Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

undetected malware? [Closed]

Started by jthogg , Nov 25 2011 09:21 PM

  • This topic is locked This topic is locked

#1
jthogg
Posted 25 November 2011 - 09:21 PM

jthogg

    Member

  • Member
  • PipPip
  • 10 posts
I'm not sure I know how to describe specifically enough for someone to help me, but I will try. I have been having several problems with my computer over the past several months and I'm not sure if I just have a bunch of malware, viruses, or drivers that are not working properly or what is going on. I have run the MBAM - Malwarebytes Anti-Malware and it comes up with nothing. (Indicates there is no malware)
I will try to break down some of the individual issues that have been most problematic:

1. I downloaded a driver update for my printer, but I get an error message telling me that the install wasn't successful. I have tried this several times directly from the HP website for my specific printer and specifically made to work on Windows 7, 64 bit OS. And yet, my printer seems to be working most of the time, but it takes a long time for it to process the request to print.

2. Audio: the sound quality is very poor from my speakers. The sound used to be great, but now it has a lot of static. Is this the speakers going bad or the audio device driver going bad? Or something else?

3. When I try to open a program, it takes a long time for the computer to respond before opening. Sometimes, the program will stop responding altogether and I have to Force Quit to get out of it. Other times I have to reboot the computer to get it to open any programs.

4. I have a couple of websites that I have made "exceptions" to in the pop-up blocker, (Mozilla browser) but in the last two weeks, those website addresses have been removed and won't stay on the exceptions list after I close the browser. I have to re-enter the website exception every time I log on to that site.

I'm not sure which diagnostic information to attach, but I will start by attaching the OTL log: Please let me know if I need to attach something different.
Thank-you!
Pam

OTL logfile created on: 11/25/2011 6:28:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Richard and Pam\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 65.36% Memory free
7.93 Gb Paging File | 5.92 Gb Available in Paging File | 74.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.86 Gb Total Space | 592.61 Gb Free Space | 86.53% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: Richard and Pam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/25 18:28:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Richard and Pam\Desktop\OTL.exe
PRC - [2011/11/04 22:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/09 10:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/08/08 12:08:46 | 001,407,848 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2010/09/14 15:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
PRC - [2010/09/14 15:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2010/05/17 14:45:32 | 001,615,176 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/07/20 13:07:10 | 000,124,416 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/04 22:53:18 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/12 06:59:54 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll
MOD - [2011/10/12 06:59:54 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\bd729791a7504ef9ecb4ad6ebfd94935\System.Xml.Linq.ni.dll
MOD - [2011/10/12 06:38:01 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 06:37:55 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 06:37:39 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 06:37:35 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 06:37:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 06:37:30 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/10/12 06:26:44 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll
MOD - [2011/10/12 06:26:31 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll
MOD - [2011/10/12 06:26:31 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll
MOD - [2011/10/12 06:26:25 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll
MOD - [2011/10/12 06:26:23 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
MOD - [2011/10/12 06:26:21 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll
MOD - [2011/10/12 06:26:21 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9211f2faac02f0082b201a95731736c4\PresentationFramework.Aero.ni.dll
MOD - [2011/10/12 06:26:20 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
MOD - [2011/10/12 06:26:20 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll
MOD - [2011/10/12 06:26:19 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011/10/12 06:26:13 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2011/09/07 16:22:06 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/14 12:39:58 | 001,421,656 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\videoc.dll
MOD - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 12:36:12 | 000,141,656 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LogiMail.dll
MOD - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/06/12 15:37:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
MOD - [2009/06/12 15:37:36 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/11 13:44:46 | 000,171,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/12/26 18:02:37 | 001,045,256 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/14 15:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2010/09/14 15:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2010/05/17 14:45:32 | 001,615,176 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/28 11:25:34 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/05/31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/30 00:27:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/04/07 15:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 16:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/25 12:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 15:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/04/30 14:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2009/04/30 14:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/07/26 14:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...28v1h5k4741r218
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...28v1h5k4741r218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...28v1h5k4741r218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...28v1h5k4741r218

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...28v1h5k4741r218
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://my.msn.com/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/02/20 14:33:52 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/02/20 14:33:52 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/26 22:05:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/19 17:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/19 17:02:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/26 22:05:39 | 000,000,000 | ---D | M]

[2009/11/15 21:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard and Pam\AppData\Roaming\Mozilla\Extensions
[2011/08/19 17:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard and Pam\AppData\Roaming\Mozilla\Firefox\Profiles\qdh08kzn.default\extensions
[2011/08/19 17:09:14 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Richard and Pam\AppData\Roaming\Mozilla\Firefox\Profiles\qdh08kzn.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/11/19 17:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/25 20:11:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/04 22:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (TBSB05060 Class) - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\Program Files (x86)\IEToolbar\Premier Tools\PlTBie.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Premier Tools) - {EB0FDFA9-F6B3-46AF-9A60-AA8DAAFB56C5} - C:\Program Files (x86)\IEToolbar\Premier Tools\PlTBie.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Premier Tools) - {EB0FDFA9-F6B3-46AF-9A60-AA8DAAFB56C5} - C:\Program Files (x86)\IEToolbar\Premier Tools\PlTBie.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe (American Power Conversion Corporation)
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKCU..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft...tail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78D774A2-A736-4A40-BF01-D42985C71792}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\x-excid - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b9840b32-d179-11de-8406-001f16fd11f0}\Shell - "" = AutoRun
O33 - MountPoints2\{b9840b32-d179-11de-8406-001f16fd11f0}\Shell\AutoRun\command - "" = G:\EasyCopy.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/19 21:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/19 21:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/19 21:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/19 21:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/11/19 21:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/19 21:57:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/11/19 15:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/18 20:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/11/18 20:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/11/12 17:29:31 | 000,000,000 | ---D | C] -- C:\Users\Richard and Pam\AppData\Local\{05C1D653-B5BF-49B9-8E1F-709D8D1858C9}
[2011/11/12 17:29:21 | 000,000,000 | ---D | C] -- C:\Users\Richard and Pam\AppData\Local\{0F7A4CAC-B0C6-4D73-B599-D4801C895428}
[2011/11/04 21:33:24 | 000,000,000 | ---D | C] -- C:\Users\Richard and Pam\AppData\Local\{1B34B9BA-51EA-448E-99DE-2D1EA34C2B44}
[2011/11/04 21:33:14 | 000,000,000 | ---D | C] -- C:\Users\Richard and Pam\AppData\Local\{3DBFCDCB-7EB9-4A83-9EC7-0C925A037238}
[2011/11/04 21:28:17 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/11/04 21:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/11/04 21:23:49 | 000,000,000 | ---D | C] -- C:\Users\Richard and Pam\AppData\Local\{5D891E44-74FA-45A3-9D9A-50A88E9C8770}
[2011/11/04 21:23:39 | 000,000,000 | ---D | C] -- C:\Users\Richard and Pam\AppData\Local\{8C634BCE-5AF6-4DA5-90D5-D0F002BFB66F}
[2011/11/04 21:09:23 | 000,000,000 | ---D | C] -- C:\Users\Richard and Pam\AppData\Local\{F6CFDD78-BFBC-49AC-91D2-C662E39D6D61}
[2011/11/04 21:02:37 | 000,000,000 | ---D | C] -- C:\Users\Richard and Pam\AppData\Local\{2C5A677E-8990-4D08-A86E-6E558D96EEE7}
[2011/11/04 21:02:26 | 000,000,000 | ---D | C] -- C:\Users\Richard and Pam\AppData\Local\{6F29370E-1380-4B14-9934-B6FACC3876CE}
[2011/11/04 20:45:39 | 000,000,000 | ---D | C] -- C:\Users\Richard and Pam\AppData\Local\{FE85F4FC-FAB0-40D1-8574-6D086AD29F21}
[2011/11/04 20:45:28 | 000,000,000 | ---D | C] -- C:\Users\Richard and Pam\AppData\Local\{CF4EC436-E0FB-446A-ABFF-3A0FBF1BBDD5}
[2011/11/04 20:44:48 | 000,000,000 | ---D | C] -- C:\Users\Richard and Pam\AppData\Local\{E66EB27E-E82E-4930-84CE-A9A285F6B9E1}
[2011/11/04 20:44:38 | 000,000,000 | ---D | C] -- C:\Users\Richard and Pam\AppData\Local\{2376FC42-4F4D-4219-8966-67B929B748F1}
[2011/11/04 14:13:31 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Picture Planner
[2011/11/04 14:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picture Planner
[2011/11/02 18:05:34 | 000,000,000 | ---D | C] -- C:\Users\Richard and Pam\AppData\Local\{A7D971C9-FBEC-4430-A815-6B7D414A046A}
[2011/11/02 18:05:23 | 000,000,000 | ---D | C] -- C:\Users\Richard and Pam\AppData\Local\{BAD96704-90A9-459A-8432-E782234DA3AB}
[2011/10/29 21:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/29 21:13:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/10/29 18:17:36 | 000,000,000 | ---D | C] -- C:\Users\Richard and Pam\AppData\Local\ElevatedDiagnostics
[1 C:\Users\Richard and Pam\Desktop\*.tmp files -> C:\Users\Richard and Pam\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/25 18:27:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 18:27:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 17:49:29 | 000,012,252 | ---- | M] () -- C:\Users\Richard and Pam\Desktop\Annie's pics.jpg
[2011/11/25 17:35:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/25 15:57:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/24 20:35:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/24 09:12:55 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/24 09:12:55 | 000,629,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/24 09:12:55 | 000,108,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/24 09:07:50 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/23 21:52:31 | 013,819,904 | ---- | M] () -- C:\Users\Richard and Pam\QDATA1_20070408_20091023_20091122_20091122_20100325-2011-11-23.QDF-backup
[2011/11/18 20:13:47 | 000,444,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/17 18:34:07 | 013,803,520 | ---- | M] () -- C:\Users\Richard and Pam\QDATA1_20070408_20091023_20091122_20091122_20100325-2011-11-17.QDF-backup
[2011/11/10 19:13:54 | 013,795,328 | ---- | M] () -- C:\Users\Richard and Pam\QDATA1_20070408_20091023_20091122_20091122_20100325-2011-11-10.QDF-backup
[2011/10/29 20:09:40 | 000,001,100 | ---- | M] () -- C:\Users\Richard and Pam\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/10/29 19:17:35 | 000,228,962 | ---- | M] () -- C:\Windows\hpwins23.dat
[2011/10/29 19:00:14 | 013,680,640 | ---- | M] () -- C:\Users\Richard and Pam\QDATA1_20070408_20091023_20091122_20091122_20100325-2011-10-29.QDF-backup
[1 C:\Users\Richard and Pam\Desktop\*.tmp files -> C:\Users\Richard and Pam\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/25 17:49:29 | 000,012,252 | ---- | C] () -- C:\Users\Richard and Pam\Desktop\Annie's pics.jpg
[2011/11/23 21:52:31 | 013,819,904 | ---- | C] () -- C:\Users\Richard and Pam\QDATA1_20070408_20091023_20091122_20091122_20100325-2011-11-23.QDF-backup
[2011/11/19 17:31:22 | 000,001,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/17 18:34:07 | 013,803,520 | ---- | C] () -- C:\Users\Richard and Pam\QDATA1_20070408_20091023_20091122_20091122_20100325-2011-11-17.QDF-backup
[2011/11/10 19:13:53 | 013,795,328 | ---- | C] () -- C:\Users\Richard and Pam\QDATA1_20070408_20091023_20091122_20091122_20100325-2011-11-10.QDF-backup
[2011/10/29 19:00:14 | 013,680,640 | ---- | C] () -- C:\Users\Richard and Pam\QDATA1_20070408_20091023_20091122_20091122_20100325-2011-10-29.QDF-backup
[2011/10/21 12:30:45 | 000,038,449 | ---- | C] () -- C:\Users\Richard and Pam\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/10/14 17:20:25 | 000,081,767 | ---- | C] () -- C:\Windows\hpqins13.dat
[2011/10/14 17:07:05 | 000,228,962 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011/10/14 17:07:05 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2011/10/12 06:50:26 | 000,000,376 | ---- | C] () -- C:\Windows\hpwmdl37.dat.temp
[2011/05/10 19:12:22 | 000,007,168 | ---- | C] () -- C:\Users\Richard and Pam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/29 18:49:54 | 000,228,962 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2010/10/15 17:16:34 | 000,007,652 | ---- | C] () -- C:\Users\Richard and Pam\AppData\Local\resmon.resmoncfg
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/06/19 13:27:06 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2010/05/02 19:27:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/22 10:20:13 | 000,747,134 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/10 18:39:00 | 000,000,036 | ---- | C] () -- C:\Windows\ITOOLS_X.INI
[2010/01/26 22:01:34 | 000,023,158 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/20 18:06:26 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/12/19 14:53:10 | 000,022,637 | ---- | C] () -- C:\Users\Richard and Pam\AppData\Roaming\UserTile.png
[2009/11/29 12:23:42 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/22 19:36:19 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/11/16 21:02:14 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/11/15 21:02:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/15 13:25:06 | 000,000,180 | ---- | C] () -- C:\Users\Richard and Pam\AppData\Roaming\wklnhst.dat
[2009/08/14 23:29:56 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2000/05/08 13:43:24 | 000,235,520 | ---- | C] () -- C:\Windows\SysWow64\W048T32W.DLL
[2000/05/08 13:43:24 | 000,140,288 | ---- | C] () -- C:\Windows\SysWow64\W108T32W.DLL
[2000/05/08 13:43:24 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\W801T32W.DLL
[2000/05/08 13:43:24 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\W770T32W.DLL
[2000/05/08 13:43:22 | 000,202,752 | ---- | C] () -- C:\Windows\SysWow64\W042T32W.DLL
[2000/05/08 13:43:22 | 000,137,216 | ---- | C] () -- C:\Windows\SysWow64\W043T32W.DLL
[2000/05/08 13:43:22 | 000,128,000 | ---- | C] () -- C:\Windows\SysWow64\W046T32W.DLL
[2000/05/08 13:43:20 | 000,168,960 | ---- | C] () -- C:\Windows\SysWow64\W037T32W.DLL
[2000/05/08 13:43:20 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\W040T32W.DLL
[2000/05/08 13:43:18 | 000,163,328 | ---- | C] () -- C:\Windows\SysWow64\W033T32W.DLL
[2000/05/08 13:43:18 | 000,099,328 | ---- | C] () -- C:\Windows\SysWow64\W021T32W.DLL
[2000/05/08 13:43:16 | 000,202,240 | ---- | C] () -- C:\Windows\SysWow64\W019T32W.DLL
[2000/05/08 13:43:16 | 000,117,760 | ---- | C] () -- C:\Windows\SysWow64\W020T32W.DLL
[2000/05/08 13:43:16 | 000,105,984 | ---- | C] () -- C:\Windows\SysWow64\W008T32W.DLL
[2000/05/08 13:43:16 | 000,105,472 | ---- | C] () -- C:\Windows\SysWow64\W010T32W.DLL
[2000/05/08 13:43:16 | 000,101,888 | ---- | C] () -- C:\Windows\SysWow64\W015T32W.DLL
[2000/05/08 13:43:14 | 000,185,344 | ---- | C] () -- C:\Windows\SysWow64\W007T32W.DLL
[2000/05/08 13:43:14 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\W001T32W.DLL
[2000/05/08 13:43:14 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\W006T32W.DLL
[2000/04/12 18:28:12 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2000/04/12 18:24:10 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll

========== LOP Check ==========

[2009/12/09 17:46:48 | 000,000,000 | ---D | M] -- C:\Users\Richard and Pam\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/23 19:13:04 | 000,000,000 | ---D | M] -- C:\Users\Richard and Pam\AppData\Roaming\FreeFileViewer
[2011/08/19 18:12:56 | 000,000,000 | ---D | M] -- C:\Users\Richard and Pam\AppData\Roaming\GARMIN
[2009/12/20 18:06:26 | 000,000,000 | ---D | M] -- C:\Users\Richard and Pam\AppData\Roaming\HotSync
[2010/05/23 18:56:40 | 000,000,000 | ---D | M] -- C:\Users\Richard and Pam\AppData\Roaming\Leadertech
[2009/11/16 10:40:37 | 000,000,000 | ---D | M] -- C:\Users\Richard and Pam\AppData\Roaming\Packard Bell
[2010/03/24 13:33:59 | 000,000,000 | ---D | M] -- C:\Users\Richard and Pam\AppData\Roaming\PrimoPDF
[2010/03/28 19:58:23 | 000,000,000 | ---D | M] -- C:\Users\Richard and Pam\AppData\Roaming\Quicken WillMaker
[2011/05/15 08:09:32 | 000,000,000 | ---D | M] -- C:\Users\Richard and Pam\AppData\Roaming\SoftGrid Client
[2009/12/13 21:24:44 | 000,000,000 | ---D | M] -- C:\Users\Richard and Pam\AppData\Roaming\Template
[2009/11/18 21:07:57 | 000,000,000 | ---D | M] -- C:\Users\Richard and Pam\AppData\Roaming\Thunderbird
[2011/06/18 18:39:08 | 000,000,000 | ---D | M] -- C:\Users\Richard and Pam\AppData\Roaming\TP
[2010/05/12 15:55:43 | 000,000,000 | ---D | M] -- C:\Users\Richard and Pam\AppData\Roaming\webex
[2011/08/21 15:39:07 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Amlak
Posted 26 November 2011 - 03:22 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Welcome to GTG.

To be honest, I don't think this is a malware issue, so let's test the hard drive and RAM first.

I'd strongly recommend you back up all the needed data (documents, pictures, music files, work-related files, etc.) on your computer to a different medium (such as another computer or a USB stick or external drive), and as soon as possible, just in case the hard drive is dying out.



Restart your computer (if it's on) and press F8 repeatedly (right before the Windows loading screen appears), and you'll see a list of options.

Highlight Repair your computer and press Enter.

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following:

  • chkdsk /r c: > c:\output.txt

    (If prompted, type Y)
  • Once finished type Exit and restart

Once you're in, go to the C: root and you'll find a txt file there called output.txt.

Please paste the contents of that log here in your next reply.

Edited by Amlak, 26 November 2011 - 03:22 AM.

  • 0

#3
Essexboy
Posted 29 November 2011 - 03:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP