Since I have always been able to remove stuff like this for myself as well as for friends and family, I proceeded to update or download and run scans with the following:
- MBAM
- Hitman Pro
- Sybot Search and Destroy
- SUPERAntiSpyware
- ESET online scanner
- Symantec AV (which I have uninstalled now and replaced with a version of Vipre at a friends suggestion)
Each of these tools seemed to find various items, though I was not smart enough to note what they were, and seemed to successfully remove the found items.
However, after running all of the tools multiple times, in normal mode and safe mode, I am still having this problem.
Whenever I boot the machine and check my processes, iexplore.exe has started each time, but there is no visible indication, such as a minimized IE window, that it is running. I am able to kill the process, which stops the internet radio for a time, but it usually starts up again. Also, several additional programs have shown up on my computer in the last few days including:
- MP3TubeVideotoMP3
- Blinkx Beat
- FreezeFrog.exe
I have attempted to uninstall and remove each of these as they have been discovered.
At this point I am at a loss and am concerned about the potential risks of having what appears to be a compromised system, never mind the irritation of the continual internet radio playing and the redirection of my links.
Any help that can be given is greatly appreciated!
I downloaded OTL and ran a Quick Scan as instructed. Here is the log:
OTL logfile created on: 6/21/2011 7:10:50 PM - Run 5
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Apps
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.25 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 76.16% Memory free
5.09 Gb Paging File | 4.46 Gb Available in Paging File | 87.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.02 Gb Total Space | 32.50 Gb Free Space | 21.81% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 137.50 Gb Free Space | 92.28% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 812.99 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive K: | 68.23 Gb Total Space | 46.70 Gb Free Space | 68.44% Space Free | Partition Type: NTFS
Drive O: | 931.51 Gb Total Space | 812.99 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive S: | 931.51 Gb Total Space | 812.99 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Drive T: | 931.51 Gb Total Space | 812.99 Gb Free Space | 87.28% Space Free | Partition Type: NTFS
Computer Name: WALT_DESKTOP | User Name: Walt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Apps\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
PRC - C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\system32\lxebcoms.exe ( )
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Apps\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\LogMeIn\x86\LMIhook.000.dll (LogMeIn, Inc.)
MOD - C:\Program Files\Sunbelt Software\VIPRE\oehook.dll (Nektra S.A.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\snmpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rassapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mprapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\inetmib1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\activeds.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\adsldpc.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (SBAMSvc) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SRV - (SBPIMSvc) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (lxeb_device) -- C:\WINDOWS\System32\lxebcoms.exe ( )
SRV - (lxebCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe ()
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (sbaphd) -- C:\WINDOWS\system32\drivers\sbaphd.sys (Sunbelt Software)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (vcdrom) -- C:\Documents and Settings\Walt\My Documents\Downloads\Jim\Extract\VCdRom.sys (Microsoft Corporation)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080611
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080611
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080611
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jim/office
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5A 69 7E 00 67 28 A7 4D 91 D5 62 B5 A4 45 5A ED [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolba...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "https://benefitdata1...usionsoft.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolba...={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolba...={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolba...={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolba...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://mp3tubetoolba...b488410&subid="
FF - user.js..keyword.URL: "http://mp3tubetoolba...removelink2&q="
FF - user.js..keyword.enabled: 1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/27 18:24:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/14 12:56:29 | 000,000,000 | ---D | M]
[2010/11/13 12:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Walt\Application Data\Mozilla\Extensions
[2011/06/20 12:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Walt\Application Data\Mozilla\Firefox\Profiles\3bhrmaz8.default\extensions
[2010/11/13 12:52:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Walt\Application Data\Mozilla\Firefox\Profiles\3bhrmaz8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/20 12:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/01 17:32:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/20 12:18:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/20 12:18:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/20 12:18:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/06/21 11:26:11 | 000,001,211 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Mp3Tube.xml
O1 HOSTS File: ([2011/06/21 16:31:13 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [lxebmon.exe] C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKCU..\Run: [Google Update] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1213633610906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Walt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{16bfe052-a9c7-11dd-b66c-001d099a4d14}\Shell\access\command - "" = G:\Secured_Area.exe
O33 - MountPoints2\{16bfe052-a9c7-11dd-b66c-001d099a4d14}\Shell\AutoRun\command - "" = G:\Secured_Area.exe
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/21 18:35:44 | 000,074,968 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011/06/21 18:35:43 | 000,021,592 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/06/21 18:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\Sunbelt
[2011/06/21 18:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2011/06/21 18:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sunbelt Software
[2011/06/21 18:28:04 | 000,212,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2011/06/21 18:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2011/06/21 16:31:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/21 10:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\Managed Antivirus
[2011/06/21 10:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Managed Antivirus
[2011/06/20 12:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/20 11:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VectorVest, Inc
[2011/06/20 10:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3Tube Toolbar
[2011/06/20 10:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FREEzeFrogSA
[2011/06/20 10:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\FREEzeFrog
[2011/06/20 10:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\FREEzeFrog
[2011/06/20 10:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2011/06/20 10:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuestScan
[2011/06/20 10:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuestScan
[2011/06/20 01:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Start Menu\Programs\Logmein
[2011/06/20 01:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Start Menu\Programs\Firefox
[2011/06/19 01:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/19 01:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/19 01:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/18 13:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/18 13:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Start Menu\Programs\HiJackThis
[2011/06/17 23:28:53 | 000,169,472 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\kbdycl32.dll
[2011/06/17 10:26:28 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/06/17 08:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/06/15 10:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
[2011/06/15 10:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2011/06/15 09:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/06/15 09:34:04 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoin.dll
[2011/06/15 09:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2011/06/15 09:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2011/06/15 09:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lexmark
[2011/06/15 09:33:14 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebserv.dll
[2011/06/15 09:33:14 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebusb1.dll
[2011/06/15 09:33:14 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhbn3.dll
[2011/06/15 09:33:14 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebpmui.dll
[2011/06/15 09:33:14 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeblmpm.dll
[2011/06/15 09:33:14 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebinpa.dll
[2011/06/15 09:33:14 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEBhcp.dll
[2011/06/15 09:33:14 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebiesc.dll
[2011/06/15 09:33:14 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebih.exe
[2011/06/15 09:33:13 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomc.dll
[2011/06/15 09:33:13 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoms.exe
[2011/06/15 09:33:13 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcfg.exe
[2011/06/15 09:33:13 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomm.dll
[2011/06/15 09:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Pro200-S500 Series
[2011/06/15 03:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/06/14 22:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/14 20:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\SUPERAntiSpyware.com
[2011/06/14 20:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/14 20:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/14 20:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/14 13:53:37 | 000,000,000 | ---D | C] -- C:\Apps
[2011/06/14 13:51:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Walt\Recent
[2011/06/10 11:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VectorVest
[2011/06/10 11:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Local Settings\Application Data\Citrix
[2011/06/09 13:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2011/06/09 12:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Local Settings\Application Data\Help
[2011/06/09 12:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\Help
[2011/06/02 13:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt\Application Data\bgaDesktop
[2011/06/02 13:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\SureLC_Desktop
[2011/06/02 13:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/21 19:09:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/21 19:09:19 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/21 19:06:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/21 19:06:45 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/21 19:05:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/21 18:42:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-924622083-92417848-350737671-1005UA.job
[2011/06/21 18:28:05 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2011/06/21 17:49:32 | 000,001,324 | ---- | M] () -- C:\Documents and Settings\Walt\Local Settings\Application Data\d3d9caps.dat
[2011/06/21 16:31:13 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/21 16:03:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/06/21 16:02:23 | 000,000,254 | ---- | M] () -- C:\WINDOWS\System32\AgentDWQ.xml
[2011/06/21 11:25:16 | 000,001,190 | ---- | M] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2011/06/21 10:19:07 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Microsoft Office Outlook 2003 (2).lnk
[2011/06/20 22:43:18 | 000,001,722 | -H-- | M] () -- C:\Documents and Settings\Walt\My Documents\Default.rdp
[2011/06/20 17:30:03 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Microsoft Office Word 2003 (2).lnk
[2011/06/20 14:36:33 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Microsoft Office Excel 2003 (2).lnk
[2011/06/20 12:22:06 | 000,000,019 | ---- | M] () -- C:\WINDOWS\System32\20d6b97d
[2011/06/20 11:47:21 | 000,525,976 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/20 11:47:21 | 000,097,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/20 11:32:51 | 000,001,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VectorVest 7.lnk
[2011/06/20 09:42:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-924622083-92417848-350737671-1005Core.job
[2011/06/19 07:55:15 | 000,000,096 | ---- | M] () -- C:\WINDOWS\System32\184068365
[2011/06/18 13:02:00 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\HiJackThis.lnk
[2011/06/17 23:28:53 | 000,169,472 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\kbdycl32.dll
[2011/06/17 12:45:22 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/17 09:07:27 | 000,000,394 | ---- | M] () -- C:\WINDOWS\ASC.INI
[2011/06/17 09:07:23 | 000,000,651 | ---- | M] () -- C:\WINDOWS\RTIWIN.INI
[2011/06/17 08:36:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 10:30:20 | 000,210,305 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/06/15 09:33:38 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Lexmark Printer Home.LNK
[2011/06/14 22:22:49 | 000,017,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/14 20:17:54 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/14 08:01:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/10 11:23:07 | 000,103,720 | ---- | M] () -- C:\Documents and Settings\Walt\GoToAssistDownloadHelper.exe
[2011/06/09 15:49:16 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Walt\Desktop\Microsoft Office Publisher 2003 (2).lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/21 18:28:05 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2011/06/21 16:43:35 | 3487,744,000 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/21 16:02:23 | 000,000,254 | ---- | C] () -- C:\WINDOWS\System32\AgentDWQ.xml
[2011/06/21 11:25:16 | 000,001,190 | ---- | C] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2011/06/20 22:27:29 | 000,001,722 | -H-- | C] () -- C:\Documents and Settings\Walt\My Documents\Default.rdp
[2011/06/20 12:22:06 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\20d6b97d
[2011/06/20 11:32:51 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VectorVest 7.lnk
[2011/06/18 13:02:00 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\Walt\Desktop\HiJackThis.lnk
[2011/06/17 23:28:52 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\184068365
[2011/06/17 12:45:22 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Walt\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/15 09:34:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxebvs.dll
[2011/06/15 09:34:01 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxebcui.dll
[2011/06/15 09:34:01 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxebcuir.dll
[2011/06/15 09:34:01 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxebgcfg.dll
[2011/06/15 09:34:01 | 000,065,106 | ---- | C] () -- C:\WINDOWS\System32\lxebprpr.chm
[2011/06/15 09:34:01 | 000,008,694 | ---- | C] () -- C:\WINDOWS\System32\lxebcommuilogo_rtl.bmp
[2011/06/15 09:34:01 | 000,008,694 | ---- | C] () -- C:\WINDOWS\System32\lxebcommuilogo.bmp
[2011/06/15 09:33:38 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Lexmark Printer Home.LNK
[2011/06/15 09:33:14 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEBinst.dll
[2011/06/15 09:33:14 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxebins.dll
[2011/06/15 09:33:14 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxebinsb.dll
[2011/06/15 09:33:14 | 000,210,305 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/06/15 09:33:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxebgrd.dll
[2011/06/15 09:33:14 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxebinsr.dll
[2011/06/15 09:33:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxebcub.dll
[2011/06/15 09:33:14 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxebjswr.dll
[2011/06/15 09:33:13 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxebcu.dll
[2011/06/15 09:33:13 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxebcur.dll
[2011/06/15 09:33:13 | 000,002,110 | ---- | C] () -- C:\WINDOWS\System32\lxeb.loc
[2011/06/14 22:22:49 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/14 20:17:54 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/10 11:23:06 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\Walt\GoToAssistDownloadHelper.exe
[2011/05/09 17:04:24 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/24 09:42:49 | 004,426,657 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-924622083-92417848-350737671-1005-0.dat
[2011/02/24 09:42:49 | 000,242,190 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/21 11:04:39 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEBsm.dll
[2011/01/21 11:04:39 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEBsmr.dll
[2010/11/24 20:06:36 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Walt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/22 10:47:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/13 12:51:22 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\Walt\Local Settings\Application Data\d3d9caps.dat
[2010/10/14 03:21:36 | 010,869,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/23 10:50:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/27 18:15:16 | 000,173,049 | ---- | C] () -- C:\WINDOWS\hpwins21.dat
[2009/11/27 18:15:16 | 000,000,428 | ---- | C] () -- C:\WINDOWS\hpwmdl21.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/24 14:29:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NPLSecureps.dll
[2009/03/24 14:23:00 | 000,000,184 | ---- | C] () -- C:\WINDOWS\bti.ini
[2009/03/24 14:22:00 | 000,043,760 | ---- | C] () -- C:\WINDOWS\System32\nwlocale.dll
[2009/03/24 14:14:31 | 000,000,651 | ---- | C] () -- C:\WINDOWS\RTIWIN.INI
[2009/03/24 14:08:09 | 000,000,394 | ---- | C] () -- C:\WINDOWS\ASC.INI
[2009/02/06 16:16:37 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2008/06/17 09:37:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBFC.dat
[2008/06/16 16:35:52 | 000,000,515 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/06/16 16:24:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/06/16 16:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/06/16 16:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/06/16 16:15:54 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2008/06/16 16:15:53 | 000,007,102 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2008/06/16 14:29:40 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2008/06/16 13:21:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/06/16 11:52:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/16 11:18:37 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Walt\Local Settings\Application Data\fusioncache.dat
[2008/06/11 15:25:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/11 15:20:46 | 000,000,232 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/11 14:58:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/06/11 14:58:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/06/11 14:58:08 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/06/11 14:58:07 | 000,151,367 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/06/11 14:58:07 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/06/11 14:58:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/06/11 14:57:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/06/11 14:57:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/06/11 14:55:47 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/14 17:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,246,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,525,976 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,097,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/02/27 06:00:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\MapGMem.dll
========== LOP Check ==========
[2011/06/20 10:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2010/05/08 14:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/12/08 11:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/06/21 11:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FREEzeFrogSA
[2009/10/29 09:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fund Manager
[2010/06/25 12:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gecko Software
[2009/10/30 11:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GrebleSoft
[2011/06/14 22:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/02/22 17:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro200-S500 Series
[2011/06/21 10:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/06/21 10:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Managed Antivirus
[2011/06/21 12:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/06/09 13:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2011/06/20 10:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuestScan
[2009/06/03 17:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/06/25 12:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TNT-HF
[2011/06/02 13:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\bgaDesktop
[2010/11/13 12:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\FileOpen
[2011/06/20 10:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\FREEzeFrog
[2011/04/01 12:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Fund Manager
[2011/05/09 17:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Insurance Technologies
[2010/11/13 12:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Leadertech
[2011/06/21 10:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Managed Antivirus
[2010/11/13 12:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Steele Systems
[2010/11/13 12:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\Techsmith
[2010/11/13 12:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\TurboMeeting
[2010/11/13 12:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\VectorVest, Inc
[2011/06/16 14:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt\Application Data\webex
========== Purity Check ==========
< End of report >