d9caps.dat
[2008/03/07 23:36:33 | 000,000,034 | ---- | C] () -- C:\Windows\AuthMgr.INI
[2008/03/07 20:51:38 | 000,024,206 | ---- | C] () -- C:\Users\Marianne\AppData\Roaming\UserTile.png
[2008/03/07 19:40:21 | 000,015,360 | ---- | C] () -- C:\Users\Marianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/03 02:02:48 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/03 02:02:48 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/03/03 02:02:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2008/03/03 02:02:46 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/03/03 02:02:45 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/02 18:27:22 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/01/22 07:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbmcoin.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/10/25 12:51:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbmvs.dll
[2005/05/25 07:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbmcnv4.dll
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\Windows\System32\zlib.dll

========== LOP Check ==========

[2010/07/29 07:05:25 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\4200Series
[2008/03/07 23:27:00 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Earthlink
[2009/03/10 20:20:52 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\iWin
[2010/07/13 08:18:07 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Oberon Media
[2008/03/07 20:51:37 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\PeerNetworking
[2009/01/14 22:05:50 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Sony
[2009/01/14 21:58:20 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Sony Setup
[2009/12/11 17:04:49 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\SpinTop
[2008/04/25 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Template
[2008/03/08 07:31:14 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\tmp
[2008/12/11 21:01:34 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\WeatherBug
[2011/01/23 13:27:38 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2011/01/23 13:26:32 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/29 10:13:29 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3BB7B09D-FBE6-4706-9028-602C7CED1794}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:2CFBE2D1
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:C83012A4
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8E87BEE4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0D545CA9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:573DC2A3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:388D8E51
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:E52B0D7C
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:0D4A6333

< End of report >




OTL Extras logfile created on: 1/29/2011 10:25:42 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Marianne\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 637.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61.97 Gb Total Space | 29.50 Gb Free Space | 47.61% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.08 Gb Free Space | 60.82% Space Free | Partition Type: NTFS

Computer Name: MARIANNE-PC | User Name: Marianne | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014F6E6A-F2EF-429C-AB18-B3B7EE48F388}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{01925E6E-7774-4416-B890-5B328A667CEA}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{01946B81-BE8F-451F-9368-70A8E4037DC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0D22C679-6F2D-48FA-BC3D-CA22BD52ADB0}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{33BD1A49-D35B-4E11-9C1D-065AB9D7277B}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{3A8704A8-6011-44BF-A8D6-9C851DFE336C}" = lport=137 | protocol=17 | dir=in | app=system |
"{41CDCF0D-7FD4-4197-89E5-7A8D334CC5D4}" = rport=139 | protocol=6 | dir=out | app=system |
"{44249BC0-E54E-477C-AF87-23DD6172AA44}" = rport=445 | protocol=6 | dir=out | app=system |
"{462447F2-9110-4EED-8937-052160E85275}" = lport=138 | protocol=17 | dir=in | app=system |
"{4B239BFF-D5BD-45F7-BF55-B1DE2BB0FCB2}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{4D921B5E-6251-432C-8BA7-E6D2D1AD2133}" = lport=139 | protocol=6 | dir=in | app=system |
"{56063F62-F522-4B87-A749-D514032C3DCD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5ACE0BDD-37C7-43D7-9E68-5960C4016795}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{5B505166-FB1B-4345-934E-9844264603F5}" = rport=138 | protocol=17 | dir=out | app=system |
"{64078AA2-0833-4D65-A6E1-F04E10B4844A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{65200475-4338-44AD-9C7E-35FBC17D691C}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7014CCC9-6E2D-4C66-AFF9-71E5ACC9D2B7}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{7C727302-FFC9-4333-BC7B-4AB0F233F30A}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{85377CC5-8F83-417A-A207-5CC2687E76C3}" = rport=137 | protocol=17 | dir=out | app=system |
"{8C43CB36-6F12-463C-8CF3-32E4C98498D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A0B92040-0522-4A35-9B9A-1C5519473A92}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{AA5AB15B-A9DF-45A5-8D27-089E3A4F813F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BDEF2DB5-E985-4C64-B94B-C4E922DF8D24}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{C65B43C9-9ADE-4E59-B63D-37A49F43DF3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C857A63F-C1A6-4C8A-AA51-553B0F9ABCE8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D23DE7CE-66D4-49E2-9544-51CD6D19E944}" = lport=445 | protocol=6 | dir=in | app=system |
"{D263F8D3-5DBD-4599-9168-39A966AF6ADE}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{E0A5E1D9-8D2C-47E3-BEFE-F3DCBA82EE25}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{E7027A1B-4C00-43A9-B5AF-792E3826B242}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{FC97077D-E099-4A92-AA9D-24136F8724EB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C44DA80-09C1-4FC1-B275-4A3BB6D7DB10}" = protocol=17 | dir=in | app=c:\windows\system32\lxbmcoms.exe |
"{0DEF6166-AE9A-4588-BC32-01FAA96FB833}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{0FAD1EE0-A9AB-40E0-9456-EB94A978676A}" = protocol=58 | dir=out | [email protected],-28546 |
"{17F4E03C-E1E2-4A2F-AB7F-A0251F28FE60}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{250C40E6-A762-40BC-8C86-5BAFDB24CE25}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{2A3D6B70-1370-43A3-A99E-B1898BBAEE35}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{3B6CE923-9CC0-4C64-AFEE-B953DC379CBF}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{482A8588-AB1A-471B-AFE7-6F0890D9108E}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{51535F16-2AB3-4540-84BA-13DE5F6088D6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{6639C5DB-7422-43EF-8425-A3604429BB1D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{74699FEE-6931-4DC4-9E28-72DE86712485}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{88803719-C7C7-4A88-A11B-B1238E1F8DF2}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{89587CF1-9F38-4310-B413-0C5F06DD91C8}" = protocol=58 | dir=in | [email protected],-28545 |
"{95466A49-7570-4F73-9C60-C30A3E9A7355}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{AE82F8BB-2748-41C0-B47E-BB67A699CBE7}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbmpswx.exe |
"{B2290671-7AE8-46D2-948C-4C4509C5FF4B}" = protocol=1 | dir=out | [email protected],-28544 |
"{BD6038C1-B0CA-46E0-AB83-A203F6BFC95C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbmpswx.exe |
"{BED31279-6C5B-46DB-AA90-F1693BCAA827}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{BF029E77-4687-4FEE-B07C-81F045571DD9}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{BFC75677-DD85-45CE-B682-C51A68268093}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{C257754D-98B0-4AC8-B7F0-CEE41E9EF529}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{C7621EB0-AEE2-4515-91D6-23375256343F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C9B76F8A-DDBF-4668-B747-F993EDB1EA03}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{CC57D9B7-B520-4A3C-8EBA-5089E3251187}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{CDF84D48-EB0E-43DB-ADCA-B34CE49AC794}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{DAA994C3-0910-4025-BF27-089B8B6A3107}" = protocol=6 | dir=in | app=c:\windows\system32\lxbmcoms.exe |
"{DD4F92CB-42C2-4700-A0D3-C061E51EB975}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{E8A5CC02-BA85-42C8-88AE-A8E42B4C746C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{EF951674-B22C-430B-9B89-2FAE03288A8F}" = protocol=1 | dir=in | [email protected],-28543 |
"{FEF618A8-AC77-4416-8562-41C86F5190F4}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"TCP Query User{4AF7F6D3-BA57-4179-8037-F6C63982A65C}C:\program files\earthlink totalaccess\taskpanl.exe" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{B2F88F58-911F-4A68-8DCC-F55451A85403}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{854BBF93-338C-4CDA-84A1-F269940CA061}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EB36D7E4-8E35-4D00-AE25-FE59906F49C9}C:\program files\earthlink totalaccess\taskpanl.exe" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{2C8CC208-965C-48A1-90A8-DFB484358F1C}" = FaxRedist
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11375273}" = Super Jigsaw Dessert
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114005667}" = Super Jigsaw Adorable Animals 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}" = Bubbletown
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B86C9440-82D7-423C-9FEC-6CB3092D1AA4}" = Bing Bar Platform
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AOL Radio Toolbar" = AOL Radio Toolbar
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"Homepage Protection" = Homepage Protection
"Jigsaw Beach Holiday" = Jigsaw Beach Holiday
"Jigsaw Landscapes" = Jigsaw Landscapes
"Jigsaw Puzzle Platinum 2" = Jigsaw Puzzle Platinum 2
"Jigsaw365_is1" = Jigsaw365
"Lexmark 4200 Series" = Lexmark 4200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NSS" = Norton Security Scan
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"QuitKeeper" = Quit Keeper
"SeekeenSrch" = Seekeen 1.0 build 153
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"Yahoo! Companion" = Yahoo! ¤u¨ă¦C
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements

#2
Salagubang
Posted 10 February 2011 - 02:44 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi above38,

Sorry for the delay.

Welcome to Geekstogo. My name is Salagubang and if you still need assistance I'll be glad helping you with this problem.

Since the logs are quite old, I need to see a fresh scan.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Select All Users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the
    Quick Scan
    button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
above38
Posted 15 February 2011 - 07:09 PM

above38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Hi, I just wanted to let you know i am running the otl on the computer and will post asap. I still need help.

thank you
  • 0

#4
above38
Posted 16 February 2011 - 07:42 AM

above38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
i am not seeing an extras log


OTL logfile created on: 2/16/2011 8:47:04 AM - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Marianne\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 528.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61.97 Gb Total Space | 29.42 Gb Free Space | 47.48% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.08 Gb Free Space | 60.82% Space Free | Partition Type: NTFS

Computer Name: MARIANNE-PC | User Name: Marianne | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Marianne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Marianne\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\System32\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\System32\duser.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (lxbm_device) -- C:\Windows\System32\lxbmcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1596184171-2094407595-622832547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1596184171-2094407595-622832547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-1596184171-2094407595-622832547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1596184171-2094407595-622832547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1596184171-2094407595-622832547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1596184171-2094407595-622832547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1596184171-2094407595-622832547-1000\..\URLSearchHook: {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
IE - HKU\S-1-5-21-1596184171-2094407595-622832547-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}:2.2

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/30 03:03:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 03:03:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/23 09:27:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/23 09:26:58 | 000,000,000 | ---D | M]

[2011/01/23 09:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\Mozilla\Extensions
[2011/01/29 10:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\i3ptb0cu.default\extensions
[2011/01/29 10:29:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\i3ptb0cu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/23 09:26:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/30 03:03:47 | 000,000,000 | ---D | M] (Default Manager) -- C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\DEFAULT MANAGER\DMEXTENSION
[2010/11/30 03:03:33 | 000,000,000 | ---D | M] ("Search Helper Extension") -- C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOL Radio Toolbar Loader) - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Radio Toolbar) - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨ã¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1596184171-2094407595-622832547-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1596184171-2094407595-622832547-1000\..\Toolbar\WebBrowser: (AOL Radio Toolbar) - {9167DA98-6F9B-46F1-991D-826CAE46CAB6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Lexmark 4200 Series Fax Server] C:\Program Files\Lexmark 4200 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxbmmon.exe] C:\Program Files\Lexmark 4200 Series\lxbmmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1596184171-2094407595-622832547-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1596184171-2094407595-622832547-1000..\Run: [Weather] File not found
O4 - HKU\S-1-5-21-1596184171-2094407595-622832547-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1596184171-2094407595-622832547-1000..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1596184171-2094407595-622832547-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1596184171-2094407595-622832547-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1596184171-2094407595-622832547-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysme...sCamControl.ocx (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Jigsaw%20Landscapes/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://fdl.msn.com/p...t/msnchat45.cab (MSN Chat Control 4.5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img26.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img26.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{18748633-072f-4004-b1f3-11a0df9a11e1} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: >{636737ba-95b6-4122-8851-3fe66c875f66} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2011/01/29 10:18:45 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe
[2011/01/23 09:34:10 | 000,000,000 | ---D | C] -- C:\Users\Marianne\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/23 09:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/01/23 09:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/23 09:27:19 | 000,000,000 | ---D | C] -- C:\Users\Marianne\AppData\Roaming\Mozilla
[2011/01/23 09:27:19 | 000,000,000 | ---D | C] -- C:\Users\Marianne\AppData\Local\Mozilla
[2011/01/23 09:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/01/23 09:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/26 13:34:07 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbmserv.dll
[2010/07/26 13:34:07 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbmusb1.dll
[2010/07/26 13:34:07 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbminpa.dll
[2010/07/26 13:34:07 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbmiesc.dll
[2010/07/26 13:34:07 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBMhcp.dll
[2010/07/26 13:34:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbmpmui.dll
[2010/07/26 13:34:06 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbmlmpm.dll
[2010/07/26 13:34:06 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbmprox.dll
[2010/07/26 13:34:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbmpplc.dll
[2010/07/26 13:34:05 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbmhbn3.dll
[2010/07/26 13:34:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbmcomc.dll
[2010/07/26 13:34:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbmcomm.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/16 08:42:24 | 000,617,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/16 08:42:24 | 000,103,440 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/16 08:37:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/16 08:19:10 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3BB7B09D-FBE6-4706-9028-602C7CED1794}.job
[2011/02/16 08:15:47 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/16 08:15:47 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/10 21:06:01 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2011/02/09 21:45:39 | 000,000,564 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Marianne.job
[2011/02/05 18:19:29 | 000,019,916 | ---- | M] () -- C:\Users\Marianne\AppData\Roaming\wklnhst.dat
[2011/02/05 18:19:29 | 000,001,957 | ---- | M] () -- C:\Users\Marianne\Documents\Resume February 5, 2011.htm
[2011/02/03 21:26:28 | 000,005,632 | ---- | M] () -- C:\Users\Marianne\Documents\password for trubo tax.wps
[2011/02/03 20:17:13 | 000,002,621 | ---- | M] () -- C:\Users\Marianne\Desktop\Taleo Business Edition ~ Premium.mht
[2011/01/29 10:34:03 | 000,001,356 | ---- | M] () -- C:\Users\Marianne\AppData\Local\d3d9caps.dat
[2011/01/29 10:22:53 | 000,010,240 | ---- | M] () -- C:\Users\Marianne\Documents\resume July 14, 2010 2.wps
[2011/01/29 10:22:38 | 000,011,264 | ---- | M] () -- C:\Users\Marianne\Documents\jan resume 2010.wps
[2011/01/29 10:18:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe
[2011/01/23 09:34:06 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/23 09:27:06 | 000,001,750 | ---- | M] () -- C:\Users\Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/23 09:27:06 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/05 18:19:24 | 000,001,957 | ---- | C] () -- C:\Users\Marianne\Documents\Resume February 5, 2011.htm
[2011/02/03 21:26:28 | 000,005,632 | ---- | C] () -- C:\Users\Marianne\Documents\password for trubo tax.wps
[2011/02/03 20:17:11 | 000,002,621 | ---- | C] () -- C:\Users\Marianne\Desktop\Taleo Business Edition ~ Premium.mht
[2011/01/29 10:22:52 | 000,010,240 | ---- | C] () -- C:\Users\Marianne\Documents\resume July 14, 2010 2.wps
[2011/01/23 09:34:06 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/23 09:27:06 | 000,001,750 | ---- | C] () -- C:\Users\Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/23 09:27:06 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/26 13:43:41 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LXBRPMON.DLL
[2010/07/26 13:43:41 | 000,020,480 | ---- | C] () -- C:\Windows\System32\LXBRPMUI.DLL
[2010/07/26 13:40:51 | 000,000,328 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010/07/26 13:34:07 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbmutil.dll
[2010/07/26 13:34:07 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBMinst.dll
[2010/05/13 17:44:32 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/18 20:56:22 | 000,000,109 | ---- | C] () -- C:\Windows\PControl.ini
[2008/04/24 22:27:11 | 000,019,916 | ---- | C] () -- C:\Users\Marianne\AppData\Roaming\wklnhst.dat
[2008/03/11 17:57:31 | 000,001,356 | ---- | C] () -- C:\Users\Marianne\AppData\Local\d3d9caps.dat
[2008/03/07 23:36:33 | 000,000,034 | ---- | C] () -- C:\Windows\AuthMgr.INI
[2008/03/07 20:51:38 | 000,024,206 | ---- | C] () -- C:\Users\Marianne\AppData\Roaming\UserTile.png
[2008/03/07 19:40:21 | 000,015,360 | ---- | C] () -- C:\Users\Marianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/03 02:02:48 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/03 02:02:48 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/03/03 02:02:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2008/03/03 02:02:46 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/03/03 02:02:45 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/02 18:27:22 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/01/22 07:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbmcoin.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/10/25 12:51:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbmvs.dll
[2005/05/25 07:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbmcnv4.dll
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\Windows\System32\zlib.dll

========== LOP Check ==========

[2010/07/29 07:05:25 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\4200Series
[2008/03/07 23:27:00 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Earthlink
[2009/03/10 20:20:52 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\iWin
[2010/07/13 08:18:07 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Oberon Media
[2008/03/07 20:51:37 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\PeerNetworking
[2009/01/14 22:05:50 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Sony
[2009/01/14 21:58:20 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Sony Setup
[2009/12/11 17:04:49 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\SpinTop
[2008/04/25 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Template
[2008/03/08 07:31:14 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\tmp
[2008/12/11 21:01:34 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\WeatherBug
[2011/02/10 21:06:01 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2011/01/23 13:26:32 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/16 08:19:10 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3BB7B09D-FBE6-4706-9028-602C7CED1794}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:2CFBE2D1
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:C83012A4
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8E87BEE4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0D545CA9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:573DC2A3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:388D8E51
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:E52B0D7C
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:0D4A6333

< End of report >

Edited by above38, 16 February 2011 - 07:51 AM.

  • 0

#5
Salagubang
Posted 16 February 2011 - 08:02 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Step One

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKLM\..\URLSearchHook: {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
IE - HKU\S-1-5-21-1596184171-2094407595-622832547-1000\..\URLSearchHook: {69224684-5682-419b-9fe4-ef7946ee3319} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL Inc.)
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}:2.2
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨ă¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-1596184171-2094407595-622832547-1000..\Run: [Weather] File not found
O15 - HKU\S-1-5-21-1596184171-2094407595-622832547-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1596184171-2094407595-622832547-1000\..Trusted Ranges: GD ([http] in Local intranet)
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:2CFBE2D1
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:C83012A4
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8E87BEE4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0D545CA9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:573DC2A3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:388D8E51
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:E52B0D7C
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:0D4A6333

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Step Two

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#6
above38
Posted 16 February 2011 - 06:47 PM

above38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{69224684-5682-419b-9fe4-ef7946ee3319} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69224684-5682-419b-9fe4-ef7946ee3319}\ deleted successfully.
C:\Program Files\AOL Radio Toolbar\aolradiotb.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1596184171-2094407595-622832547-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{69224684-5682-419b-9fe4-ef7946ee3319} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69224684-5682-419b-9fe4-ef7946ee3319}\ not found.
File C:\Program Files\AOL Radio Toolbar\aolradiotb.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files\MyWebSearch\bar\2.bin not found.
Prefs.js: {27182e60-b5f3-411c-b545-b44205977502}:1.0 removed from extensions.enabledItems
Prefs.js: {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}:2.2 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] not found.
File C:\Program Files\MyWebSearch\bar\2.bin not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1596184171-2094407595-622832547-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Weather deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1596184171-2094407595-622832547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1596184171-2094407595-622832547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
ADS C:\ProgramData\TEMP:2CFBE2D1 deleted successfully.
ADS C:\ProgramData\TEMP:C46995DA deleted successfully.
ADS C:\ProgramData\TEMP:C83012A4 deleted successfully.
ADS C:\ProgramData\TEMP:3E7393FC deleted successfully.
ADS C:\ProgramData\TEMP:8E87BEE4 deleted successfully.
ADS C:\ProgramData\TEMP:0D545CA9 deleted successfully.
ADS C:\ProgramData\TEMP:573DC2A3 deleted successfully.
ADS C:\ProgramData\TEMP:388D8E51 deleted successfully.
ADS C:\ProgramData\TEMP:E52B0D7C deleted successfully.
ADS C:\ProgramData\TEMP:0D4A6333 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marianne
->Temp folder emptied: 74076643 bytes
->Temporary Internet Files folder emptied: 490099290 bytes
->Java cache emptied: 314291 bytes
->FireFox cache emptied: 43662857 bytes
->Flash cache emptied: 420732 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38689131 bytes
RecycleBin emptied: 310293885 bytes

Total Files Cleaned = 913.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Marianne
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.20.6 log created on 02162011_175731

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#7
Salagubang
Posted 23 February 2011 - 09:17 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

Are you still with me?
  • 0

#8
above38
Posted 24 February 2011 - 01:47 PM

above38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
yes im sorry i have another computer and it crashed on me and havent been on this one. i will update with the next log.
  • 0

#9
Salagubang
Posted 24 February 2011 - 05:26 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Ok.
  • 0

#10
above38
Posted 25 February 2011 - 12:31 PM

above38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
combofix log


ComboFix 11-02-24.05 - Marianne 02/25/2011 13:33:53.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1013.639 [GMT -5:00]
Running from: c:\users\Marianne\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))
.

2011-02-25 18:43 . 2011-02-25 18:43 -------- d-----w- c:\users\Marianne\AppData\Local\temp
2011-02-25 18:43 . 2011-02-25 18:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-23 20:31 . 2011-02-23 21:40 -------- d-----w- c:\program files\Puran Defrag
2011-02-23 20:31 . 2011-02-15 23:39 233472 ----a-w- c:\windows\system32\PuranDefragS.exe
2011-02-23 20:31 . 2011-02-15 23:39 229376 ----a-w- c:\windows\system32\PuranDC.exe
2011-02-23 20:31 . 2011-02-15 23:39 1114112 ----a-w- c:\windows\system32\PuranFD.exe
2011-02-23 20:31 . 2011-02-15 23:39 108544 ----a-w- c:\windows\system32\PuranDefragBT.exe
2011-02-23 20:31 . 2009-12-31 19:02 212992 ----a-w- c:\windows\system32\PuranDefrag.dll
2011-02-23 05:13 . 2011-02-23 05:13 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-02-23 05:13 . 2011-02-23 05:13 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-02-22 12:30 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEE202D7-5574-4606-A872-9BA3CEF1B66D}\mpengine.dll
2011-02-21 19:17 . 2011-02-22 01:33 -------- d-----w- c:\users\Marianne\AppData\Roaming\Apple Computer
2011-02-21 19:16 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-21 19:16 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-02-21 19:16 . 2011-02-21 19:16 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-21 19:15 . 2011-02-21 19:15 -------- d-----w- c:\program files\iPod
2011-02-21 19:15 . 2011-02-21 19:16 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-21 19:15 . 2011-02-21 19:16 -------- d-----w- c:\program files\iTunes
2011-02-21 19:08 . 2011-02-21 19:15 -------- d-----w- c:\programdata\Apple Computer
2011-02-21 19:05 . 2011-02-21 19:05 -------- d-----w- c:\program files\Apple Software Update
2011-02-21 19:02 . 2011-02-21 19:02 -------- d-----w- c:\program files\Bonjour
2011-02-16 22:57 . 2011-02-16 22:57 -------- d-----w- C:\_OTL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-14 23:51 . 2010-12-14 23:51 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-14 23:51 . 2010-12-14 23:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-2 50688]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
R2 lxbm_device;lxbm_device;c:\windows\system32\lxbmcoms.exe [2007-01-30 537520]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-20 30192]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-12-15 111104]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-02-15 233472]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-24 c:\windows\Tasks\Norton Security Scan for Marianne.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-30 04:04]

2011-02-25 c:\windows\Tasks\User_Feed_Synchronization-{3BB7B09D-FBE6-4706-9028-602C7CED1794}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\i3ptb0cu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-25 13:43
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-25 13:45:12
ComboFix-quarantined-files.txt 2011-02-25 18:45
ComboFix2.txt 2011-02-24 20:08

Pre-Run: 21,113,884,672 bytes free
Post-Run: 21,075,922,944 bytes free

- - End Of File - - C1931EEE2160F37FD0886324916CC98A

Edited by above38, 25 February 2011 - 12:46 PM.

  • 0

Advertisements

#11
Salagubang
Posted 25 February 2011 - 05:27 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

Looks ok. Lets scan for leftovers.

Step One

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step Two

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the Posted Image button.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

  • 0

#12
above38
Posted 26 February 2011 - 11:02 AM

above38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Malwarebytes' Anti-Malware 1.30
Database version: 1334
Windows 6.0.6000

2/26/2011 12:00:22 PM
mbam-log-2011-02-26 (12-00-22).txt

Scan type: Quick Scan
Objects scanned: 42585
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#13
above38
Posted 26 February 2011 - 01:17 PM

above38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
escan wouldnt let me save the file no matter what i did.

i copied to clipboard though and even tried to paste it in a text format. still wouldnt save it.

so i just pasted it here


C:\Program Files\SeekeenSrch\seekeen.dll a variant of Win32/Adware.OneStep application cleaned by deleting - quarantined
C:\Users\Marianne\Downloads\RegistryReviverSetup.exe a variant of Win32/Adware.RegistryReviver application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VI9TCFM\upgrade[1].cab a variant of Win32/Adware.OneStep application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VI9TCFM\upgrade[2].cab a variant of Win32/Adware.OneStep application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KBKADE78\upgrade[1].cab a variant of Win32/Adware.OneStep application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI6J9F3N\upgrade[1].cab a variant of Win32/Adware.OneStep application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VAU895PC\upgrade[1].cab a variant of Win32/Adware.OneStep application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VAU895PC\upgrade[2].cab a variant of Win32/Adware.OneStep application deleted - quarantined
  • 0

#14
Salagubang
Posted 26 February 2011 - 08:44 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi above38,

How is the computer now?

Also, please do a fresh OTL scan so I can for review our progress. :D
  • 0

#15
above38
Posted 27 February 2011 - 12:23 AM

above38

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
it still seems sluggish.



OTL logfile created on: 2/27/2011 1:24:32 AM - Run 4
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Marianne\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 494.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61.97 Gb Total Space | 24.69 Gb Free Space | 39.84% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.08 Gb Free Space | 60.82% Space Free | Partition Type: NTFS

Computer Name: MARIANNE-PC | User Name: Marianne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Marianne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\System32\lxbmcoms.exe ( )
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )


========== Modules (SafeList) ==========

MOD - C:\Users\Marianne\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (PuranDefrag) -- C:\Windows\System32\PuranDefragS.exe (Puran Software)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (lxbm_device) -- C:\Windows\System32\lxbmcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/30 03:03:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 03:03:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/23 00:13:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/23 00:13:36 | 000,000,000 | ---D | M]

[2011/01/23 09:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\Mozilla\Extensions
[2011/02/26 09:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\i3ptb0cu.default\extensions
[2011/01/29 10:29:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\i3ptb0cu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/23 09:26:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/02/24 15:06:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOL Radio Toolbar Loader) - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Radio Toolbar) - {9167da98-6f9b-46f1-991d-826cae46cab6} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Radio Toolbar) - {9167DA98-6F9B-46F1-991D-826CAE46CAB6} - File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysme...sCamControl.ocx (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Jigsaw%20Landscapes/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://fdl.msn.com/p...t/msnchat45.cab (MSN Chat Control 4.5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img26.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img26.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/26 15:05:18 | 000,000,000 | ---D | C] -- C:\TEMP
[2011/02/26 12:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/25 13:45:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/25 13:45:14 | 000,000,000 | ---D | C] -- C:\Users\Marianne\AppData\Local\temp
[2011/02/25 13:44:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/24 14:51:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/24 14:51:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/24 14:51:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/24 14:51:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/24 14:51:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/24 14:51:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/23 15:31:05 | 001,114,112 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranFD.exe
[2011/02/23 15:31:05 | 000,233,472 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranDefragS.exe
[2011/02/23 15:31:05 | 000,229,376 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranDC.exe
[2011/02/23 15:31:05 | 000,212,992 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranDefrag.dll
[2011/02/23 15:31:05 | 000,108,544 | ---- | C] (Puran Software) -- C:\Windows\System32\PuranDefragBT.exe
[2011/02/23 15:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2011/02/23 15:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/02/22 08:25:37 | 005,470,720 | ---- | C] (Jeffrey Harris) -- C:\Users\Marianne\Desktop\SharePod.exe
[2011/02/21 14:17:23 | 000,000,000 | ---D | C] -- C:\Users\Marianne\AppData\Roaming\Apple Computer
[2011/02/21 14:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/21 14:16:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/02/21 14:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/21 14:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/21 14:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/21 14:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/02/21 14:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/02/21 14:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/02/21 14:07:52 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/02/21 14:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/02/21 14:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/02/16 17:57:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/29 10:18:45 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe
[2010/07/26 13:34:07 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbmserv.dll
[2010/07/26 13:34:07 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbmusb1.dll
[2010/07/26 13:34:07 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbminpa.dll
[2010/07/26 13:34:07 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbmiesc.dll
[2010/07/26 13:34:07 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBMhcp.dll
[2010/07/26 13:34:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbmpmui.dll
[2010/07/26 13:34:06 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbmlmpm.dll
[2010/07/26 13:34:06 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbmprox.dll
[2010/07/26 13:34:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbmpplc.dll
[2010/07/26 13:34:05 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbmhbn3.dll
[2010/07/26 13:34:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbmcomc.dll
[2010/07/26 13:34:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbmcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/02/27 00:35:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/27 00:35:37 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 00:35:37 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/26 21:58:06 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3BB7B09D-FBE6-4706-9028-602C7CED1794}.job
[2011/02/26 15:04:28 | 000,000,329 | ---- | M] () -- C:\Windows\Lexstat.ini
[2011/02/26 14:17:59 | 1063,301,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/25 21:33:23 | 000,017,408 | ---- | M] () -- C:\Users\Marianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/25 21:31:43 | 000,002,736 | ---- | M] () -- C:\Users\Marianne\Desktop\catalog.css
[2011/02/25 21:31:43 | 000,002,362 | ---- | M] () -- C:\Users\Marianne\Desktop\PG-ID.css
[2011/02/25 21:24:49 | 000,089,537 | ---- | M] () -- C:\Users\Marianne\Desktop\TaxReturn Anthony.pdf
[2011/02/25 13:32:12 | 004,274,659 | R--- | M] () -- C:\Users\Marianne\Desktop\ComboFix.exe
[2011/02/24 15:06:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/23 23:36:27 | 000,000,564 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Marianne.job
[2011/02/23 15:31:32 | 000,000,017 | ---- | M] () -- C:\Windows\System32\npd6.d
[2011/02/23 15:31:06 | 000,000,864 | ---- | M] () -- C:\Users\Marianne\Desktop\Puran Defrag.lnk
[2011/02/22 08:36:13 | 000,000,000 | ---- | M] () -- C:\Users\Marianne\Desktop\SharePodSettings.xml
[2011/02/22 08:25:37 | 005,470,720 | ---- | M] (Jeffrey Harris) -- C:\Users\Marianne\Desktop\SharePod.exe
[2011/02/21 14:16:42 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/21 14:09:10 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/16 20:17:17 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/16 20:17:17 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/15 18:39:12 | 001,114,112 | ---- | M] (Puran Software) -- C:\Windows\System32\PuranFD.exe
[2011/02/15 18:39:12 | 000,233,472 | ---- | M] (Puran Software) -- C:\Windows\System32\PuranDefragS.exe
[2011/02/15 18:39:12 | 000,229,376 | ---- | M] (Puran Software) -- C:\Windows\System32\PuranDC.exe
[2011/02/15 18:39:12 | 000,108,544 | ---- | M] (Puran Software) -- C:\Windows\System32\PuranDefragBT.exe
[2011/02/05 18:19:29 | 000,019,916 | ---- | M] () -- C:\Users\Marianne\AppData\Roaming\wklnhst.dat
[2011/02/05 18:19:29 | 000,001,957 | ---- | M] () -- C:\Users\Marianne\Documents\Resume February 5, 2011.htm
[2011/02/03 21:26:28 | 000,005,632 | ---- | M] () -- C:\Users\Marianne\Documents\password for trubo tax.wps
[2011/02/03 20:17:13 | 000,002,621 | ---- | M] () -- C:\Users\Marianne\Desktop\Taleo Business Edition ~ Premium.mht
[2011/01/29 10:34:03 | 000,001,356 | ---- | M] () -- C:\Users\Marianne\AppData\Local\d3d9caps.dat
[2011/01/29 10:22:53 | 000,010,240 | ---- | M] () -- C:\Users\Marianne\Documents\resume July 14, 2010 2.wps
[2011/01/29 10:22:38 | 000,011,264 | ---- | M] () -- C:\Users\Marianne\Documents\jan resume 2010.wps
[2011/01/29 10:18:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2011/02/26 14:17:59 | 1063,301,120 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/25 21:31:43 | 000,002,736 | ---- | C] () -- C:\Users\Marianne\Desktop\catalog.css
[2011/02/25 21:31:43 | 000,002,362 | ---- | C] () -- C:\Users\Marianne\Desktop\PG-ID.css
[2011/02/25 21:24:46 | 000,089,537 | ---- | C] () -- C:\Users\Marianne\Desktop\TaxReturn Anthony.pdf
[2011/02/24 14:51:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/24 14:51:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/24 14:51:41 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/24 14:51:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/24 14:51:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/24 14:48:14 | 004,274,659 | R--- | C] () -- C:\Users\Marianne\Desktop\ComboFix.exe
[2011/02/23 15:31:10 | 000,000,017 | ---- | C] () -- C:\Windows\System32\npd6.d
[2011/02/23 15:31:06 | 000,000,864 | ---- | C] () -- C:\Users\Marianne\Desktop\Puran Defrag.lnk
[2011/02/22 08:36:13 | 000,000,000 | ---- | C] () -- C:\Users\Marianne\Desktop\SharePodSettings.xml
[2011/02/21 14:16:42 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/21 14:09:10 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/05 18:19:24 | 000,001,957 | ---- | C] () -- C:\Users\Marianne\Documents\Resume February 5, 2011.htm
[2011/02/03 21:26:28 | 000,005,632 | ---- | C] () -- C:\Users\Marianne\Documents\password for trubo tax.wps
[2011/02/03 20:17:11 | 000,002,621 | ---- | C] () -- C:\Users\Marianne\Desktop\Taleo Business Edition ~ Premium.mht
[2011/01/29 10:22:52 | 000,010,240 | ---- | C] () -- C:\Users\Marianne\Documents\resume July 14, 2010 2.wps
[2010/07/26 13:43:41 | 000,036,864 | ---- | C] () -- C:\Windows\System32\LXBRPMON.DLL
[2010/07/26 13:43:41 | 000,020,480 | ---- | C] () -- C:\Windows\System32\LXBRPMUI.DLL
[2010/07/26 13:40:51 | 000,000,329 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010/07/26 13:34:07 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbmutil.dll
[2010/07/26 13:34:07 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBMinst.dll
[2010/05/13 17:44:32 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/18 20:56:22 | 000,000,109 | ---- | C] () -- C:\Windows\PControl.ini
[2008/04/24 22:27:11 | 000,019,916 | ---- | C] () -- C:\Users\Marianne\AppData\Roaming\wklnhst.dat
[2008/03/11 17:57:31 | 000,001,356 | ---- | C] () -- C:\Users\Marianne\AppData\Local\d3d9caps.dat
[2008/03/07 23:36:33 | 000,000,034 | ---- | C] () -- C:\Windows\AuthMgr.INI
[2008/03/07 20:51:38 | 000,024,206 | ---- | C] () -- C:\Users\Marianne\AppData\Roaming\UserTile.png
[2008/03/07 19:40:21 | 000,017,408 | ---- | C] () -- C:\Users\Marianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/03 02:02:48 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/03 02:02:48 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/03/03 02:02:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2008/03/03 02:02:46 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/03/03 02:02:45 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/02 18:27:22 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/01/22 07:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbmcoin.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/10/25 12:51:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbmvs.dll
[2005/05/25 07:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbmcnv4.dll
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\Windows\System32\zlib.dll

========== LOP Check ==========

[2010/07/29 07:05:25 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\4200Series
[2008/03/07 23:27:00 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Earthlink
[2009/03/10 20:20:52 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\iWin
[2010/07/13 08:18:07 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Oberon Media
[2008/03/07 20:51:37 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\PeerNetworking
[2009/01/14 22:05:50 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Sony
[2009/01/14 21:58:20 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Sony Setup
[2009/12/11 17:04:49 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\SpinTop
[2008/04/25 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Template
[2008/03/08 07:31:14 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\tmp
[2008/12/11 21:01:34 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\WeatherBug
[2011/02/16 19:41:10 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/26 21:58:06 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3BB7B09D-FBE6-4706-9028-602C7CED1794}.job

========== Purity Check ==========



< End of report >

Edited by above38, 27 February 2011 - 12:30 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP