Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

985 malware? slow computer OTL posted..help please [Closed]

Started by Gracey Jelley , Jan 30 2012 10:44 AM

  • This topic is locked This topic is locked

#1
Gracey Jelley
Posted 30 January 2012 - 10:44 AM

Gracey Jelley

    New Member

  • Member
  • Pip
  • 5 posts
Your help is very much appreciated!!!


OTL logfile created on: 1/30/2012 11:28:45 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Pam Jelley_2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.48 Mb Total Physical Memory | 69.34 Mb Available Physical Memory | 28.02% Memory free
739.55 Mb Paging File | 385.33 Mb Available in Paging File | 52.10% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 53.64 Gb Free Space | 71.96% Space Free | Partition Type: NTFS

Computer Name: PAMELLA-F8A810D | User Name: Pam Jelley_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/30 11:27:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pam Jelley_2\Desktop\OTL (1).exe
PRC - [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/29 11:57:20 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcycoms.exe
PRC - [2006/11/29 11:57:10 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 3400 Series\ezprint.exe
PRC - [2006/11/29 11:57:06 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcymon.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/30 02:49:33 | 001,687,552 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12013000\algo.dll
MOD - [2012/01/29 16:15:07 | 001,687,552 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12012901\algo.dll
MOD - [2012/01/20 00:35:35 | 000,411,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.77\ppgooglenaclpluginchrome.dll
MOD - [2012/01/20 00:35:34 | 003,767,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
MOD - [2012/01/20 00:34:10 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.77\avutil-51.dll
MOD - [2012/01/20 00:34:09 | 000,222,208 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.77\avformat-53.dll
MOD - [2012/01/20 00:34:07 | 001,746,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.77\avcodec-53.dll
MOD - [2006/11/29 11:57:06 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcymon.exe
MOD - [2006/11/27 02:50:22 | 000,117,760 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcypp5c.dll
MOD - [2006/11/22 09:05:12 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\fxctrstr.dll
MOD - [2006/11/22 08:51:26 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL
MOD - [2006/11/22 08:49:18 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2006/08/08 14:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcyscw.dll
MOD - [2006/05/25 15:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\iptk.dll
MOD - [2006/02/13 08:04:20 | 000,143,360 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcydrec.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/04/13 19:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 19:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/29 11:57:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxcycoms.exe -- (lxcy_device)


========== Driver Services (SafeList) ==========

DRV - [2012/01/30 01:45:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 11:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 17:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()



========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Pam Jelley_2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Pam Jelley_2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\Pam Jelley_2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LXCYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcymon.exe] C:\Program Files\Lexmark 3400 Series\lxcymon.exe ()
O4 - HKLM..\Run: [PC Cleaners] C:\Program Files\PC Cleaners\PCCleaners.exe (PC Cleaners Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B3336C4-8300-4BB2-890E-C28DF4FF33C2}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/26 15:58:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 11:27:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pam Jelley_2\Desktop\OTL (1).exe
[2012/01/30 01:45:01 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/30 00:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\PC Cleaners
[2012/01/30 00:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\PCPro
[2012/01/30 00:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Cleaners
[2012/01/30 00:03:17 | 005,276,432 | ---- | C] (PC Cleaners) -- C:\WINDOWS\uninst.exe
[2012/01/29 23:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/01/29 23:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\PC Cleaners
[2012/01/26 03:10:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pam Jelley_2\Recent
[2012/01/25 12:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Orneon
[2012/01/22 22:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\My Documents\liars messages
[2012/01/20 02:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\FloodLightGames
[2012/01/20 02:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2012/01/20 00:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\SultansLabyrinth
[2012/01/20 00:54:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pam Jelley_2\Start Menu\Programs\Administrative Tools
[2012/01/19 23:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Flood Light Games
[2012/01/19 23:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2012/01/19 01:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\GameHouse
[2012/01/19 01:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2012/01/18 02:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Saved Games
[2012/01/18 02:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Floodlight Games
[2012/01/18 02:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2012/01/17 12:10:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/16 02:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2012/01/15 21:29:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/01/15 15:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/15 15:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/15 15:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/01/15 15:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/15 15:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/01/15 15:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Sun
[2012/01/15 03:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/15 03:49:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/14 02:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Maximize Games
[2012/01/14 02:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Maximize Games
[2012/01/13 01:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Oberon Media
[2012/01/13 01:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/13 00:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Start Menu\Programs\Yahoo! Games
[2012/01/13 00:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2012/01/13 00:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! Games
[2012/01/10 10:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/01/10 10:12:33 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/01/10 10:12:32 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/01/10 10:12:25 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/01/10 10:12:24 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/01/10 10:12:20 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/01/10 10:12:17 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/01/10 10:12:17 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/01/10 10:12:15 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/01/10 10:11:22 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/01/10 10:11:20 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/01/10 10:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/10 10:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/05 20:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/01/05 18:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/01/05 03:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/01/05 03:49:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/01/03 22:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{72020B27-0E75-455A-BCEC-9F6C7675B3DA}
[2012/01/03 00:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Malwarebytes
[2012/01/03 00:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/03 00:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/03/27 14:26:38 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll
[2008/03/27 14:26:38 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll
[2008/03/27 14:26:38 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhcp.dll
[2008/03/27 14:26:37 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll
[2008/03/27 14:26:37 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll
[2008/03/27 14:26:37 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypmui.dll
[2008/03/27 14:26:37 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll
[2008/03/27 14:26:37 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll
[2008/03/27 14:26:36 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll
[2008/03/27 14:26:36 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyih.exe
[2008/03/27 14:26:35 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll
[2008/03/27 14:26:35 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycoms.exe
[2008/03/27 14:26:34 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll
[2008/03/27 14:26:34 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll
[2008/03/27 14:26:34 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycfg.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/30 11:38:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-823518204-1801674531-1005UA.job
[2012/01/30 11:32:18 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{87872306-2FAA-4781-AD6F-2F64D4EC240F}.job
[2012/01/30 11:27:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pam Jelley_2\Desktop\OTL (1).exe
[2012/01/30 11:25:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\OTL.exe.crdownload
[2012/01/30 10:53:24 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/30 09:54:02 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/30 09:53:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/30 01:45:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/30 00:08:19 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\PC Cleaner Pro.lnk
[2012/01/29 23:52:18 | 005,276,432 | ---- | M] (PC Cleaners) -- C:\WINDOWS\uninst.exe
[2012/01/29 18:38:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-823518204-1801674531-1005Core.job
[2012/01/29 10:03:00 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/26 03:07:10 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/25 10:16:26 | 000,001,098 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\Yahoo! Games - Games And Online Games.lnk
[2012/01/22 22:22:10 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012/01/22 22:11:50 | 000,000,439 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\exactly.lnk
[2012/01/16 02:13:05 | 000,000,584 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\photos.lnk
[2012/01/15 15:13:31 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/15 15:13:31 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\Spybot - Search & Destroy.lnk
[2012/01/15 14:49:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/14 00:07:09 | 000,312,220 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/14 00:07:09 | 000,040,224 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/13 23:35:47 | 000,126,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/13 02:24:51 | 000,002,999 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2012/01/10 10:12:36 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/01/10 10:12:18 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/05 20:50:19 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\Google Chrome.lnk
[2012/01/05 20:50:19 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/05 02:22:54 | 000,093,728 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\My Documents\back up 1.reg
[2012/01/04 23:37:49 | 085,991,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/04 03:30:57 | 000,158,183 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/30 11:25:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\OTL.exe.crdownload
[2012/01/30 00:08:19 | 000,000,655 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\PC Cleaner Pro.lnk
[2012/01/22 22:21:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/01/22 22:11:50 | 000,000,439 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\exactly.lnk
[2012/01/16 02:13:05 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\photos.lnk
[2012/01/15 15:13:31 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/15 15:13:31 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\Spybot - Search & Destroy.lnk
[2012/01/15 15:08:55 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/15 03:49:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/13 00:58:34 | 000,001,098 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\Yahoo! Games - Games And Online Games.lnk
[2012/01/10 10:12:36 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/01/05 20:50:19 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\Google Chrome.lnk
[2012/01/05 20:50:19 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/05 20:48:29 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/05 20:48:27 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/05 04:03:34 | 000,002,999 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2012/01/05 02:22:27 | 000,093,728 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\My Documents\back up 1.reg
[2008/03/27 14:30:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll
[2008/03/27 14:29:52 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxcycoin.dll
[2008/03/27 14:28:41 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll
[2008/03/27 14:28:41 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll
[2008/03/27 14:28:41 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll
[2008/03/27 14:28:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2008/03/27 14:28:15 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2008/03/27 14:26:38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll
[2008/03/26 18:50:30 | 000,001,001 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
[2008/03/26 18:50:30 | 000,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
[2008/03/26 16:01:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/26 15:54:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/26 10:42:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/26 10:41:34 | 000,126,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,312,220 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,040,224 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2012/01/10 10:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/22 23:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/01/15 14:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/22 23:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/19 23:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2012/01/18 02:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2012/01/20 02:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2012/01/16 02:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2012/01/19 01:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2012/01/14 02:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maximize Games
[2012/01/10 09:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/13 00:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2012/01/30 00:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/01/25 18:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/13 03:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/01/05 03:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{72020B27-0E75-455A-BCEC-9F6C7675B3DA}
[2012/01/05 03:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\AVG
[2011/12/22 23:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\AVG Secure Search
[2012/01/19 23:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Flood Light Games
[2012/01/18 02:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Floodlight Games
[2012/01/20 02:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\FloodLightGames
[2012/01/19 01:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\GameHouse
[2012/01/14 02:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Maximize Games
[2012/01/13 01:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Oberon Media
[2012/01/25 12:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Orneon
[2012/01/30 00:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\PC Cleaners
[2012/01/30 00:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\PCPro
[2012/01/20 00:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\SultansLabyrinth
[2008/04/11 20:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Viewpoint
[2012/01/30 11:32:18 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{87872306-2FAA-4781-AD6F-2F64D4EC240F}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E8CBF59
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE601F5
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0A3B1D
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26B7B9EA
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B5EC1B2F
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEBA48CB
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5E0BCE9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D6C9FB1
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8BB92F2

< End of report >



OTL Extras logfile created on: 1/30/2012 11:28:46 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Pam Jelley_2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.48 Mb Total Physical Memory | 69.34 Mb Available Physical Memory | 28.02% Memory free
739.55 Mb Paging File | 385.33 Mb Available in Paging File | 52.10% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 53.64 Gb Free Space | 71.96% Space Free | Partition Type: NTFS

Computer Name: PAMELLA-F8A810D | User Name: Pam Jelley_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxcycoms.exe" = C:\WINDOWS\system32\lxcycoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark 3400 Series" = Lexmark 3400 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Cleaners" = PC Cleaners
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/21/2009 6:01:11 AM | Computer Name = PAMELLA-F8A810D | Source = McLogEvent | ID = 5051
Description =

Error - 2/21/2009 6:32:47 PM | Computer Name = PAMELLA-F8A810D | Source = McLogEvent | ID = 5051
Description =

Error - 2/22/2009 10:29:31 PM | Computer Name = PAMELLA-F8A810D | Source = McLogEvent | ID = 5051
Description =

Error - 2/23/2009 5:03:16 PM | Computer Name = PAMELLA-F8A810D | Source = McLogEvent | ID = 5051
Description =

Error - 2/24/2009 8:55:57 PM | Computer Name = PAMELLA-F8A810D | Source = McLogEvent | ID = 5051
Description =

Error - 3/10/2009 7:15:29 PM | Computer Name = PAMELLA-F8A810D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/10/2009 7:15:30 PM | Computer Name = PAMELLA-F8A810D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/10/2009 7:15:30 PM | Computer Name = PAMELLA-F8A810D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/10/2009 7:15:30 PM | Computer Name = PAMELLA-F8A810D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/29/2009 5:01:43 PM | Computer Name = PAMELLA-F8A810D | Source = McLogEvent | ID = 5051
Description =

[ System Events ]
Error - 1/17/2012 1:11:14 PM | Computer Name = PAMELLA-F8A810D | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 1/17/2012 1:12:29 PM | Computer Name = PAMELLA-F8A810D | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf955389, parameter3
f05bac00, parameter4 00000000.

Error - 1/17/2012 10:50:43 PM | Computer Name = PAMELLA-F8A810D | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 1/18/2012 11:44:47 PM | Computer Name = PAMELLA-F8A810D | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 1/19/2012 12:06:07 AM | Computer Name = PAMELLA-F8A810D | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 1/19/2012 12:24:54 PM | Computer Name = PAMELLA-F8A810D | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 1/19/2012 6:46:18 PM | Computer Name = PAMELLA-F8A810D | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 1/19/2012 11:08:42 PM | Computer Name = PAMELLA-F8A810D | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 1/19/2012 11:09:56 PM | Computer Name = PAMELLA-F8A810D | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 ff2f58f0, parameter2 00000000, parameter3
bf82ed44, parameter4 00000000.

Error - 1/20/2012 3:47:52 PM | Computer Name = PAMELLA-F8A810D | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 03 February 2012 - 02:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
http://www.geekstogo...tedhelp-please/

original posting.
Thanks!!



OTL logfile created on: 2/3/2012 1:37:21 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Pam Jelley_2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.48 Mb Total Physical Memory | 92.53 Mb Available Physical Memory | 37.39% Memory free
606.55 Mb Paging File | 272.36 Mb Available in Paging File | 44.90% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 53.10 Gb Free Space | 71.22% Space Free | Partition Type: NTFS

Computer Name: PAMELLA-F8A810D | User Name: Pam Jelley_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/03 13:35:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pam Jelley_2\Desktop\OTL (1).exe
PRC - [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/29 11:57:20 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcycoms.exe
PRC - [2006/11/29 11:57:10 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 3400 Series\ezprint.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/03 03:39:21 | 001,688,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12020300\algo.dll
MOD - [2012/02/02 13:25:34 | 001,688,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12020202\algo.dll
MOD - [2012/01/20 00:35:35 | 000,411,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.77\ppgooglenaclpluginchrome.dll
MOD - [2012/01/20 00:35:34 | 003,767,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
MOD - [2012/01/20 00:34:10 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.77\avutil-51.dll
MOD - [2012/01/20 00:34:09 | 000,222,208 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.77\avformat-53.dll
MOD - [2012/01/20 00:34:07 | 001,746,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.77\avcodec-53.dll
MOD - [2006/11/27 02:50:22 | 000,117,760 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcypp5c.dll
MOD - [2006/11/22 09:05:12 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\fxctrstr.dll
MOD - [2006/11/22 08:51:26 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL
MOD - [2006/11/22 08:49:18 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2006/05/25 15:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\iptk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/04/13 19:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 19:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/29 11:57:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxcycoms.exe -- (lxcy_device)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 11:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 17:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()



========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Pam Jelley_2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Pam Jelley_2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\Pam Jelley_2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LXCYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcymon.exe] C:\Program Files\Lexmark 3400 Series\lxcymon.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B3336C4-8300-4BB2-890E-C28DF4FF33C2}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/26 15:58:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/03 13:37:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pam Jelley_2\Desktop\OTL (2).exe
[2012/02/03 13:35:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pam Jelley_2\Desktop\OTL (1).exe
[2012/01/30 15:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2012/01/30 13:14:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012/01/30 00:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\PC Cleaners
[2012/01/30 00:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\PCPro
[2012/01/30 00:03:17 | 005,276,432 | ---- | C] (PC Cleaners) -- C:\WINDOWS\uninst.exe
[2012/01/29 23:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/01/26 03:10:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pam Jelley_2\Recent
[2012/01/25 12:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Orneon
[2012/01/22 22:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\My Documents\liars messages
[2012/01/20 02:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\FloodLightGames
[2012/01/20 02:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2012/01/20 00:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\SultansLabyrinth
[2012/01/20 00:54:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pam Jelley_2\Start Menu\Programs\Administrative Tools
[2012/01/19 23:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Flood Light Games
[2012/01/19 23:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2012/01/19 01:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\GameHouse
[2012/01/19 01:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2012/01/18 02:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Saved Games
[2012/01/18 02:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Floodlight Games
[2012/01/18 02:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2012/01/17 12:10:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/16 02:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2012/01/15 21:29:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/01/15 15:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/15 15:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/15 15:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/01/15 15:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/15 15:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/01/15 15:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Sun
[2012/01/15 03:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/15 03:49:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/14 02:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Maximize Games
[2012/01/14 02:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Maximize Games
[2012/01/13 01:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Oberon Media
[2012/01/13 01:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/13 00:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pam Jelley_2\Start Menu\Programs\Yahoo! Games
[2012/01/13 00:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2012/01/13 00:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! Games
[2012/01/10 10:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/01/10 10:12:33 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/01/10 10:12:32 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/01/10 10:12:25 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/01/10 10:12:24 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/01/10 10:12:20 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/01/10 10:12:17 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/01/10 10:12:17 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/01/10 10:12:15 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/01/10 10:11:22 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/01/10 10:11:20 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/01/10 10:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/10 10:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/05 20:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/01/05 18:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/01/05 03:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/01/05 03:49:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2008/03/27 14:26:38 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll
[2008/03/27 14:26:38 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll
[2008/03/27 14:26:38 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhcp.dll
[2008/03/27 14:26:37 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll
[2008/03/27 14:26:37 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll
[2008/03/27 14:26:37 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypmui.dll
[2008/03/27 14:26:37 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll
[2008/03/27 14:26:37 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll
[2008/03/27 14:26:36 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll
[2008/03/27 14:26:36 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyih.exe
[2008/03/27 14:26:35 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll
[2008/03/27 14:26:35 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycoms.exe
[2008/03/27 14:26:34 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll
[2008/03/27 14:26:34 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll
[2008/03/27 14:26:34 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycfg.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/03 13:41:29 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{87872306-2FAA-4781-AD6F-2F64D4EC240F}.job
[2012/02/03 13:38:01 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-823518204-1801674531-1005UA.job
[2012/02/03 13:36:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pam Jelley_2\Desktop\OTL (2).exe
[2012/02/03 13:35:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pam Jelley_2\Desktop\OTL (1).exe
[2012/02/03 13:34:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\OTL.exe.crdownload
[2012/02/03 12:59:02 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/03 11:53:04 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/03 11:48:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/02 18:38:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-823518204-1801674531-1005Core.job
[2012/02/02 12:28:41 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/30 15:51:26 | 000,126,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/29 23:52:18 | 005,276,432 | ---- | M] (PC Cleaners) -- C:\WINDOWS\uninst.exe
[2012/01/26 03:07:10 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/25 10:16:26 | 000,001,098 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\Yahoo! Games - Games And Online Games.lnk
[2012/01/22 22:22:10 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012/01/22 22:11:50 | 000,000,439 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\exactly.lnk
[2012/01/16 02:13:05 | 000,000,584 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\photos.lnk
[2012/01/15 15:13:31 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/15 15:13:31 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\Spybot - Search & Destroy.lnk
[2012/01/15 14:49:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/14 00:07:09 | 000,312,220 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/14 00:07:09 | 000,040,224 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/13 02:24:51 | 000,002,999 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2012/01/10 10:12:36 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/01/10 10:12:18 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/05 20:50:19 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\Google Chrome.lnk
[2012/01/05 20:50:19 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/05 02:22:54 | 000,093,728 | ---- | M] () -- C:\Documents and Settings\Pam Jelley_2\My Documents\back up 1.reg
[2012/01/04 23:37:49 | 085,991,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/03 13:34:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\OTL.exe.crdownload
[2012/01/22 22:21:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/01/22 22:11:50 | 000,000,439 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\exactly.lnk
[2012/01/16 02:13:05 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\photos.lnk
[2012/01/15 15:13:31 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/15 15:13:31 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\Spybot - Search & Destroy.lnk
[2012/01/15 15:08:55 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/15 03:49:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/13 00:58:34 | 000,001,098 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\Yahoo! Games - Games And Online Games.lnk
[2012/01/10 10:12:36 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/01/05 20:50:19 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Desktop\Google Chrome.lnk
[2012/01/05 20:50:19 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/05 20:48:29 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/05 20:48:27 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/05 04:03:34 | 000,002,999 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2012/01/05 02:22:27 | 000,093,728 | ---- | C] () -- C:\Documents and Settings\Pam Jelley_2\My Documents\back up 1.reg
[2008/03/27 14:30:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll
[2008/03/27 14:29:52 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxcycoin.dll
[2008/03/27 14:28:41 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll
[2008/03/27 14:28:41 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll
[2008/03/27 14:28:41 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll
[2008/03/27 14:28:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2008/03/27 14:28:15 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2008/03/27 14:26:38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll
[2008/03/26 18:50:30 | 000,001,001 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
[2008/03/26 18:50:30 | 000,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
[2008/03/26 16:01:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/26 15:54:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/26 10:42:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/26 10:41:34 | 000,126,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,312,220 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,040,224 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2012/01/10 10:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/22 23:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/01/15 14:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/22 23:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/19 23:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2012/01/18 02:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2012/01/20 02:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2012/01/16 02:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2012/01/19 01:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2012/01/14 02:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maximize Games
[2012/01/10 09:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/13 00:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2012/01/30 00:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/01/25 18:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/13 03:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/01/05 03:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{72020B27-0E75-455A-BCEC-9F6C7675B3DA}
[2012/01/05 03:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\AVG
[2011/12/22 23:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\AVG Secure Search
[2012/01/19 23:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Flood Light Games
[2012/01/18 02:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Floodlight Games
[2012/01/20 02:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\FloodLightGames
[2012/01/19 01:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\GameHouse
[2012/01/14 02:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Maximize Games
[2012/01/13 01:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Oberon Media
[2012/01/25 12:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Orneon
[2012/01/30 00:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\PC Cleaners
[2012/01/30 13:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\PCPro
[2012/01/20 00:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\SultansLabyrinth
[2008/04/11 20:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pam Jelley_2\Application Data\Viewpoint
[2012/02/03 13:41:29 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{87872306-2FAA-4781-AD6F-2F64D4EC240F}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E8CBF59
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE601F5
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0A3B1D
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26B7B9EA
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B5EC1B2F
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEBA48CB
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5E0BCE9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D6C9FB1
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8BB92F2

< End of report >



OTL Extras logfile created on: 2/3/2012 1:37:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Pam Jelley_2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.48 Mb Total Physical Memory | 92.53 Mb Available Physical Memory | 37.39% Memory free
606.55 Mb Paging File | 272.36 Mb Available in Paging File | 44.90% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 53.10 Gb Free Space | 71.22% Space Free | Partition Type: NTFS

Computer Name: PAMELLA-F8A810D | User Name: Pam Jelley_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxcycoms.exe" = C:\WINDOWS\system32\lxcycoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark 3400 Series" = Lexmark 3400 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/24/2009 8:55:57 PM | Computer Name = PAMELLA-F8A810D | Source = McLogEvent | ID = 5051
Description =

Error - 3/10/2009 7:15:29 PM | Computer Name = PAMELLA-F8A810D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/10/2009 7:15:30 PM | Computer Name = PAMELLA-F8A810D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/10/2009 7:15:30 PM | Computer Name = PAMELLA-F8A810D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 3/10/2009 7:15:30 PM | Computer Name = PAMELLA-F8A810D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/29/2009 5:01:43 PM | Computer Name = PAMELLA-F8A810D | Source = McLogEvent | ID = 5051
Description =

Error - 7/12/2009 7:35:52 AM | Computer Name = PAMELLA-F8A810D | Source = McLogEvent | ID = 5051
Description =

Error - 7/12/2009 7:37:08 AM | Computer Name = PAMELLA-F8A810D | Source = Application Hang | ID = 1002
Description = Hanging application mshearts.exe, version 5.1.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2009 10:17:41 PM | Computer Name = PAMELLA-F8A810D | Source = McLogEvent | ID = 5022
Description =

Error - 7/31/2009 4:33:01 AM | Computer Name = PAMELLA-F8A810D | Source = McLogEvent | ID = 5051
Description =

[ System Events ]
Error - 1/17/2012 1:11:14 PM | Computer Name = PAMELLA-F8A810D | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 1/17/2012 1:12:29 PM | Computer Name = PAMELLA-F8A810D | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf955389, parameter3
f05bac00, parameter4 00000000.

Error - 1/17/2012 10:50:43 PM | Computer Name = PAMELLA-F8A810D | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 1/18/2012 11:44:47 PM | Computer Name = PAMELLA-F8A810D | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 1/19/2012 12:06:07 AM | Computer Name = PAMELLA-F8A810D | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 1/19/2012 12:24:54 PM | Computer Name = PAMELLA-F8A810D | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 1/19/2012 6:46:18 PM | Computer Name = PAMELLA-F8A810D | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 1/19/2012 11:08:42 PM | Computer Name = PAMELLA-F8A810D | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3

Error - 1/19/2012 11:09:56 PM | Computer Name = PAMELLA-F8A810D | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 ff2f58f0, parameter2 00000000, parameter3
bf82ed44, parameter4 00000000.

Error - 1/20/2012 3:47:52 PM | Computer Name = PAMELLA-F8A810D | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%3


< End of report >
  • 0

#3
Essexboy
Posted 03 February 2012 - 02:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

247.48 Mb Total Physical Memory | 92.53 Mb Available Physical Memory | 37.39% Memory free

Hi this is your main problem


At what stage do you see the slowdowns ? At boot or when up and running

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
Gracey Jelley
Posted 07 February 2012 - 10:08 AM

Gracey Jelley

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Both at boot and when up and running. Also error messages with shockwave. The computer is very very slow constantly. Error message when loading pages..asks to wait or cancel.
She thinks there is a virus in her virtual memory.
Sorry about the late reply.


here is the log for you:


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-07 10:35:53
-----------------------------
10:35:53.906 OS Version: Windows 5.1.2600 Service Pack 3
10:35:53.906 Number of processors: 1 586 0x209
10:35:54.109 ComputerName: PAMELLA-F8A810D UserName: Pam Jelley_2
10:37:35.328 Initialize success
10:37:43.703 AVAST engine defs: 12020601
10:50:09.250 The log file has been saved successfully to "C:\Documents and Settings\Pam Jelley_2\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-07 10:51:11
-----------------------------
10:51:11.078 OS Version: Windows 5.1.2600 Service Pack 3
10:51:11.078 Number of processors: 1 586 0x209
10:51:11.078 ComputerName: PAMELLA-F8A810D UserName: Pam Jelley_2
10:51:11.437 Initialize success
10:51:12.593 AVAST engine defs: 12020700
10:51:18.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:51:18.937 Disk 0 Vendor: SAMSUNG_SV0802N TP100-23 Size: 76351MB BusType: 3
10:51:18.984 Disk 0 MBR read successfully
10:51:18.984 Disk 0 MBR scan
10:51:19.171 Disk 0 Windows XP default MBR code
10:51:19.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76338 MB offset 63
10:51:19.234 Disk 0 scanning sectors +156340800
10:51:19.390 Disk 0 scanning C:\WINDOWS\system32\drivers
10:51:42.687 Service scanning
10:51:44.453 Modules scanning
10:52:07.671 Disk 0 trace - called modules:
10:52:07.703 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
10:52:07.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81ab89c0]
10:52:08.234 3 CLASSPNP.SYS[f9588fd7] -> nt!IofCallDriver -> \Device\0000005f[0x81ab9e98]
10:52:08.234 5 ACPI.sys[f94df620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81b47030]
10:52:08.609 AVAST engine scan C:\WINDOWS
10:52:15.406 AVAST engine scan C:\WINDOWS\system32
10:55:10.343 AVAST engine scan C:\WINDOWS\system32\drivers
10:55:32.359 AVAST engine scan C:\Documents and Settings\Pam Jelley_2
11:00:28.218 AVAST engine scan C:\Documents and Settings\All Users
11:01:21.953 Scan finished successfully
11:01:39.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pam Jelley_2\Desktop\MBR.dat"
11:01:39.796 The log file has been saved successfully to "C:\Documents and Settings\Pam Jelley_2\Desktop\aswMBR.txt"

Edited by Gracey Jelley, 07 February 2012 - 10:11 AM.

  • 0

#5
Essexboy
Posted 07 February 2012 - 02:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Still no sign of malware I will do one further scan and then see if we can speed up the computer by disabling some of the startup items

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#6
Essexboy
Posted 11 February 2012 - 06:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#7
Gracey Jelley
Posted 14 February 2012 - 12:27 PM

Gracey Jelley

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I am sorry it took a while. I am her friend and i havent had the time to stop by. Here is the malwarebytes log:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.14.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Pam Jelley_2 :: PAMELLA-F8A810D [administrator]

2/14/2012 12:49:21 PM
mbam-log-2012-02-14 (12-49-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 177506
Time elapsed: 12 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


She swears that there is a virus in the internal memory. Your help is much appreciated!
  • 0

#8
Essexboy
Posted 14 February 2012 - 02:16 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Why does she think that she has a virus ?

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#9
Gracey Jelley
Posted 15 February 2012 - 08:51 AM

Gracey Jelley

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
She had one and she says she got rid of it(also she had downloaded this pc tool thing, which i deleted, and it told her she had 985 malware, a few torgans and something else..i told her it was fake they just wanted money but she said she used it before and it was real, lol) but some of it went to her internal memory and ate it. She has been having all kinds of errors when playing games or loading pages. I personally have not played any games on her comp cuz its so slow it ticks me off, lol but i have seen the errors when loading pages..it pops up quickly and it says something about like timeing out and if i want to wait for the page to load or cancel and then i do not click anything and then the page loads.


I am getting to your instructions. Will post back with results asap.

Edited by Gracey Jelley, 15 February 2012 - 08:55 AM.

  • 0

#10
Essexboy
Posted 15 February 2012 - 02:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sounds to me like some of those 985 malware files were legitimate

I will run a system check after I see the AVP report
  • 0

#11
Essexboy
Posted 21 February 2012 - 03:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP