Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! - Search Engine Redirect and Hidden Internet Radio


  • This topic is locked This topic is locked

#1
tc.bd.walt

tc.bd.walt

    Member

  • Member
  • PipPip
  • 13 posts
Last week my computer was infected with Windows XP Restore. Using RKill, MBAM, SSD and Hitman Pro, I seemed to successfully remove the infection. That was on Wed. On Friday, I started hearing what sounds like internet radio coming out of my speakers. It seems to be mostly entertainment type news and ads. I heard something about Music Scene TV. In addition, all my browser search links on Bing and Google are being redirected.

Since I have always been able to remove stuff like this for myself as well as for friends and family, I proceeded to update or download and run scans with the following:
- MBAM
- Hitman Pro
- Sybot Search and Destroy
- SUPERAntiSpyware
- ESET online scanner
- Symantec AV (which I have uninstalled now and replaced with a version of Vipre at a friends suggestion)

Each of these tools seemed to find various items, though I was not smart enough to note what they were, and seemed to successfully remove the found items.

However, after running all of the tools multiple times, in normal mode and safe mode, I am still having this problem.

Whenever I boot the machine and check my processes, iexplore.exe has started each time, but there is no visible indication, such as a minimized IE window, that it is running. I am able to kill the process, which stops the internet radio for a time, but it usually starts up again. Also, several additional programs have shown up on my computer in the last few days including:

- MP3TubeVideotoMP3
- Blinkx Beat
- FreezeFrog.exe

I have attempted to uninstall and remove each of these as they have been discovered.

At this point I am at a loss and am concerned about the potential risks of having what appears to be a compromised system, never mind the irritation of the continual internet radio playing and the redirection of my links.

Any help that can be given is greatly appreciated!

I downloaded OTL and ran a Quick Scan as instructed. Here is the log:




OTL logfile created on: 6/21/2011 7:10:50 PM - Run 5
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Apps
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 76.16% Memory free
5.09 Gb Paging File | 4.46 Gb Available in Paging File | 87.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.02 Gb Total Space | 32.50 Gb Free Space | 21.81% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 137.50 Gb Free Space | 92.28% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 812.99 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive K: | 68.23 Gb Total Space | 46.70 Gb Free Space | 68.44% Space Free | Partition Type: NTFS
Drive O: | 931.51 Gb Total Space | 812.99 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive S: | 931.51 Gb Total Space | 812.99 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive T: | 931.51 Gb Total Space | 812.99 Gb Free Space | 87.28% Space Free | Partition Type: NTFS

Computer Name: WALT_DESKTOP | User Name: Walt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Apps\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
PRC - C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\system32\lxebcoms.exe ( )
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Apps\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\LogMeIn\x86\LMIhook.000.dll (LogMeIn, Inc.)
MOD - C:\Program Files\Sunbelt Software\VIPRE\oehook.dll (Nektra S.A.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\snmpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rassapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mprapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\inetmib1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\activeds.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\adsldpc.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SBAMSvc) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SRV - (SBPIMSvc) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (lxeb_device) -- C:\WINDOWS\System32\lxebcoms.exe ( )
SRV - (lxebCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe ()


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (sbaphd) -- C:\WINDOWS\system32\drivers\sbaphd.sys (Sunbelt Software)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (vcdrom) -- C:\Documents and Settings\Walt\My Documents\Downloads\Jim\Extract\VCdRom.sys (Microsoft Corporation)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080611
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080611

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080611
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jim/office
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5A 69 7E 00 67 28 A7 4D 91 D5 62 B5 A4 45 5A ED [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolba...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "https://benefitdata1...usionsoft.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolba...={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolba...={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolba...={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolba...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://mp3tubetoolba...b488410&subid="

FF - user.js..keyword.URL: "http://mp3tubetoolba...removelink2&q="
FF - user.js..keyword.enabled: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/27 18:24:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/14 12:56:29 | 000,000,000 | ---D | M]

[2010/11/13 12:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Walt\Application Data\Mozilla\Extensions
[2011/06/20 12:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Walt\Application Data\Mozilla\Firefox\Profiles\3bhrmaz8.default\extensions
[2010/11/13 12:52:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Walt\Application Data\Mozilla\Firefox\Profiles\3bhrmaz8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/20 12:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/01 17:32:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/20 12:18:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/20 12:18:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/20 12:18:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/06/21 11:26:11 | 000,001,211 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Mp3Tube.xml

O1 HOSTS File: ([2011/06/21 16:31:13 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [lxebmon.exe] C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKCU..\Run: [Google Update] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1213633610906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Walt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{16bfe052-a9c7-11dd-b66c-001d099a4d14}\Shell\access\command - "" = G:\Secured_Area.exe
O33 - MountPoints2\{16bfe052-a9c7-11dd-b66c-001d099a4d14}\Shell\AutoRun\command - "" = G:\Secured_Area.exe
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/21 18:35:44 | 000,074,968 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011/06/21 18:35:43 | 000,021,592 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/06/21 18:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\Sunbelt
[2011/06/21 18:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2011/06/21 18:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sunbelt Software
[2011/06/21 18:28:04 | 000,212,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2011/06/21 18:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2011/06/21 16:31:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/21 10:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\Managed Antivirus
[2011/06/21 10:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Managed Antivirus
[2011/06/20 12:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/20 11:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VectorVest, Inc
[2011/06/20 10:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3Tube Toolbar
[2011/06/20 10:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FREEzeFrogSA
[2011/06/20 10:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\FREEzeFrog
[2011/06/20 10:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\FREEzeFrog
[2011/06/20 10:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2011/06/20 10:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuestScan
[2011/06/20 10:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuestScan
[2011/06/20 01:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Start Menu\Programs\Logmein
[2011/06/20 01:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Start Menu\Programs\Firefox
[2011/06/19 01:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/19 01:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/19 01:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/18 13:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/18 13:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Start Menu\Programs\HiJackThis
[2011/06/17 23:28:53 | 000,169,472 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\kbdycl32.dll
[2011/06/17 10:26:28 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/06/17 08:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/06/15 10:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
[2011/06/15 10:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2011/06/15 09:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/06/15 09:34:04 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoin.dll
[2011/06/15 09:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2011/06/15 09:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2011/06/15 09:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lexmark
[2011/06/15 09:33:14 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebserv.dll
[2011/06/15 09:33:14 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebusb1.dll
[2011/06/15 09:33:14 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhbn3.dll
[2011/06/15 09:33:14 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebpmui.dll
[2011/06/15 09:33:14 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeblmpm.dll
[2011/06/15 09:33:14 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebinpa.dll
[2011/06/15 09:33:14 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEBhcp.dll
[2011/06/15 09:33:14 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebiesc.dll
[2011/06/15 09:33:14 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebih.exe
[2011/06/15 09:33:13 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomc.dll
[2011/06/15 09:33:13 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoms.exe
[2011/06/15 09:33:13 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcfg.exe
[2011/06/15 09:33:13 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomm.dll
[2011/06/15 09:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Pro200-S500 Series
[2011/06/15 03:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/06/14 22:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/14 20:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\SUPERAntiSpyware.com
[2011/06/14 20:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/14 20:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/14 20:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/14 13:53:37 | 000,000,000 | ---D | C] -- C:\Apps
[2011/06/14 13:51:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Walt\Recent
[2011/06/10 11:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VectorVest
[2011/06/10 11:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Local Settings\Application Data\Citrix
[2011/06/09 13:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2011/06/09 12:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Local Settings\Application Data\Help
[2011/06/09 12:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\Help
[2011/06/02 13:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\bgaDesktop
[2011/06/02 13:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\SureLC_Desktop
[2011/06/02 13:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/21 19:09:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/21 19:09:19 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/21 19:06:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/21 19:06:45 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/21 19:05:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/21 18:42:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-924622083-92417848-350737671-1005UA.job
[2011/06/21 18:28:05 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2011/06/21 17:49:32 | 000,001,324 | ---- | M] () -- C:\Documents and Settings\Walt\Local Settings\Application Data\d3d9caps.dat
[2011/06/21 16:31:13 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/21 16:03:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/06/21 16:02:23 | 000,000,254 | ---- | M] () -- C:\WINDOWS\System32\AgentDWQ.xml
[2011/06/21 11:25:16 | 000,001,190 | ---- | M] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2011/06/21 10:19:07 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Microsoft Office Outlook 2003 (2).lnk
[2011/06/20 22:43:18 | 000,001,722 | -H-- | M] () -- C:\Documents and Settings\Walt\My Documents\Default.rdp
[2011/06/20 17:30:03 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Microsoft Office Word 2003 (2).lnk
[2011/06/20 14:36:33 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Microsoft Office Excel 2003 (2).lnk
[2011/06/20 12:22:06 | 000,000,019 | ---- | M] () -- C:\WINDOWS\System32\20d6b97d
[2011/06/20 11:47:21 | 000,525,976 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/20 11:47:21 | 000,097,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/20 11:32:51 | 000,001,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VectorVest 7.lnk
[2011/06/20 09:42:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-924622083-92417848-350737671-1005Core.job
[2011/06/19 07:55:15 | 000,000,096 | ---- | M] () -- C:\WINDOWS\System32\184068365
[2011/06/18 13:02:00 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\HiJackThis.lnk
[2011/06/17 23:28:53 | 000,169,472 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\kbdycl32.dll
[2011/06/17 12:45:22 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/17 09:07:27 | 000,000,394 | ---- | M] () -- C:\WINDOWS\ASC.INI
[2011/06/17 09:07:23 | 000,000,651 | ---- | M] () -- C:\WINDOWS\RTIWIN.INI
[2011/06/17 08:36:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 10:30:20 | 000,210,305 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/06/15 09:33:38 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Lexmark Printer Home.LNK
[2011/06/14 22:22:49 | 000,017,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/14 20:17:54 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/14 08:01:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/10 11:23:07 | 000,103,720 | ---- | M] () -- C:\Documents and Settings\Walt\GoToAssistDownloadHelper.exe
[2011/06/09 15:49:16 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Microsoft Office Publisher 2003 (2).lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/21 18:28:05 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2011/06/21 16:43:35 | 3487,744,000 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/21 16:02:23 | 000,000,254 | ---- | C] () -- C:\WINDOWS\System32\AgentDWQ.xml
[2011/06/21 11:25:16 | 000,001,190 | ---- | C] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2011/06/20 22:27:29 | 000,001,722 | -H-- | C] () -- C:\Documents and Settings\Walt\My Documents\Default.rdp
[2011/06/20 12:22:06 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\20d6b97d
[2011/06/20 11:32:51 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VectorVest 7.lnk
[2011/06/18 13:02:00 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\Walt\Desktop\HiJackThis.lnk
[2011/06/17 23:28:52 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\184068365
[2011/06/17 12:45:22 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/15 09:34:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxebvs.dll
[2011/06/15 09:34:01 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxebcui.dll
[2011/06/15 09:34:01 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxebcuir.dll
[2011/06/15 09:34:01 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxebgcfg.dll
[2011/06/15 09:34:01 | 000,065,106 | ---- | C] () -- C:\WINDOWS\System32\lxebprpr.chm
[2011/06/15 09:34:01 | 000,008,694 | ---- | C] () -- C:\WINDOWS\System32\lxebcommuilogo_rtl.bmp
[2011/06/15 09:34:01 | 000,008,694 | ---- | C] () -- C:\WINDOWS\System32\lxebcommuilogo.bmp
[2011/06/15 09:33:38 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Lexmark Printer Home.LNK
[2011/06/15 09:33:14 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEBinst.dll
[2011/06/15 09:33:14 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxebins.dll
[2011/06/15 09:33:14 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxebinsb.dll
[2011/06/15 09:33:14 | 000,210,305 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/06/15 09:33:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxebgrd.dll
[2011/06/15 09:33:14 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxebinsr.dll
[2011/06/15 09:33:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxebcub.dll
[2011/06/15 09:33:14 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxebjswr.dll
[2011/06/15 09:33:13 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxebcu.dll
[2011/06/15 09:33:13 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxebcur.dll
[2011/06/15 09:33:13 | 000,002,110 | ---- | C] () -- C:\WINDOWS\System32\lxeb.loc
[2011/06/14 22:22:49 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/14 20:17:54 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/10 11:23:06 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\Walt\GoToAssistDownloadHelper.exe
[2011/05/09 17:04:24 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/24 09:42:49 | 004,426,657 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-924622083-92417848-350737671-1005-0.dat
[2011/02/24 09:42:49 | 000,242,190 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/21 11:04:39 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEBsm.dll
[2011/01/21 11:04:39 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEBsmr.dll
[2010/11/24 20:06:36 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Walt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/22 10:47:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/13 12:51:22 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\Walt\Local Settings\Application Data\d3d9caps.dat
[2010/10/14 03:21:36 | 010,869,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/23 10:50:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/27 18:15:16 | 000,173,049 | ---- | C] () -- C:\WINDOWS\hpwins21.dat
[2009/11/27 18:15:16 | 000,000,428 | ---- | C] () -- C:\WINDOWS\hpwmdl21.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/24 14:29:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NPLSecureps.dll
[2009/03/24 14:23:00 | 000,000,184 | ---- | C] () -- C:\WINDOWS\bti.ini
[2009/03/24 14:22:00 | 000,043,760 | ---- | C] () -- C:\WINDOWS\System32\nwlocale.dll
[2009/03/24 14:14:31 | 000,000,651 | ---- | C] () -- C:\WINDOWS\RTIWIN.INI
[2009/03/24 14:08:09 | 000,000,394 | ---- | C] () -- C:\WINDOWS\ASC.INI
[2009/02/06 16:16:37 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2008/06/17 09:37:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBFC.dat
[2008/06/16 16:35:52 | 000,000,515 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/06/16 16:24:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/06/16 16:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/06/16 16:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/06/16 16:15:54 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2008/06/16 16:15:53 | 000,007,102 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2008/06/16 14:29:40 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2008/06/16 13:21:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/06/16 11:52:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/16 11:18:37 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Walt\Local Settings\Application Data\fusioncache.dat
[2008/06/11 15:25:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/11 15:20:46 | 000,000,232 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/11 14:58:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/06/11 14:58:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/06/11 14:58:08 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/06/11 14:58:07 | 000,151,367 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/06/11 14:58:07 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/06/11 14:58:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/06/11 14:57:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/06/11 14:57:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/06/11 14:55:47 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/14 17:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,246,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,525,976 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,097,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/02/27 06:00:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\MapGMem.dll

========== LOP Check ==========

[2011/06/20 10:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2010/05/08 14:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/12/08 11:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/06/21 11:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FREEzeFrogSA
[2009/10/29 09:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fund Manager
[2010/06/25 12:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gecko Software
[2009/10/30 11:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GrebleSoft
[2011/06/14 22:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/02/22 17:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro200-S500 Series
[2011/06/21 10:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/06/21 10:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Managed Antivirus
[2011/06/21 12:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/06/09 13:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2011/06/20 10:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuestScan
[2009/06/03 17:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/06/25 12:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TNT-HF
[2011/06/02 13:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\bgaDesktop
[2010/11/13 12:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\FileOpen
[2011/06/20 10:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\FREEzeFrog
[2011/04/01 12:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Fund Manager
[2011/05/09 17:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Insurance Technologies
[2010/11/13 12:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Leadertech
[2011/06/21 10:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Managed Antivirus
[2010/11/13 12:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Steele Systems
[2010/11/13 12:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Techsmith
[2010/11/13 12:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\TurboMeeting
[2010/11/13 12:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\VectorVest, Inc
[2011/06/16 14:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\webex

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Aaron

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi, welcome to Geeks to Go :) !
I'm Aaron and I will be helping you with your problem(s).

Before we start I need to mention a few things:
  • Please post all the requested logs directly in your reply, do not attach or put them in Quote/Code boxes unless asked to.
  • Try to reply every day please, I'll try to do the same. If this topic is inactive for 3 days, then it will be closed.
  • Note that removing malware is not instantaneous, I requires a specific process to be removed completely. Running antimalware removal tools I didn't ask for might slow this process down.
  • If you have any questions, don't hesitate to ask!
Let's get to work now. This might look like a lot of work to do, but these are only very small steps that don't take very long. By the way, why is this OTL's fifths run?

============ Step one ============

Start your computer in Safe Mode (press F8 after the BIOS screen). Then go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

FREEzeFrogSA
Mp3Tube Toolbar
QuestScan
Spybot - Search & Destroy -> can be a problem when removing malware, can be installed back later


============ Step two ============

Run OTL again

  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=d2d3210f173845ba8c5429a2cb488410&subid=&keywords={searchTerms}"
    FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=d2d3210f173845ba8c5429a2cb488410&subid=&keywords={searchTerms}"
    FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=d2d3210f173845ba8c5429a2cb488410&subid=&keywords={searchTerms}"
    FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=d2d3210f173845ba8c5429a2cb488410&subid=&keywords={searchTerms}"
    FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=d2d3210f173845ba8c5429a2cb488410&subid=&keywords={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ff&clid=d2d3210f173845ba8c5429a2cb488410&subid="
    FF - user.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="
    [2011/06/21 11:26:11 | 000,001,211 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Mp3Tube.xml
    O4 - HKCU..\Run: [Google Update] File not found
    O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{16bfe052-a9c7-11dd-b66c-001d099a4d14}\Shell\access\command - "" = G:\Secured_Area.exe
    O33 - MountPoints2\{16bfe052-a9c7-11dd-b66c-001d099a4d14}\Shell\AutoRun\command - "" = G:\Secured_Area.exe
    O33 - MountPoints2\Z\Shell - "" = AutoRun
    O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\Setup.exe
    [2011/06/20 10:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3Tube Toolbar
    [2011/06/20 10:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FREEzeFrogSA
    [2011/06/20 10:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\FREEzeFrog
    [2011/06/20 10:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\FREEzeFrog
    [2011/06/20 10:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    [2011/06/20 10:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuestScan
    [2011/06/20 10:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuestScan
    [2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
    [2011/06/20 12:22:06 | 000,000,019 | ---- | M] () -- C:\WINDOWS\System32\20d6b97d
    [2011/06/19 07:55:15 | 000,000,096 | ---- | M] () -- C:\WINDOWS\System32\184068365
    [2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the log it produces.
  • Then open OTL again and click the Posted Image button. Please post this log too.

============ Step three ============

There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\WINDOWS\System32\kbdycl32.dll
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

============ Step four ============

Run OTL again:

  • Click the Posted Image button at the top.
  • Under the Posted Image at the bottom, paste in the following

    C:\32788R22FWJFW\*.*
    C:\Apps\*.*
    

  • Then click the Posted Image button at the top
  • Let the program run unhindered and post the log it produces in your next reply.

============ Step five ============

Download aswMBR.exe to your desktop.

1. Double click the aswMBR.exe to run it
2. Click the "Scan" button to start scan
Note: if you use Avast, please disable the automatic scan: put AV engine to None.
Posted Image

3. On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

============ Step six ============

Please post the contents of the Extras.txt log from OTL in your next post. The file can be found at the same location as OTL.
If you can't fin it then we'll make a new one. Please run OTL again.

  • Press the Posted Image button.
  • Set the Extra Registry section to Use Safelist.
  • Press the Posted Image button.
When the scan completes, it will open a notepad window called Extras.Txt. It is saved in the same location as OTL. Please post this log.

- Maser00
  • 0

#3
tc.bd.walt

tc.bd.walt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks so much for the reply and help.

By the way, why is this OTL's fifths run?


I was attempting to do all I could before reaching out for help. After downloading OTL originally, I ran it a few times in between scans with the before mentioned tools, trying to decipher what I was seeing in the logs... Curiosity mostly.

I will follow the steps you have provided tomorrow and report back.
  • 0

#4
Aaron

Aaron

    Expert

  • Expert
  • 3,155 posts
OK, I'll wait for the logs :)
  • 0

#5
tc.bd.walt

tc.bd.walt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
============ Step one ============

I restarted in Safe Mode and checked Add/Remove for the listed programs. None of them were present. I believe they had all been removed previously.

============ Step two ============

I ran the custom Scan/Fix in OTL using the text you provided and rebooted. Here is the log that was produced.


============ OTL Log after Run Fix ============


All processes killed
========== OTL ==========
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..defaultengine
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..defaultenginename
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..order.1
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..selectedEngine
Prefs.js: "http://mp3tubetoolba...={searchTerms}" removed from browser.search..selectedEngineURL
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..defaultengine
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..defaultenginename
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..order.1
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..selectedEngine
Prefs.js: "http://mp3tubetoolba...={searchTerms}" removed from browser.search..selectedEngineURL
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..defaultengine
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..defaultenginename
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..order.1
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..selectedEngine
Prefs.js: "http://mp3tubetoolba...={searchTerms}" removed from browser.search..selectedEngineURL
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..defaultengine
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..defaultenginename
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..order.1
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..selectedEngine
Prefs.js: "http://mp3tubetoolba...={searchTerms}" removed from browser.search..selectedEngineURL
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..defaultengine
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..defaultenginename
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..order.1
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..selectedEngine
Prefs.js: "http://mp3tubetoolba...={searchTerms}" removed from browser.search..selectedEngineURL
Prefs.js: "http://mp3tubetoolba...b488410&subid=" removed from browser.startup.homepage
C:\Documents and Settings\Walt\Application Data\Mozilla\FireFox\Profiles\3bhrmaz8.default\user.js moved successfully.
File C:\Program Files\Mozilla Firefox\searchplugins\Mp3Tube.xml not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16bfe052-a9c7-11dd-b66c-001d099a4d14}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16bfe052-a9c7-11dd-b66c-001d099a4d14}\ not found.
File G:\Secured_Area.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16bfe052-a9c7-11dd-b66c-001d099a4d14}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16bfe052-a9c7-11dd-b66c-001d099a4d14}\ not found.
File G:\Secured_Area.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\ not found.
File Z:\Setup.exe not found.
Folder C:\Program Files\Mp3Tube Toolbar\ not found.
Folder C:\Documents and Settings\All Users\Application Data\FREEzeFrogSA\ not found.
C:\Program Files\FREEzeFrog\bin folder moved successfully.
C:\Program Files\FREEzeFrog folder moved successfully.
C:\Documents and Settings\Walt\Application Data\FREEzeFrog folder moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65\ not found.
C:\Program Files\QuestScan folder moved successfully.
C:\Documents and Settings\All Users\Application Data\QuestScan folder moved successfully.
C:\Documents and Settings\All Users\SPL3.tmp deleted successfully.
C:\Documents and Settings\All Users\SPL53.tmp deleted successfully.
C:\WINDOWS\system32\20d6b97d moved successfully.
C:\WINDOWS\system32\184068365 moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Apps\cmd.bat deleted successfully.
C:\Apps\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LogMeInRemoteUser.WALT_DESKTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Walt
->Temp folder emptied: 25984890 bytes
->Temporary Internet Files folder emptied: 704965617 bytes
->Java cache emptied: 5964 bytes
->FireFox cache emptied: 42300411 bytes
->Flash cache emptied: 9883 bytes

User: Walt.BENEFITDATA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: WALT~1~BEN

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76143 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 37864218 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2188834 bytes

Total Files Cleaned = 776.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser

User: LogMeInRemoteUser.WALT_DESKTOP

User: NetworkService

User: Walt
->Flash cache emptied: 0 bytes

User: Walt.BENEFITDATA
->Flash cache emptied: 0 bytes

User: WALT~1~BEN

Total Flash Files Cleaned = 0.00 mb

Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

OTL by OldTimer - Version 3.2.24.1 log created on 06242011_193721

Files\Folders moved on Reboot...
C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\Content.IE5\W5W4TV0C\ads[1].htm moved successfully.
C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\Content.IE5\QQI7E2RS\ads[5].htm moved successfully.
C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\Content.IE5\QQI7E2RS\ads[6].htm moved successfully.
C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\Content.IE5\QQI7E2RS\ads[7].htm moved successfully.
C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\Content.IE5\MT83H3GM\ac3[3].htm moved successfully.
C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\Content.IE5\CI5JL8TW\303026-help-search-engine-redirect-and-hidden-internet-radio[1].htm moved successfully.
C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\Content.IE5\36121MU6\ads[3].htm moved successfully.
C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\Content.IE5\36121MU6\ads[4].htm moved successfully.
File move failed. C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...


============ OTL Log after Quick Scan ============


OTL logfile created on: 6/25/2011 5:33:00 PM - Run 6
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Apps
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 80.06% Memory free
5.09 Gb Paging File | 4.49 Gb Available in Paging File | 88.29% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.02 Gb Total Space | 32.07 Gb Free Space | 21.52% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 137.50 Gb Free Space | 92.28% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive K: | 68.23 Gb Total Space | 46.67 Gb Free Space | 68.40% Space Free | Partition Type: NTFS
Drive O: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive S: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive T: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS

Computer Name: WALT_DESKTOP | User Name: Walt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Apps\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
PRC - C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\system32\lxebcoms.exe ( )
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Apps\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\LogMeIn\x86\LMIhook.000.dll (LogMeIn, Inc.)
MOD - C:\Program Files\Sunbelt Software\VIPRE\oehook.dll (Nektra S.A.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\snmpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rassapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mprapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\inetmib1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\activeds.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\adsldpc.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SBAMSvc) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SRV - (SBPIMSvc) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (lxeb_device) -- C:\WINDOWS\System32\lxebcoms.exe ( )
SRV - (lxebCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe ()


========== Driver Services (SafeList) ==========

DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (sbaphd) -- C:\WINDOWS\system32\drivers\sbaphd.sys (Sunbelt Software)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (vcdrom) -- C:\Documents and Settings\Walt\My Documents\Downloads\Jim\Extract\VCdRom.sys (Microsoft Corporation)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080611
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080611

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080611
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jim/office
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5A 69 7E 00 67 28 A7 4D 91 D5 62 B5 A4 45 5A ED [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: ""
FF - prefs.js..browser.search..defaultenginename: ""
FF - prefs.js..browser.search..order.1: ""
FF - prefs.js..browser.search..selectedEngine: ""
FF - prefs.js..browser.search..selectedEngineURL: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://mp3tubetoolba...removelink2&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/27 18:24:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 15:41:45 | 000,000,000 | ---D | M]

[2010/11/13 12:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Walt\Application Data\Mozilla\Extensions
[2011/06/23 10:58:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Walt\Application Data\Mozilla\Firefox\Profiles\3bhrmaz8.default\extensions
[2010/11/13 12:52:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Walt\Application Data\Mozilla\Firefox\Profiles\3bhrmaz8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/23 10:58:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/01 17:32:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/20 12:18:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/20 12:18:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/20 12:18:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/21 16:31:13 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [lxebmon.exe] C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1213633610906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Walt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/22 14:17:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/22 03:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/06/21 18:35:44 | 000,074,968 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011/06/21 18:35:43 | 000,021,592 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/06/21 18:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\Sunbelt
[2011/06/21 18:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2011/06/21 18:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sunbelt Software
[2011/06/21 18:28:04 | 000,212,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2011/06/21 18:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2011/06/21 16:31:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/21 10:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\Managed Antivirus
[2011/06/21 10:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Managed Antivirus
[2011/06/20 12:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/20 11:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VectorVest, Inc
[2011/06/20 01:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Start Menu\Programs\Logmein
[2011/06/20 01:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Start Menu\Programs\Firefox
[2011/06/19 01:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/19 01:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/19 01:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/18 13:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/18 13:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Start Menu\Programs\HiJackThis
[2011/06/17 23:28:53 | 000,169,472 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\kbdycl32.dll
[2011/06/17 08:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/06/15 10:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
[2011/06/15 10:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2011/06/15 09:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/06/15 09:34:04 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoin.dll
[2011/06/15 09:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2011/06/15 09:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2011/06/15 09:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lexmark
[2011/06/15 09:33:14 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebserv.dll
[2011/06/15 09:33:14 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebusb1.dll
[2011/06/15 09:33:14 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhbn3.dll
[2011/06/15 09:33:14 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebpmui.dll
[2011/06/15 09:33:14 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeblmpm.dll
[2011/06/15 09:33:14 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebinpa.dll
[2011/06/15 09:33:14 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEBhcp.dll
[2011/06/15 09:33:14 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebiesc.dll
[2011/06/15 09:33:14 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebih.exe
[2011/06/15 09:33:13 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomc.dll
[2011/06/15 09:33:13 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoms.exe
[2011/06/15 09:33:13 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcfg.exe
[2011/06/15 09:33:13 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomm.dll
[2011/06/15 09:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Pro200-S500 Series
[2011/06/15 03:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/06/14 22:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/14 20:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\SUPERAntiSpyware.com
[2011/06/14 20:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/14 20:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/14 20:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/14 13:53:37 | 000,000,000 | ---D | C] -- C:\Apps
[2011/06/14 13:51:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Walt\Recent
[2011/06/10 11:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VectorVest
[2011/06/10 11:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Local Settings\Application Data\Citrix
[2011/06/09 13:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2011/06/09 12:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Local Settings\Application Data\Help
[2011/06/09 12:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\Help
[2011/06/02 13:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\bgaDesktop
[2011/06/02 13:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\SureLC_Desktop
[2011/06/02 13:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

========== Files - Modified Within 30 Days ==========

[2011/06/25 17:26:25 | 000,001,324 | ---- | M] () -- C:\Documents and Settings\Walt\Local Settings\Application Data\d3d9caps.dat
[2011/06/25 17:21:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/25 17:21:47 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/25 14:05:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/25 13:42:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-924622083-92417848-350737671-1005UA.job
[2011/06/25 10:22:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/25 10:22:41 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/24 19:19:03 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/06/24 15:54:29 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Microsoft Office Outlook 2003 (2).lnk
[2011/06/24 12:14:06 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Microsoft Office Word 2003 (2).lnk
[2011/06/24 10:03:28 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Microsoft Office Excel 2003 (2).lnk
[2011/06/24 09:42:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-924622083-92417848-350737671-1005Core.job
[2011/06/23 10:48:40 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Shortcut to firefox (2).lnk
[2011/06/23 03:25:20 | 000,525,976 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/23 03:25:20 | 000,097,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/22 17:39:57 | 001,763,125 | ---- | M] () -- C:\Documents and Settings\Walt\My Documents\06-22-2011 05;39;53PM.PDF
[2011/06/22 15:41:45 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/22 14:17:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/22 13:59:56 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/06/21 18:28:05 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2011/06/21 16:31:13 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/21 16:02:23 | 000,000,254 | ---- | M] () -- C:\WINDOWS\System32\AgentDWQ.xml
[2011/06/21 11:25:16 | 000,001,190 | ---- | M] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2011/06/20 22:43:18 | 000,001,722 | -H-- | M] () -- C:\Documents and Settings\Walt\My Documents\Default.rdp
[2011/06/20 11:32:51 | 000,001,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VectorVest 7.lnk
[2011/06/18 13:02:00 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\HiJackThis.lnk
[2011/06/17 23:28:53 | 000,169,472 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\kbdycl32.dll
[2011/06/17 12:45:22 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/17 09:07:27 | 000,000,394 | ---- | M] () -- C:\WINDOWS\ASC.INI
[2011/06/17 09:07:23 | 000,000,651 | ---- | M] () -- C:\WINDOWS\RTIWIN.INI
[2011/06/17 08:36:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 10:30:20 | 000,210,305 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/06/15 09:33:38 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Lexmark Printer Home.LNK
[2011/06/14 22:22:49 | 000,017,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/14 20:17:54 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/14 08:01:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/10 11:23:07 | 000,103,720 | ---- | M] () -- C:\Documents and Settings\Walt\GoToAssistDownloadHelper.exe
[2011/06/09 15:49:16 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Microsoft Office Publisher 2003 (2).lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

========== Files Created - No Company Name ==========

[2011/06/25 10:22:41 | 3487,744,000 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/23 10:48:40 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Walt\Desktop\Shortcut to firefox (2).lnk
[2011/06/22 17:39:57 | 001,763,125 | ---- | C] () -- C:\Documents and Settings\Walt\My Documents\06-22-2011 05;39;53PM.PDF
[2011/06/22 15:41:45 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/22 15:41:45 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/22 14:17:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/22 13:59:44 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/06/21 18:28:05 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2011/06/21 16:02:23 | 000,000,254 | ---- | C] () -- C:\WINDOWS\System32\AgentDWQ.xml
[2011/06/21 11:25:16 | 000,001,190 | ---- | C] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2011/06/20 22:27:29 | 000,001,722 | -H-- | C] () -- C:\Documents and Settings\Walt\My Documents\Default.rdp
[2011/06/20 11:32:51 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VectorVest 7.lnk
[2011/06/18 13:02:00 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\Walt\Desktop\HiJackThis.lnk
[2011/06/17 12:45:22 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/15 09:34:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxebvs.dll
[2011/06/15 09:34:01 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxebcui.dll
[2011/06/15 09:34:01 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxebcuir.dll
[2011/06/15 09:34:01 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxebgcfg.dll
[2011/06/15 09:34:01 | 000,065,106 | ---- | C] () -- C:\WINDOWS\System32\lxebprpr.chm
[2011/06/15 09:34:01 | 000,008,694 | ---- | C] () -- C:\WINDOWS\System32\lxebcommuilogo_rtl.bmp
[2011/06/15 09:34:01 | 000,008,694 | ---- | C] () -- C:\WINDOWS\System32\lxebcommuilogo.bmp
[2011/06/15 09:33:38 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Lexmark Printer Home.LNK
[2011/06/15 09:33:14 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEBinst.dll
[2011/06/15 09:33:14 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxebins.dll
[2011/06/15 09:33:14 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxebinsb.dll
[2011/06/15 09:33:14 | 000,210,305 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/06/15 09:33:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxebgrd.dll
[2011/06/15 09:33:14 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxebinsr.dll
[2011/06/15 09:33:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxebcub.dll
[2011/06/15 09:33:14 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxebjswr.dll
[2011/06/15 09:33:13 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxebcu.dll
[2011/06/15 09:33:13 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxebcur.dll
[2011/06/15 09:33:13 | 000,002,110 | ---- | C] () -- C:\WINDOWS\System32\lxeb.loc
[2011/06/14 22:22:49 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/14 20:17:54 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/10 11:23:06 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\Walt\GoToAssistDownloadHelper.exe
[2011/05/09 17:04:24 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/24 09:42:49 | 004,426,657 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-924622083-92417848-350737671-1005-0.dat
[2011/02/24 09:42:49 | 000,242,190 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/21 11:04:39 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEBsm.dll
[2011/01/21 11:04:39 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEBsmr.dll
[2010/11/24 20:06:36 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Walt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/22 10:47:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/13 12:51:22 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\Walt\Local Settings\Application Data\d3d9caps.dat
[2010/10/14 03:21:36 | 010,869,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/23 10:50:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/27 18:15:16 | 000,173,049 | ---- | C] () -- C:\WINDOWS\hpwins21.dat
[2009/11/27 18:15:16 | 000,000,428 | ---- | C] () -- C:\WINDOWS\hpwmdl21.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/24 14:29:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NPLSecureps.dll
[2009/03/24 14:23:00 | 000,000,184 | ---- | C] () -- C:\WINDOWS\bti.ini
[2009/03/24 14:22:00 | 000,043,760 | ---- | C] () -- C:\WINDOWS\System32\nwlocale.dll
[2009/03/24 14:14:31 | 000,000,651 | ---- | C] () -- C:\WINDOWS\RTIWIN.INI
[2009/03/24 14:08:09 | 000,000,394 | ---- | C] () -- C:\WINDOWS\ASC.INI
[2009/02/06 16:16:37 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2008/06/17 09:37:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBFC.dat
[2008/06/16 16:35:52 | 000,000,515 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/06/16 16:24:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/06/16 16:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/06/16 16:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/06/16 16:15:54 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2008/06/16 16:15:53 | 000,007,102 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2008/06/16 14:29:40 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2008/06/16 13:21:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/06/16 11:52:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/16 11:18:37 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Walt\Local Settings\Application Data\fusioncache.dat
[2008/06/11 15:25:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/11 15:20:46 | 000,000,232 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/11 14:58:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/06/11 14:58:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/06/11 14:58:08 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/06/11 14:58:07 | 000,151,367 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/06/11 14:58:07 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/06/11 14:58:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/06/11 14:57:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/06/11 14:57:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/06/11 14:55:47 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/14 17:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,246,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,525,976 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,097,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/02/27 06:00:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\MapGMem.dll

========== LOP Check ==========

[2010/05/08 14:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/12/08 11:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/10/29 09:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fund Manager
[2010/06/25 12:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gecko Software
[2009/10/30 11:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GrebleSoft
[2011/06/14 22:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/02/22 17:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro200-S500 Series
[2011/06/25 10:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/06/21 10:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Managed Antivirus
[2011/06/21 12:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/06/09 13:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2009/06/03 17:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/06/25 12:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TNT-HF
[2011/06/02 13:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\bgaDesktop
[2010/11/13 12:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\FileOpen
[2011/04/01 12:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Fund Manager
[2011/05/09 17:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Insurance Technologies
[2010/11/13 12:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Leadertech
[2011/06/21 10:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Managed Antivirus
[2010/11/13 12:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Steele Systems
[2010/11/13 12:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Techsmith
[2010/11/13 12:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\TurboMeeting
[2010/11/13 12:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\VectorVest, Inc
[2011/06/16 14:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\webex

========== Purity Check ==========



< End of report >



============ Step three ============

Virscan.org report on file 'C:\WINDOWS\System32\kbdycl32.dll'


VirSCAN.org Scanned Report :
Scanned time : 2011/06/26 06:47:28 (CST)
Scanner results: 11% Scanner(s) (4/37) found malware!
File Name : kbdycl32.dll
File Size : 169472 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 5d3a3feea8bb595a109a2a4de91eccc4
SHA1 : 8c70e827045addb67e16c22c5510816ec58a4dbc
Online report : http://file.virscan....3f1d0997ca.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110625143734 2011-06-25 5.49 Gen.Variant.Kazy!IK
AhnLab V3 2011.06.26.00 2011.06.26 2011-06-26 1.74 -
AntiVir 8.2.5.24 7.11.10.104 2011-06-24 0.27 TR/Kazy.27226.3
Antiy 2.0.18 20110205.7694535 2011-02-05 0.12 -
Arcavir 2011 201105080215 2011-05-08 0.05 -
Authentium 5.1.1 201106241321 2011-06-24 1.48 -
AVAST! 4.7.4 110625-1 2011-06-25 0.02 -
AVG 8.5.850 271.1.1/3726 2011-06-26 0.25 -
BitDefender 7.90123.7406640 7.37559 2011-05-24 0.00 -
ClamAV 0.96.5 13238 2011-06-25 0.04 -
Comodo 4.0 9188 2011-06-25 1.35 -
CP Secure 1.3.0.5 2011.06.25 2011-06-25 0.07 -
Dr.Web 5.0.2.3300 2011.06.26 2011-06-26 12.88 -
F-Prot 4.4.4.56 20110624 2011-06-24 1.45 -
F-Secure 7.02.73807 2011.06.25.01 2011-06-25 0.20 -
Fortinet 4.2.257 13.362 2011-06-25 0.18 -
GData 22.719/22.185 20110625 2011-06-25 9.19 -
ViRobot 20110625 2011.06.25 2011-06-25 0.38 -
Ikarus T3.1.32.20.0 2011.06.25.78679 2011-06-25 4.58 Gen.Variant.Kazy
JiangMin 13.0.900 2011.06.25 2011-06-25 1.67 -
Kaspersky 5.5.10 2011.06.25 2011-06-25 0.11 -
KingSoft 2009.2.5.15 2011.6.25.9 2011-06-25 0.93 -
McAfee 5400.1158 6388 2011-06-25 9.20 -
Microsoft 1.7000 2011.06.26 2011-06-26 3.69 -
NOD32 3.0.21 6238 2011-06-25 0.00 -
Norman 6.07.10 6.07.00 2011-06-25 14.02 -
Panda 9.05.01 2011.06.24 2011-06-24 3.02 -
Trend Micro 9.200-1012 8.248.04 2011-06-25 0.04 -
Quick Heal 11.00 2011.06.25 2011-06-25 0.98 -
Rising 20.0 23.63.04.01 2011-06-24 2.37 -
Sophos 3.20.2 4.66 2011-06-26 3.66 Troj/FakeAV-EBX
Sunbelt 3.9.2496.2 9692 2011-06-25 2.10 -
Symantec 1.3.0.24 20110625.002 2011-06-25 0.05 -
nProtect 20110601.01 3460661 2011-06-01 6.46 -
The Hacker 6.7.0.1 v00176 2011-04-18 0.46 -
VBA32 3.12.16.3 20110624.1226 2011-06-24 4.38 -
VirusBuster 5.3.0.4 14.0.95.0/5473098 2011-06-25 0.00 -




============ Step four ============


============ OTL Log after Custom Run Scan ============


OTL logfile created on: 6/25/2011 5:59:07 PM - Run 7
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Apps
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 79.25% Memory free
5.09 Gb Paging File | 4.48 Gb Available in Paging File | 88.15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.02 Gb Total Space | 32.07 Gb Free Space | 21.52% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 137.50 Gb Free Space | 92.28% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive K: | 68.23 Gb Total Space | 46.67 Gb Free Space | 68.40% Space Free | Partition Type: NTFS
Drive O: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive S: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive T: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS

Computer Name: WALT_DESKTOP | User Name: Walt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< C:\32788R22FWJFW\*.* >

< C:\Apps\*.* >
[2011/06/19 06:50:38 | 000,002,353 | ---- | M] () -- C:\Apps\ESET online scanner - 2011-06-19.txt
[2011/01/01 01:14:00 | 000,002,254 | ---- | M] () -- C:\Apps\eula.txt
[2011/06/14 22:22:13 | 006,470,464 | ---- | M] (SurfRight B.V.) -- C:\Apps\HitmanPro35.exe
[2011/06/14 13:57:17 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Apps\mbam-setup-1.51.0.1200.exe
[2011/06/19 20:41:02 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Apps\OTL.exe
[2011/06/14 13:34:25 | 001,007,120 | ---- | M] () -- C:\Apps\rkill.exe
[2011/06/19 01:01:28 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Apps\spybotsd162.exe
[2011/06/14 14:23:50 | 011,401,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Apps\SUPERAntiSpyware.exe
[2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Apps\tdsskiller.exe

< End of report >



============ Step five ============

I downloaded and ran aswMBR. When it first started, it said something about how it "could use Avast Virus Definitions for the scan," did I want to download them. Since you didn't mention that, I clicked now before clicking Scan. Let me know if you want me to do it again using the Avast definitions.


============ aswMBR Log ============

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-25 18:03:41
-----------------------------
18:03:41.625 OS Version: Windows 5.1.2600 Service Pack 3
18:03:41.625 Number of processors: 4 586 0xF0B
18:03:41.625 ComputerName: WALT_DESKTOP UserName: Walt
18:03:42.203 Initialize success
18:05:12.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:05:12.187 Disk 0 Vendor: ST3320620AS 3.ADJ Size: 305245MB BusType: 3
18:05:14.203 Disk 0 MBR read successfully
18:05:14.218 Disk 0 MBR scan
18:05:14.218 Disk 0 Windows XP default MBR code
18:05:16.218 Disk 0 scanning sectors +625137345
18:05:16.250 Disk 0 scanning C:\WINDOWS\system32\drivers
18:05:20.156 Service scanning
18:05:20.937 Disk 0 trace - called modules:
18:05:20.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8aef81ed]<<
18:05:20.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af31ab8]
18:05:20.937 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8af2cf18]
18:05:20.937 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8af7bd98]
18:05:20.953 \Driver\atapi[0x8af2e3b8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8aef81ed
18:05:20.953 Scan finished successfully
18:06:11.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Walt\Desktop\MBR.dat"
18:06:11.125 The log file has been saved successfully to "C:\Documents and Settings\Walt\Desktop\aswMBR.txt"



============ Step six ============


============ Extras.Txt ============

OTL Extras logfile created on: 6/25/2011 6:15:59 PM - Run 8
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Apps
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.54% Memory free
5.09 Gb Paging File | 4.28 Gb Available in Paging File | 84.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.02 Gb Total Space | 32.01 Gb Free Space | 21.48% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 137.50 Gb Free Space | 92.28% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive K: | 68.23 Gb Total Space | 46.67 Gb Free Space | 68.40% Space Free | Partition Type: NTFS
Drive O: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive S: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive T: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS

Computer Name: WALT_DESKTOP | User Name: Walt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"135:TCP" = 135:TCP:LocalSubNet:Enabled:NPLSecure

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"D:\FT\FT4WIN\ftwinapp.exe" = D:\FT\FT4WIN\ftwinapp.exe:*:Enabled:FastTrack Communications Software -- (Investors FastTrack)
"C:\Program Files\Xpress Mail\Professional Editon\XpressMailDesktopClient.exe" = C:\Program Files\Xpress Mail\Professional Editon\XpressMailDesktopClient.exe:*:Enabled:XpressMailDesktopClient
"\\bds01\asc\NPL\RTIWIN32.EXE" = \\bds01\asc\NPL\RTIWIN32.EXE:LocalSubNet:Enabled:rtiwin32.exe
"\\bds01\asc\NPL\rtpwin32.exe" = \\bds01\asc\NPL\rtpwin32.exe:LocalSubNet:Enabled:rtpwin32.exe
"C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE" = C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE:*:Enabled:Microsoft Office FrontPage
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\WINDOWS\system32\msftedit32.exe" = C:\WINDOWS\system32\msftedit32.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\atikvmag32.exe" = C:\WINDOWS\system32\atikvmag32.exe:*:Enabled:Windows Update Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Xpress Mail\Professional Editon\XpressMailDesktopClient.exe" = C:\Program Files\Xpress Mail\Professional Editon\XpressMailDesktopClient.exe:*:Disabled:XpressMailDesktopClient
"D:\FT\FT4WIN\ftwinapp.exe" = D:\FT\FT4WIN\ftwinapp.exe:*:Enabled:FastTrack Communications Software -- (Investors FastTrack)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
"\\bds01\asc\NPL\RTIWIN32.EXE" = \\bds01\asc\NPL\RTIWIN32.EXE:*:Disabled:RTIWIN32
"C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\WINDOWS\system32\lxebcoms.exe" = C:\WINDOWS\system32\lxebcoms.exe:*:Enabled:Pro200-S500 Series Server -- ( )
"C:\WINDOWS\system32\msftedit32.exe" = C:\WINDOWS\system32\msftedit32.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\system32\atikvmag32.exe" = C:\WINDOWS\system32\atikvmag32.exe:*:Enabled:Windows Update Service


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2474940F-E12A-4BB4-A574-D925573FE9BC}" = WebEx Meeting Manager for Internet Explorer
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32611749-470C-427F-B631-7621B16AA604}" = Track 'n Trade Live
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39A3DC93-4EE4-40A8-A85E-6188BDABD651}" = Pervasive.SQL V8 Client (v8.6)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4CAB57E8-3B9A-4E2D-80FE-D7846BEDCF5F}" = Track 'n Trade Live
"{542C0F0B-FBDF-45d9-AF8A-345C1A9B5AE3}" = 8000A809
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
"{65F9D1CB-4B9E-82E4-4D2D-B01C53395B9A}" = SureLC Desktop
"{666A81D6-8826-47FA-AF88-67B880A362DB}" = VIPRE Antivirus
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{671B4BAD-D681-4d29-9498-D8BF3F1A389D}" = BPDSoftware
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A3F98BA-338E-49a1-9D79-D786A83E6621}" = HP Officejet Pro 8000 A809 Series
"{6E4EE9B5-F69D-4455-B430-40FA5F0DC988}" = ProductContext
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7370C0A9-327E-4A56-A611-EE9D69AA75C0}" = VectorVest 7
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{7780C740-C674-11D2-A431-0040C77908EF}" = STEELE Mutual Fund Expert
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{7F94FB03-6617-4442-9817-CDDB36EAE529}" = 8000A809_eDocs
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{86BC184E-CFCD-48D5-829A-666A36C6ACC9}" = 8000A809_Help
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C8556D0-D07C-11D4-92A3-0040055A8106}" = NPL
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95F9D960-C571-11D0-90F0-00001B1EFBA8}" = QuickBooks Pro 2001
"{9876EC91-D77E-4EDD-8885-6DAA560C1C0E}" = FastTrack Communications
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6B82920-25DD-41B5-A680-5B6FB65BA6D9}" = VectorVest U.S.
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFB69549-3AAE-4433-A99B-673B8A513379}" = BPDSoftware_Ini
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B10A30CF-CCFF-4056-9ABC-F8D42BDF141F}" = myPrintMileage (Officejet Pro 8000 A809)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BE66348A-E83F-4982-941F-DFF2F742B851}" = Microsoft Office Live Meeting 2007
"{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Antivirus
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D12CD09C-BFEE-4B6F-A7F7-054AEA2E369C}" = Network Recording Player
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{EE532913-7C50-40CF-A1FB-07BC11CD5E47}" = Ohio National Product Illustrations
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"bgaDesktop" = SureLC Desktop
"Blend_4.0.20525.0" = Microsoft Expression Blend 4
"C333CF5AF8E48DB2BA7D6C7D7C5BC69A5C8CF7BF" = Windows Driver Package - Intel (e1express) Net (12/04/2008 9.12.36.0)
"CodeStuff Starter" = CodeStuff Starter
"Design_7.0.20516.0" = Microsoft Expression Design 4
"Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
"Fund Manager" = Fund Manager
"FXOrder2Go" = FXOrder2Go
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"ST6UNST #1" = ASC Components
"thinkorswim" = thinkorswim
"thinkpipes" = thinkpipes
"TurboMeeting" = TurboMeeting
"VLC media player" = VLC media player 0.9.6
"Web_4.0.1165.0" = Microsoft Expression Web 4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect Add-in" = Adobe Connect Add-in
"e198fe59e6db0240" = Allianz ForeSight Console 5.1.6.48
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/21/2011 4:54:25 PM | Computer Name = WALT_DESKTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\689b9.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/21/2011 4:59:27 PM | Computer Name = WALT_DESKTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\689b9.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/21/2011 5:03:15 PM | Computer Name = WALT_DESKTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\689b9.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/21/2011 5:03:16 PM | Computer Name = WALT_DESKTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\689b9.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/21/2011 5:08:16 PM | Computer Name = WALT_DESKTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\689b9.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/21/2011 5:13:16 PM | Computer Name = WALT_DESKTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\689b9.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/21/2011 5:18:17 PM | Computer Name = WALT_DESKTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\689b9.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/21/2011 5:23:46 PM | Computer Name = WALT_DESKTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\689b9.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/21/2011 5:28:50 PM | Computer Name = WALT_DESKTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\689b9.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/23/2011 9:43:19 AM | Computer Name = WALT_DESKTOP | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ System Events ]
Error - 6/24/2011 8:20:34 PM | Computer Name = WALT_DESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/24/2011 8:20:34 PM | Computer Name = WALT_DESKTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm SASDIFSV SASKUTIL sbaphd

Error - 6/24/2011 8:22:50 PM | Computer Name = WALT_DESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 6/24/2011 8:30:52 PM | Computer Name = WALT_DESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/24/2011 8:37:22 PM | Computer Name = WALT_DESKTOP | Source = Service Control Manager | ID = 7034
Description = The LogMeIn service terminated unexpectedly. It has done this 1 time(s).

Error - 6/24/2011 8:37:22 PM | Computer Name = WALT_DESKTOP | Source = Service Control Manager | ID = 7034
Description = The SB Recovery Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/24/2011 8:37:57 PM | Computer Name = WALT_DESKTOP | Source = Service Control Manager | ID = 7034
Description = The VIPRE Antivirus service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/25/2011 11:22:06 AM | Computer Name = WALT_DESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/25/2011 11:23:30 AM | Computer Name = WALT_DESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxebCATSCustConnectService
service to connect.

Error - 6/25/2011 11:23:30 AM | Computer Name = WALT_DESKTOP | Source = Service Control Manager | ID = 7000
Description = The lxebCATSCustConnectService service failed to start due to the
following error: %%1053


< End of report >
  • 0

#6
Aaron

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi again,

We still got some work to do here :)
There is also a driver loaded from a strange location: C:\Documents and Settings\Walt\My Documents\Downloads\Jim\Extract\VCdRom.sys. However, I would not remove or replace this file as this could cause BSOD's.

============ Step one ============

Run OTL again

  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    FF - prefs.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="
    [2011/06/21 16:02:23 | 000,000,254 | ---- | M] () -- C:\WINDOWS\System32\AgentDWQ.xml
    [1998/02/27 06:00:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\MapGMem.dll
    [2011/06/17 10:26:28 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    
    :Services
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\msftedit32.exe"=-
    "C:\WINDOWS\system32\atikvmag32.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "D:\FT\FT4WIN\ftwinapp.exe"=-
    "C:\WINDOWS\system32\msftedit32.exe"=-
    "C:\WINDOWS\system32\atikvmag32.exe"=-
    
    :Files
    C:\WINDOWS\system32\msftedit32.exe
    C:\WINDOWS\system32\atikvmag32.exe
    
    :Commands
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the log it produces.
  • Then open OTL again and click the Posted Image button. Please post this log too.

============ Step two ============

Run OTL again:

  • Click the Posted Image button at the top.
  • Under the Posted Image at the bottom, paste in the following

    /MD5START
    rtiwin32.exe
    rtpwin32.exe
    /MD5STOP
    

  • Then click the Posted Image button at the top
  • Let the program run unhindered and post the log it produces in your next reply.

============ Step three ============

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

- Maser00
  • 0

#7
tc.bd.walt

tc.bd.walt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sounds good.

I am away from that computer today, but will run through these steps tomorrow (Monday) morning and post back the logs.
  • 0

#8
Aaron

Aaron

    Expert

  • Expert
  • 3,155 posts
No problem :)
  • 0

#9
tc.bd.walt

tc.bd.walt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
============ Step one ============


============ OTL Log after Custom Run Fix ============


All processes killed
========== OTL ==========
Prefs.js: "http://mp3tubetoolba...removelink2&q=" removed from keyword.URL
C:\WINDOWS\system32\AgentDWQ.xml moved successfully.
C:\WINDOWS\system32\MapGMem.dll moved successfully.
Folder C:\32788R22FWJFW\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\msftedit32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\atikvmag32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\FT\FT4WIN\ftwinapp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\msftedit32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\atikvmag32.exe deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\msftedit32.exe not found.
File\Folder C:\WINDOWS\system32\atikvmag32.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LogMeInRemoteUser.WALT_DESKTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Walt
->Temp folder emptied: 4795 bytes
->Temporary Internet Files folder emptied: 107258979 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1529 bytes

User: Walt.BENEFITDATA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: WALT~1~BEN

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3500 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 102.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser

User: LogMeInRemoteUser.WALT_DESKTOP

User: NetworkService

User: Walt
->Flash cache emptied: 0 bytes

User: Walt.BENEFITDATA
->Flash cache emptied: 0 bytes

User: WALT~1~BEN

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06262011_124700

Files\Folders moved on Reboot...
C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\Content.IE5\YXAD81IT\emily[2].htm moved successfully.
C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\Content.IE5\YXAD81IT\mutual-funds-vs[1].htm moved successfully.
C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\Content.IE5\YXAD81IT\popup[1].js moved successfully.
C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\Content.IE5\YXAD81IT\xd_receiver[1].htm moved successfully.
C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\Content.IE5\SMTJAYJ5\fw-nonplayer-banner[1].htm moved successfully.
C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\Content.IE5\SMTJAYJ5\yssr[1].htm moved successfully.
C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\Content.IE5\Q1KJLAUZ\login_status[2].htm moved successfully.
File move failed. C:\Documents and Settings\Walt\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...



============ OTL Log after Quick Scan ============





OTL logfile created on: 6/27/2011 11:09:46 AM - Run 9
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Apps
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 82.65% Memory free
5.09 Gb Paging File | 4.60 Gb Available in Paging File | 90.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.02 Gb Total Space | 32.12 Gb Free Space | 21.56% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 137.50 Gb Free Space | 92.28% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive K: | 68.23 Gb Total Space | 46.49 Gb Free Space | 68.13% Space Free | Partition Type: NTFS
Drive O: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive S: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive T: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS

Computer Name: WALT_DESKTOP | User Name: Walt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Apps\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
PRC - C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\system32\lxebcoms.exe ( )
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Apps\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\LogMeIn\x86\LMIhook.000.dll (LogMeIn, Inc.)
MOD - C:\Program Files\Sunbelt Software\VIPRE\oehook.dll (Nektra S.A.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\snmpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rassapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mprapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\inetmib1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\activeds.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\adsldpc.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SBAMSvc) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SRV - (SBPIMSvc) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (lxeb_device) -- C:\WINDOWS\System32\lxebcoms.exe ( )
SRV - (lxebCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe ()


========== Driver Services (SafeList) ==========

DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (sbaphd) -- C:\WINDOWS\system32\drivers\sbaphd.sys (Sunbelt Software)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (vcdrom) -- C:\Documents and Settings\Walt\My Documents\Downloads\Jim\Extract\VCdRom.sys (Microsoft Corporation)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080611
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080611

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080611
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jim/office
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5A 69 7E 00 67 28 A7 4D 91 D5 62 B5 A4 45 5A ED [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: ""
FF - prefs.js..browser.search..defaultenginename: ""
FF - prefs.js..browser.search..order.1: ""
FF - prefs.js..browser.search..selectedEngine: ""
FF - prefs.js..browser.search..selectedEngineURL: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/27 18:24:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 15:41:45 | 000,000,000 | ---D | M]

[2010/11/13 12:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Walt\Application Data\Mozilla\Extensions
[2011/06/23 10:58:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Walt\Application Data\Mozilla\Firefox\Profiles\3bhrmaz8.default\extensions
[2010/11/13 12:52:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Walt\Application Data\Mozilla\Firefox\Profiles\3bhrmaz8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/23 10:58:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/01 17:32:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/20 12:18:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/20 12:18:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/20 12:18:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/26 12:47:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [lxebmon.exe] C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1213633610906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Walt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/25 18:03:16 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Walt\Desktop\aswMBR.exe
[2011/06/22 14:17:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/22 03:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/06/21 18:35:44 | 000,074,968 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011/06/21 18:35:43 | 000,021,592 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/06/21 18:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\Sunbelt
[2011/06/21 18:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2011/06/21 18:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sunbelt Software
[2011/06/21 18:28:04 | 000,212,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2011/06/21 18:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2011/06/21 16:31:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/21 10:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\Managed Antivirus
[2011/06/21 10:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Managed Antivirus
[2011/06/20 12:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/20 11:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VectorVest, Inc
[2011/06/20 01:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Start Menu\Programs\Logmein
[2011/06/20 01:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Start Menu\Programs\Firefox
[2011/06/19 01:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/19 01:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/19 01:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/18 13:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/18 13:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Start Menu\Programs\HiJackThis
[2011/06/17 23:28:53 | 000,169,472 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\kbdycl32.dll
[2011/06/17 08:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/06/15 10:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
[2011/06/15 10:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2011/06/15 09:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/06/15 09:34:04 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoin.dll
[2011/06/15 09:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2011/06/15 09:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2011/06/15 09:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lexmark
[2011/06/15 09:33:14 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebserv.dll
[2011/06/15 09:33:14 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebusb1.dll
[2011/06/15 09:33:14 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhbn3.dll
[2011/06/15 09:33:14 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebpmui.dll
[2011/06/15 09:33:14 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeblmpm.dll
[2011/06/15 09:33:14 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebinpa.dll
[2011/06/15 09:33:14 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEBhcp.dll
[2011/06/15 09:33:14 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebiesc.dll
[2011/06/15 09:33:14 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebih.exe
[2011/06/15 09:33:13 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomc.dll
[2011/06/15 09:33:13 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoms.exe
[2011/06/15 09:33:13 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcfg.exe
[2011/06/15 09:33:13 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomm.dll
[2011/06/15 09:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Pro200-S500 Series
[2011/06/15 03:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/06/14 22:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/14 20:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\SUPERAntiSpyware.com
[2011/06/14 20:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/14 20:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/14 20:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/14 13:53:37 | 000,000,000 | ---D | C] -- C:\Apps
[2011/06/14 13:51:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Walt\Recent
[2011/06/10 11:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VectorVest
[2011/06/10 11:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Local Settings\Application Data\Citrix
[2011/06/09 13:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2011/06/09 12:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Local Settings\Application Data\Help
[2011/06/09 12:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\Help
[2011/06/02 13:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\bgaDesktop
[2011/06/02 13:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\SureLC_Desktop
[2011/06/02 13:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

========== Files - Modified Within 30 Days ==========

[2011/06/27 11:05:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/27 11:05:40 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/27 11:05:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/27 10:42:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-924622083-92417848-350737671-1005UA.job
[2011/06/27 10:18:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/27 10:18:29 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/27 10:18:03 | 000,001,682 | ---- | M] () -- C:\WINDOWS\System32\EmailAVConfig.xml
[2011/06/27 10:17:29 | 000,001,324 | ---- | M] () -- C:\Documents and Settings\Walt\Local Settings\Application Data\d3d9caps.dat
[2011/06/27 10:02:48 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Microsoft Office Outlook 2003 (2).lnk
[2011/06/27 09:42:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-924622083-92417848-350737671-1005Core.job
[2011/06/26 12:47:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/25 18:06:11 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\MBR.dat
[2011/06/25 18:03:18 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Walt\Desktop\aswMBR.exe
[2011/06/24 19:19:03 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/06/24 12:14:06 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Microsoft Office Word 2003 (2).lnk
[2011/06/24 10:03:28 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Microsoft Office Excel 2003 (2).lnk
[2011/06/23 10:48:40 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Shortcut to firefox (2).lnk
[2011/06/23 03:25:20 | 000,525,976 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/23 03:25:20 | 000,097,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/22 17:39:57 | 001,763,125 | ---- | M] () -- C:\Documents and Settings\Walt\My Documents\06-22-2011 05;39;53PM.PDF
[2011/06/22 15:41:45 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/22 14:17:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/22 13:59:56 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/06/21 18:28:05 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2011/06/21 11:25:16 | 000,001,190 | ---- | M] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2011/06/20 22:43:18 | 000,001,722 | -H-- | M] () -- C:\Documents and Settings\Walt\My Documents\Default.rdp
[2011/06/20 11:32:51 | 000,001,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VectorVest 7.lnk
[2011/06/18 13:02:00 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\HiJackThis.lnk
[2011/06/17 23:28:53 | 000,169,472 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\kbdycl32.dll
[2011/06/17 12:45:22 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/17 09:07:27 | 000,000,394 | ---- | M] () -- C:\WINDOWS\ASC.INI
[2011/06/17 09:07:23 | 000,000,651 | ---- | M] () -- C:\WINDOWS\RTIWIN.INI
[2011/06/17 08:36:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 10:30:20 | 000,210,305 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/06/15 09:33:38 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Lexmark Printer Home.LNK
[2011/06/14 22:22:49 | 000,017,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/14 20:17:54 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/14 08:01:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/10 11:23:07 | 000,103,720 | ---- | M] () -- C:\Documents and Settings\Walt\GoToAssistDownloadHelper.exe
[2011/06/09 15:49:16 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Microsoft Office Publisher 2003 (2).lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

========== Files Created - No Company Name ==========

[2011/06/27 10:18:03 | 000,001,682 | ---- | C] () -- C:\WINDOWS\System32\EmailAVConfig.xml
[2011/06/25 18:06:11 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Walt\Desktop\MBR.dat
[2011/06/25 10:22:41 | 3487,744,000 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/23 10:48:40 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Walt\Desktop\Shortcut to firefox (2).lnk
[2011/06/22 17:39:57 | 001,763,125 | ---- | C] () -- C:\Documents and Settings\Walt\My Documents\06-22-2011 05;39;53PM.PDF
[2011/06/22 15:41:45 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/22 15:41:45 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/22 14:17:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/22 13:59:44 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/06/21 18:28:05 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2011/06/21 11:25:16 | 000,001,190 | ---- | C] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2011/06/20 22:27:29 | 000,001,722 | -H-- | C] () -- C:\Documents and Settings\Walt\My Documents\Default.rdp
[2011/06/20 11:32:51 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VectorVest 7.lnk
[2011/06/18 13:02:00 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\Walt\Desktop\HiJackThis.lnk
[2011/06/17 12:45:22 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/15 09:34:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxebvs.dll
[2011/06/15 09:34:01 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxebcui.dll
[2011/06/15 09:34:01 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxebcuir.dll
[2011/06/15 09:34:01 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxebgcfg.dll
[2011/06/15 09:34:01 | 000,065,106 | ---- | C] () -- C:\WINDOWS\System32\lxebprpr.chm
[2011/06/15 09:34:01 | 000,008,694 | ---- | C] () -- C:\WINDOWS\System32\lxebcommuilogo_rtl.bmp
[2011/06/15 09:34:01 | 000,008,694 | ---- | C] () -- C:\WINDOWS\System32\lxebcommuilogo.bmp
[2011/06/15 09:33:38 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Lexmark Printer Home.LNK
[2011/06/15 09:33:14 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEBinst.dll
[2011/06/15 09:33:14 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxebins.dll
[2011/06/15 09:33:14 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxebinsb.dll
[2011/06/15 09:33:14 | 000,210,305 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/06/15 09:33:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxebgrd.dll
[2011/06/15 09:33:14 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxebinsr.dll
[2011/06/15 09:33:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxebcub.dll
[2011/06/15 09:33:14 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxebjswr.dll
[2011/06/15 09:33:13 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxebcu.dll
[2011/06/15 09:33:13 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxebcur.dll
[2011/06/15 09:33:13 | 000,002,110 | ---- | C] () -- C:\WINDOWS\System32\lxeb.loc
[2011/06/14 22:22:49 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/14 20:17:54 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/10 11:23:06 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\Walt\GoToAssistDownloadHelper.exe
[2011/05/09 17:04:24 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/24 09:42:49 | 004,426,657 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-924622083-92417848-350737671-1005-0.dat
[2011/02/24 09:42:49 | 000,242,190 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/21 11:04:39 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEBsm.dll
[2011/01/21 11:04:39 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEBsmr.dll
[2010/11/24 20:06:36 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Walt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/22 10:47:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/13 12:51:22 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\Walt\Local Settings\Application Data\d3d9caps.dat
[2010/10/14 03:21:36 | 010,869,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/23 10:50:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/27 18:15:16 | 000,173,049 | ---- | C] () -- C:\WINDOWS\hpwins21.dat
[2009/11/27 18:15:16 | 000,000,428 | ---- | C] () -- C:\WINDOWS\hpwmdl21.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/24 14:29:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NPLSecureps.dll
[2009/03/24 14:23:00 | 000,000,184 | ---- | C] () -- C:\WINDOWS\bti.ini
[2009/03/24 14:22:00 | 000,043,760 | ---- | C] () -- C:\WINDOWS\System32\nwlocale.dll
[2009/03/24 14:14:31 | 000,000,651 | ---- | C] () -- C:\WINDOWS\RTIWIN.INI
[2009/03/24 14:08:09 | 000,000,394 | ---- | C] () -- C:\WINDOWS\ASC.INI
[2009/02/06 16:16:37 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2008/06/17 09:37:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBFC.dat
[2008/06/16 16:35:52 | 000,000,515 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/06/16 16:24:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/06/16 16:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/06/16 16:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/06/16 16:15:54 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2008/06/16 16:15:53 | 000,007,102 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2008/06/16 14:29:40 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2008/06/16 13:21:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/06/16 11:52:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/16 11:18:37 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Walt\Local Settings\Application Data\fusioncache.dat
[2008/06/11 15:25:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/11 15:20:46 | 000,000,232 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/11 14:58:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/06/11 14:58:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/06/11 14:58:08 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/06/11 14:58:07 | 000,151,367 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/06/11 14:58:07 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/06/11 14:58:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/06/11 14:57:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/06/11 14:57:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/06/11 14:55:47 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/14 17:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,246,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,525,976 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,097,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/05/08 14:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/12/08 11:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/10/29 09:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fund Manager
[2010/06/25 12:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gecko Software
[2009/10/30 11:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GrebleSoft
[2011/06/14 22:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/02/22 17:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro200-S500 Series
[2011/06/27 09:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/06/21 10:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Managed Antivirus
[2011/06/21 12:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/06/09 13:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2009/06/03 17:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/06/25 12:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TNT-HF
[2011/06/02 13:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\bgaDesktop
[2010/11/13 12:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\FileOpen
[2011/04/01 12:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Fund Manager
[2011/05/09 17:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Insurance Technologies
[2010/11/13 12:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Leadertech
[2011/06/21 10:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Managed Antivirus
[2010/11/13 12:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Steele Systems
[2010/11/13 12:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Techsmith
[2010/11/13 12:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\TurboMeeting
[2010/11/13 12:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\VectorVest, Inc
[2011/06/16 14:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\webex

========== Purity Check ==========



< End of report >




============ Step two ============


============ OTL Log after Custom Run Scan ============


OTL logfile created on: 6/27/2011 11:16:46 AM - Run 10
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Apps
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 83.64% Memory free
5.09 Gb Paging File | 4.58 Gb Available in Paging File | 90.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.02 Gb Total Space | 32.12 Gb Free Space | 21.56% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 137.50 Gb Free Space | 92.28% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive K: | 68.23 Gb Total Space | 46.49 Gb Free Space | 68.13% Space Free | Partition Type: NTFS
Drive O: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive S: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive T: | 931.51 Gb Total Space | 812.98 Gb Free Space | 87.28% Space Free | Partition Type: NTFS

Computer Name: WALT_DESKTOP | User Name: Walt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========



< MD5 for: RTPWIN32.EXE >
[2002/08/16 11:41:16 | 000,794,624 | ---- | M] () MD5=01B14868F176A37216D7E8C75BE77198 -- C:\Program Files\Niakwa\NPL\rtpwin32.exe

< End of report >



============ Step three ============


I downloaded ComboFix from Bleeping Computer and ran it. There was no mention of Windows Recovery Console. The progress bar stopped about 3/5 of the way through, with the last line in the process window reading:

Output folder: C\32788R22FWJFW

It has been locked with no apparrent progress for almost 4 hours now. When I check Task Manager, it doesn't say that the program is Not Responding. But it appears to be locked regardless. Also, a few minutes after ComboFix started running, the internet radio started playing through the speakers again. When I check Task Manager now there are 6 iexplore.exe processes with one using 221,704K of Memory. No IE windows are open.

So far I have not killed ComboFix or the iexplore.exe processes.
  • 0

#10
Aaron

Aaron

    Expert

  • Expert
  • 3,155 posts
Restart your computer and run Combofix again please. Did you ever used Combofix before, because RC only needs to be installed once. If you already have it, Combofix wont mention it again.
No problem if Combofix won't work, I have others tools in mind too.
  • 0

Advertisements


#11
tc.bd.walt

tc.bd.walt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I used Task Manager to kill ComboFix, then rebooted, shut down my AV and SuperAntiSpyware, then ran ComboFix again.

Same result. I didn't wait as long though.

Back when I was trying to fix this myself, a buddy took a stab at it, and he may have tried using this program. Not sure. Whatever he tried, he said he couldn't get it to work the way it was supposed to.

BTW - I just checked Task Manager - 8 instances of iexplore.exe are running. The largest is using 80,248 K and climbing. Again, no open IE windows.

I'm glad you aren't out of ideas, becauseI am beginning to wonder if it is hopeless. Thanks for sticking it out with me.
  • 0

#12
Aaron

Aaron

    Expert

  • Expert
  • 3,155 posts

I'm glad you aren't out of ideas, becauseI am beginning to wonder if it is hopeless. Thanks for sticking it out with me.

You're welcome, I'll help you until your computer is clean again :)

shut down my AV and SuperAntiSpyware

Could you disable SuperAntiSpyware at startup or remove it temporary. It could of negated the fix because of it's protections.

I'm doing some deeper scans with OTL and GMER, we'll see what that reveals:

============ Step one ============

Please download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows and programs are closed to let it run uninterrupted.
  • Select All Users.
  • Under the Posted Image box at the bottom, paste in the following:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the content of OTL.Txt and paste it in your next post. Do the same for Extras.Txt.

============ Step two ============

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please post this log.

============ Step three ============

I need a new Extras log to see if the infection was added to the firewall again.

Please post the contents of the Extras.txt log from OTL in your next post. The file can be found at the same location as OTL.
If you can't fin it then we'll make a new one. Please run OTL again.

  • Press the Posted Image button.
  • Set the Extra Registry section to Use Safelist.
  • Press the Posted Image button.
When the scan completes, it will open a notepad window called Extras.Txt. It is saved in the same location as OTL. Please post this log.

- Maser00
  • 0

#13
tc.bd.walt

tc.bd.walt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Just to be clear, do I need to download a fresh version of OTL, or can I continue to use the one I downloaded last week?
  • 0

#14
Aaron

Aaron

    Expert

  • Expert
  • 3,155 posts
You can use the copy you have. Be sure to select standard output and not minimal output then.
  • 0

#15
Aaron

Aaron

    Expert

  • Expert
  • 3,155 posts
User asked to open topic again.
Oops, wrong topic. Ignore this post please. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP