Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unwanted (What I Think Are) Hotkeys Have Appeared

Started by Athena28 , Apr 30 2012 05:29 PM

  • Please log in to reply

#1
Athena28
Posted 30 April 2012 - 05:29 PM

Athena28

    Member

  • Member
  • PipPipPip
  • 127 posts
Hi,

Not sure if I'm infected but here's the background:

About 3 weeks ago computer was infected with Windows Stability Maximizer virus. System had to be wiped & windows vista reinstalled. Computer has worked ok since reinstallation.

This morning something started and I don't know why. It's sort of like hotkeys. You type "e" and Computer dialog box opens. You type other letters & other things happen. [There are no sticky keys or hotkeys activated on the computer]. You can’t type “e” anywhere without this happening. Therefore, you can’t write an email, search on the internet, etc.

Malwarebytes shows nothing wrong.
MS Essentials shows nothing wrong.

Here is the OTL log:

OTL logfile created on: 4/30/2012 7:18:26 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\owner\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 38.59% Memory free
8.15 Gb Paging File | 5.56 Gb Available in Paging File | 68.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.17 Gb Total Space | 459.00 Gb Free Space | 78.71% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 19:18:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
PRC - [2012/04/17 16:11:45 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012/04/16 15:24:48 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/04/15 22:01:55 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/22 09:48:12 | 000,984,936 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/12/22 08:31:08 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/11/13 07:53:42 | 002,996,592 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
PRC - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
PRC - [2011/11/13 07:53:38 | 002,325,872 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2printh.exe
PRC - [2011/11/13 07:53:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
PRC - [2011/11/13 07:53:34 | 002,659,696 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2mainh.exe
PRC - [2011/11/13 07:53:34 | 002,548,080 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2host.exe
PRC - [2011/11/13 07:53:30 | 002,201,968 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2audioh.exe
PRC - [2011/11/13 07:53:28 | 001,687,408 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
PRC - [2008/09/12 17:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/09/12 17:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/07/18 19:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2008/05/30 10:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2008/04/23 17:05:16 | 000,339,968 | ---- | M] (Creative) -- C:\Windows\CNYHKey.exe
PRC - [2008/02/01 11:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:\Windows\ChiFuncExt.exe
PRC - [2007/01/08 14:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe


========== Modules (No Company Name) ==========

MOD - [2008/08/27 16:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll
MOD - [2008/06/09 09:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvcPS.dll
MOD - [2008/05/30 10:50:28 | 000,581,120 | ---- | M] () -- C:\Windows\mHotkey.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/12/03 20:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/17 16:11:45 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/15 13:03:45 | 000,110,576 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/22 08:31:08 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/12 17:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/26 17:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2008/11/20 21:53:32 | 000,306,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2008/09/21 17:49:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/09/12 16:48:26 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=aspire_x3810
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_x3810
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=aspire_x3810
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_x3810
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=aspire_x3810
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enUS479US480
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/16 15:25:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EarthLink Installer] " /C File not found
O4 - HKLM..\Run: [Gateway Photo Frame] "C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A File not found
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F0D580B-A660-4F81-87E7-9F2991517825}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\owner\Documents\Pictures\Trip to Berlin & Vienna 11.06\Picture 212.jpg
O24 - Desktop BackupWallPaper: C:\Users\owner\Documents\Pictures\Trip to Berlin & Vienna 11.06\Picture 212.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/30 13:39:23 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\ElevatedDiagnostics
[2012/04/27 15:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/04/26 14:46:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/04/24 16:21:46 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/18 12:06:05 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Security Isues
[2012/04/17 16:11:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/04/17 10:01:13 | 000,000,000 | ---D | C] -- C:\Users\owner\Tracing
[2012/04/16 18:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/04/16 18:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/04/16 16:44:47 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Email Messages 2009 - March 2012
[2012/04/16 16:00:55 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Citrix
[2012/04/16 16:00:18 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Apps
[2012/04/16 16:00:15 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Deployment
[2012/04/16 15:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2012/04/16 15:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2012/04/16 15:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon
[2012/04/16 15:32:28 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Sue's stuff
[2012/04/16 15:32:07 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\PXP Info
[2012/04/16 15:32:02 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Pictures
[2012/04/16 15:32:01 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\My Scans
[2012/04/16 15:31:59 | 000,000,000 | --SD | C] -- C:\Users\owner\Documents\My Data Sources
[2012/04/16 15:31:57 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\GBU Illness 2011
[2012/04/16 15:31:54 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\GBU BBU Personal
[2012/04/16 15:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ieSpell
[2012/04/16 15:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/04/16 15:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/04/16 15:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/04/16 15:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/04/16 15:27:10 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Apple
[2012/04/16 15:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/04/16 15:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/04/16 15:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/04/16 15:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012/04/16 15:24:53 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/04/16 15:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/04/16 15:24:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012/04/16 15:24:37 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Real
[2012/04/16 15:22:03 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Verizon & Fios
[2012/04/16 15:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2012/04/16 15:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/04/16 15:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/04/16 15:10:18 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Mozilla
[2012/04/16 15:10:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2012/04/16 15:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/04/16 15:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2012/04/16 15:09:15 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\HpUpdate
[2012/04/16 15:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/04/16 15:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/04/16 15:03:34 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\HP
[2012/04/16 14:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CitrixLogs
[2012/04/16 14:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
[2012/04/16 14:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/04/16 14:50:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/04/16 14:04:59 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\MigWiz
[2012/04/16 14:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/04/16 14:03:38 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/04/16 14:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/04/16 14:01:36 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Microsoft Help
[2012/04/16 14:01:00 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/04/16 13:44:07 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\HP
[2012/04/16 13:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2012/04/16 13:33:00 | 000,000,000 | ---D | C] -- C:\Users\owner\Quickbooks Pro 2009
[2012/04/16 13:30:10 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Intuit
[2012/04/16 13:29:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft
[2012/04/16 13:29:12 | 003,833,856 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf300.dll
[2012/04/16 13:29:12 | 001,843,200 | ---- | C] (Apache Software Foundation) -- C:\Windows\SysWow64\acXMLParser.dll
[2012/04/16 13:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
[2012/04/16 13:26:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Intuit
[2012/04/16 13:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2012/04/16 13:26:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intuit
[2012/04/16 13:26:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2012/04/16 13:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SQL Anywhere 10
[2012/04/16 13:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\COMMON FILES
[2012/04/16 13:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/04/16 13:18:33 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2012/04/16 13:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/16 13:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/16 13:18:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/16 13:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/16 13:03:11 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Adobe
[2012/04/15 22:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/04/15 20:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2012/04/15 20:46:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012/04/15 20:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/04/15 19:43:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2012/04/15 19:43:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2012/04/15 19:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/04/15 19:24:59 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Google
[2012/04/15 19:24:59 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Google
[2012/04/15 18:52:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2012/04/15 18:52:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2012/04/15 18:52:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2012/04/15 18:52:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2012/04/15 18:52:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2012/04/15 18:52:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2012/04/15 18:36:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/04/15 15:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/04/15 15:53:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/04/15 15:52:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/04/15 15:51:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2012/04/15 15:51:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2012/04/15 15:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2012/04/15 15:50:45 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/04/15 13:47:57 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Adobe
[2012/04/15 13:13:58 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\IOI
[2012/04/15 13:13:50 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Power2Go
[2012/04/15 13:11:29 | 000,000,000 | ---D | C] -- C:\Windows\Screensavers
[2012/04/15 13:11:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Screensaver
[2012/04/15 13:11:29 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Macromedia
[2012/04/15 13:10:50 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go
[2012/04/15 13:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/04/15 13:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2012/04/15 13:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012/04/15 13:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
[2012/04/15 13:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2012/04/15 13:07:32 | 000,339,968 | ---- | C] (Creative) -- C:\Windows\CNYHKey.exe
[2012/04/15 13:07:32 | 000,057,344 | ---- | C] (Chicony) -- C:\Windows\ChiFuncExt.exe
[2012/04/15 13:07:32 | 000,053,248 | ---- | C] (Chicony) -- C:\Windows\ModLEDKey.exe
[2012/04/15 13:07:24 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\InstallShield
[2012/04/15 13:05:16 | 000,000,000 | R--D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/15 13:05:16 | 000,000,000 | R--D | C] -- C:\Users\owner\Searches
[2012/04/15 13:05:16 | 000,000,000 | R--D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/04/15 13:05:09 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Identities
[2012/04/15 13:05:07 | 000,000,000 | R--D | C] -- C:\Users\owner\Contacts
[2012/04/15 13:05:06 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\VirtualStore
[2012/04/15 13:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Application Data
[2012/04/15 13:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\eBay
[2012/04/15 13:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2012/04/15 13:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/04/15 13:03:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/04/15 13:03:14 | 000,000,000 | --SD | C] -- C:\Users\owner\AppData\Roaming\Microsoft
[2012/04/15 13:03:14 | 000,000,000 | R--D | C] -- C:\Users\owner\Videos
[2012/04/15 13:03:14 | 000,000,000 | R--D | C] -- C:\Users\owner\Saved Games
[2012/04/15 13:03:14 | 000,000,000 | R--D | C] -- C:\Users\owner\Pictures
[2012/04/15 13:03:14 | 000,000,000 | R--D | C] -- C:\Users\owner\Music
[2012/04/15 13:03:14 | 000,000,000 | R--D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/04/15 13:03:14 | 000,000,000 | R--D | C] -- C:\Users\owner\Links
[2012/04/15 13:03:14 | 000,000,000 | R--D | C] -- C:\Users\owner\Favorites
[2012/04/15 13:03:14 | 000,000,000 | R--D | C] -- C:\Users\owner\Downloads
[2012/04/15 13:03:14 | 000,000,000 | R--D | C] -- C:\Users\owner\Documents
[2012/04/15 13:03:14 | 000,000,000 | R--D | C] -- C:\Users\owner\Desktop
[2012/04/15 13:03:14 | 000,000,000 | R--D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/04/15 13:03:14 | 000,000,000 | -HSD | C] -- C:\Users\owner\AppData\Local\Temporary Internet Files
[2012/04/15 13:03:14 | 000,000,000 | -HSD | C] -- C:\Users\owner\Templates
[2012/04/15 13:03:14 | 000,000,000 | -HSD | C] -- C:\Users\owner\Start Menu
[2012/04/15 13:03:14 | 000,000,000 | -HSD | C] -- C:\Users\owner\SendTo
[2012/04/15 13:03:14 | 000,000,000 | -HSD | C] -- C:\Users\owner\Recent
[2012/04/15 13:03:14 | 000,000,000 | -HSD | C] -- C:\Users\owner\PrintHood
[2012/04/15 13:03:14 | 000,000,000 | -HSD | C] -- C:\Users\owner\NetHood
[2012/04/15 13:03:14 | 000,000,000 | -HSD | C] -- C:\Users\owner\Documents\My Videos
[2012/04/15 13:03:14 | 000,000,000 | -HSD | C] -- C:\Users\owner\Documents\My Pictures
[2012/04/15 13:03:14 | 000,000,000 | -HSD | C] -- C:\Users\owner\Documents\My Music
[2012/04/15 13:03:14 | 000,000,000 | -HSD | C] -- C:\Users\owner\My Documents
[2012/04/15 13:03:14 | 000,000,000 | -HSD | C] -- C:\Users\owner\Local Settings
[2012/04/15 13:03:14 | 000,000,000 | -HSD | C] -- C:\Users\owner\AppData\Local\History
[2012/04/15 13:03:14 | 000,000,000 | -HSD | C] -- C:\Users\owner\Cookies
[2012/04/15 13:03:14 | 000,000,000 | -HSD | C] -- C:\Users\owner\Application Data
[2012/04/15 13:03:14 | 000,000,000 | -HSD | C] -- C:\Users\owner\AppData\Local\Application Data
[2012/04/15 13:03:14 | 000,000,000 | -H-D | C] -- C:\Users\owner\AppData
[2012/04/15 13:03:14 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Temp
[2012/04/15 13:03:14 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Microsoft
[2012/04/15 13:03:14 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Media Center Programs
[2012/04/15 13:00:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2012/04/15 13:00:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2012/04/15 13:00:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2012/04/15 13:00:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2012/04/15 13:00:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2012/04/15 13:00:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2012/04/15 13:00:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2012/04/15 13:00:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2012/04/15 13:00:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop

========== Files - Modified Within 30 Days ==========

[2012/04/30 19:09:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/30 19:01:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/30 17:35:40 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 17:35:40 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 17:25:14 | 000,002,593 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/04/30 16:07:26 | 000,267,697 | ---- | M] () -- C:\Users\owner\Desktop\Scan.jpg
[2012/04/30 12:53:34 | 000,002,635 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/04/29 22:01:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/28 07:40:57 | 000,706,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/28 07:40:57 | 000,606,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/28 07:40:57 | 000,104,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/28 07:35:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/26 14:47:01 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/26 14:46:46 | 000,721,296 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/16 19:13:54 | 000,319,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/16 19:01:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2012/04/16 15:50:54 | 000,000,260 | ---- | M] () -- C:\Windows\SysWow64\cmdVBS.vbs
[2012/04/16 15:50:54 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\MSIevent.bat
[2012/04/16 15:44:54 | 000,000,104 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\E-mail - Shortcut.lnk
[2012/04/16 15:44:43 | 000,000,104 | ---- | M] () -- C:\Users\owner\Desktop\E-mail - Shortcut.lnk
[2012/04/16 15:24:53 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/04/16 15:03:59 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/04/16 13:50:28 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/04/16 13:29:52 | 000,001,982 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickBooks Pro 2009.lnk
[2012/04/16 13:29:03 | 000,002,297 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2012/04/16 13:29:03 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\QuickBooks Pro 2009.lnk
[2012/04/16 13:20:04 | 000,001,812 | ---- | M] () -- C:\Users\owner\Desktop\Microsoft Security Essentials.lnk
[2012/04/16 13:19:42 | 000,000,377 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Documents - Shortcut.lnk
[2012/04/16 13:18:31 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/16 12:56:16 | 000,000,977 | ---- | M] () -- C:\Users\owner\Desktop\Launch Internet Explorer Browser.lnk
[2012/04/16 12:55:54 | 000,001,661 | ---- | M] () -- C:\Users\owner\Desktop\Windows Update.lnk
[2012/04/15 21:01:33 | 000,000,977 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/15 20:53:27 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2012/04/15 20:53:27 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2012/04/15 20:53:26 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2012/04/15 20:53:26 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2012/04/15 20:53:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/04/15 20:53:12 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/04/15 20:46:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/04/15 15:59:57 | 000,047,092 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/30 16:07:25 | 000,267,697 | ---- | C] () -- C:\Users\owner\Desktop\Scan.jpg
[2012/04/26 14:47:01 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/04/20 15:13:09 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/17 16:11:45 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/16 19:01:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2012/04/16 15:50:54 | 000,000,260 | ---- | C] () -- C:\Windows\SysWow64\cmdVBS.vbs
[2012/04/16 15:50:54 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\MSIevent.bat
[2012/04/16 15:44:54 | 000,000,104 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\E-mail - Shortcut.lnk
[2012/04/16 15:44:43 | 000,000,104 | ---- | C] () -- C:\Users\owner\Desktop\E-mail - Shortcut.lnk
[2012/04/16 15:27:09 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/04/16 15:03:59 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/04/16 14:14:11 | 000,002,635 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/04/16 14:14:07 | 000,002,593 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/04/16 13:29:52 | 000,001,982 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickBooks Pro 2009.lnk
[2012/04/16 13:29:03 | 000,002,297 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2012/04/16 13:29:03 | 000,001,982 | ---- | C] () -- C:\Users\Public\Desktop\QuickBooks Pro 2009.lnk
[2012/04/16 13:24:55 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/04/16 13:20:04 | 000,001,812 | ---- | C] () -- C:\Users\owner\Desktop\Microsoft Security Essentials.lnk
[2012/04/16 13:19:42 | 000,000,377 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Documents - Shortcut.lnk
[2012/04/16 13:18:31 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/16 12:56:16 | 000,000,977 | ---- | C] () -- C:\Users\owner\Desktop\Launch Internet Explorer Browser.lnk
[2012/04/16 12:55:54 | 000,001,661 | ---- | C] () -- C:\Users\owner\Desktop\Windows Update.lnk
[2012/04/15 22:29:52 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/15 22:29:42 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/15 20:53:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/04/15 20:53:12 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/04/15 20:51:38 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/15 20:51:35 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/15 20:46:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/04/15 19:29:26 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2012/04/15 19:29:26 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2012/04/15 19:29:26 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012/04/15 19:29:26 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012/04/15 19:29:26 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2012/04/15 19:29:26 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2012/04/15 18:36:00 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2012/04/15 18:36:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012/04/15 18:35:50 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/04/15 18:35:35 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2012/04/15 18:35:35 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2012/04/15 18:35:33 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012/04/15 18:35:33 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2012/04/15 18:35:29 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2012/04/15 18:35:05 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2012/04/15 18:35:02 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2012/04/15 18:35:02 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2012/04/15 18:34:58 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/04/15 18:34:37 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2012/04/15 18:34:37 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man
[2012/04/15 18:34:22 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2012/04/15 18:34:22 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2012/04/15 14:47:56 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2012/04/15 13:11:29 | 000,430,080 | ---- | C] () -- C:\Windows\SysWow64\Gateway.scr
[2012/04/15 13:07:33 | 000,003,088 | ---- | C] () -- C:\Windows\MODLED.xml
[2012/04/15 13:07:33 | 000,003,084 | ---- | C] () -- C:\Windows\mHotkey.xml
[2012/04/15 13:07:33 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2012/04/15 13:07:32 | 000,581,120 | ---- | C] () -- C:\Windows\mHotkey.exe
[2012/04/15 13:07:32 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2012/04/15 13:07:32 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
[2012/04/15 13:05:20 | 000,000,953 | ---- | C] () -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/04/15 13:05:17 | 000,000,983 | ---- | C] () -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/04/15 13:05:16 | 000,000,938 | ---- | C] () -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/04/15 13:05:07 | 000,000,919 | ---- | C] () -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/04/15 13:03:46 | 000,000,977 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/15 13:03:14 | 000,000,258 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/04/15 13:03:14 | 000,000,240 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/02/11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== LOP Check ==========

[2012/04/27 21:57:09 | 000,028,382 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

I'd like to know if it's a virus or perhaps something relating to the re-installation of windows vista on a Gateway.

Any thoughts?

Thank you.

----------------------------
Gateway Model #SX2800-01
Win Vista Home Premium 64 Bit with SP1
Intel Core 2 Quad Processor Q8200
4 GB DDR3 Memory
640 GB HDD
DVD – Super Multi Drive with LabelFlash
Integrated LAN 10/100/1000
Email: Windows Mail Version 6.0
IE 9
Office 2007 Home and Student Version
Quickbooks Pro 2009
Envision LCD Monitor/Model # G918w1
HP Deskjet 3050A All-in-One J611 Series Printer (print/scan/copy)
Verizon DSL /Westell Model # D90-327W15-06
  • 0

Advertisements

#2
RKinner
Posted 30 April 2012 - 07:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I don't see any obvious malware. It sounds like a stuck Windows key or a defective keyboard.

Try booting into Safe Mode with Networking.

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

Do you still get the Computer box?

Ron
  • 1

#3
Athena28
Posted 01 May 2012 - 09:27 AM

Athena28

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Thanks for the thoughts.

Glad you didn't see any malware.

I'm not physically in front of the computer so I'll have to wait till I get there on Thursday. But I will try rebooting in safe mode with networking. I'll then see if the same issues occur when I try to type at that terminal.

I've tried another keyboard (I have gotomypc) and the same problem occurs; so I don't think it's the keyboard.

Edited by Athena28, 01 May 2012 - 09:30 AM.

  • 0

#4
RKinner
Posted 01 May 2012 - 11:13 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Another thing you can try is to right click on (My) Computer and select Manage then Device Manager. Find your keyboard and right click onit and uninstall then reboot. It will refind it and reinstall it.
  • 1

#5
Athena28
Posted 01 May 2012 - 01:01 PM

Athena28

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
That's also a good thought. I'll try that as the problem has gone temporarily. It's weird. Sometimes it works fine & then sometimes it doesn't. I'm wondering if another user has somehow done something to turn on hotkeys, inadvertently.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP