Jump to content

Security Tool


Recommended Posts

My computer's been affected with this virus before, and I simply used Malwarebytes as instructed and it worked. This time, I scan with the program it supposedly found and deleted the virus.. then prompts me too restart computer. Security Tool is still popping up, but is now more persistent and will NOT allow me to open Malwarebytes and many other programs... how can I open this program to rid myself of this virus? All help much appreciated, thank you.

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Thank you so much for your help. The problem I am having is that this virus is preventing me from opening any program! I can not download OTl.. It is starting to send me to this blue screen telling me the computer must restart to protect it from further damage. how can I get around this so that I can load these programs?

Link to post
Share on other sites

Thank you so much for your help. The problem I am having is that this virus is preventing me from opening any program! I can not download OTl.. It is starting to send me to this blue screen telling me the computer must restart to protect it from further damage. how can I get around this so that I can load these programs? I restarted the computer and had this-

[.ShellClassInfo]

LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769

IconResource=%SystemRoot%\system32\imageres.dll,-183

[LocalizedFileNames]

Windows Media Player.lnk=@%SystemRoot%\system32\unregmp2.exe,-4

Link to post
Share on other sites

Hi again,

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop

Please download OTL to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

OTH_Main.gif

Then select Start OTL. OTL will now run

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    [*]Click the Internet Explorer button, post these logs in your Virus Removal topic.

Link to post
Share on other sites

Hi again,

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop

Please download OTL to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

OTH_Main.gif

Then select Start OTL. OTL will now run

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    [*]Click the Internet Explorer button, post these logs in your Virus Removal topic.

OTL logfile created on: 10/19/2010 12:38:56 PM - Run 1

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Deb\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 139.51 Gb Total Space | 33.80 Gb Free Space | 24.23% Space Free | Partition Type: NTFS

Computer Name: DEB-PC | User Name: Deb | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/19 12:36:56 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Deb\Downloads\OTH(2).scr

PRC - [2010/10/19 12:36:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Deb\Downloads\OTL.scr

PRC - [2010/01/11 14:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe

PRC - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2010/10/19 12:36:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Deb\Downloads\OTL.scr

MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)

SRV:64bit: - [2008/04/24 20:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)

SRV:64bit: - [2008/02/06 15:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2008/01/20 21:50:24 | 000,027,648 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)

SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/12/11 13:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)

SRV:64bit: - [2007/12/03 19:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)

SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV - [2010/09/22 21:08:00 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)

SRV - [2010/06/08 16:48:26 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)

SRV - [2010/06/08 16:45:24 | 000,124,224 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)

SRV - [2010/04/26 16:15:00 | 003,826,032 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/11 14:10:52 | 000,082,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)

SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)

SRV - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2008/04/16 17:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi)

SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2008/04/03 23:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)

SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WPRO_40_1340.sys -- (WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - [2010/06/08 16:35:46 | 000,255,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys -- (NWADI)

DRV:64bit: - [2010/06/08 16:30:34 | 000,043,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.SYS -- (PCTINDIS5X64)

DRV:64bit: - [2010/02/11 21:04:38 | 000,359,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\drxvi314_64.sys -- (bcm)

DRV:64bit: - [2010/02/11 21:02:54 | 000,062,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\BcmBusCtr_64.sys -- (bcmbusctr)

DRV:64bit: - [2009/03/31 11:57:22 | 000,041,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)

DRV:64bit: - [2008/07/28 17:55:28 | 001,146,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)

DRV:64bit: - [2008/07/18 20:52:16 | 000,504,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2008/06/12 20:51:36 | 007,911,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)

DRV:64bit: - [2008/05/29 14:53:26 | 000,133,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\cm_net.sys -- (cm_net)

DRV:64bit: - [2008/05/29 14:53:26 | 000,118,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\cm_ser.sys -- (cm_ser)

DRV:64bit: - [2008/04/28 18:59:26 | 000,026,624 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)

DRV:64bit: - [2008/04/15 19:54:16 | 000,388,120 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)

DRV:64bit: - [2008/04/15 12:05:42 | 000,161,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/04/02 19:27:18 | 000,065,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)

DRV:64bit: - [2008/02/29 16:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2007/12/20 18:10:50 | 000,028,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2007/12/06 20:12:56 | 000,320,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)

DRV:64bit: - [2007/11/09 16:00:30 | 000,026,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)

DRV:64bit: - [2006/11/09 01:34:00 | 000,237,568 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)

DRV:64bit: - [2006/11/09 01:33:00 | 000,248,320 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)

DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV - [2010/10/19 10:14:14 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)

DRV - [2010/01/11 14:11:46 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PCASp50a64.sys -- (PCASp50a64)

DRV - [2007/10/15 16:36:07 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2007/10/15 16:36:07 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2005/01/03 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VE3D01&q="

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin File not found

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/10 19:29:11 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/13 09:47:11 | 000,000,000 | ---D | M]

[2010/09/22 17:18:19 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Mozilla\Extensions

[2010/09/22 17:18:19 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com

[2010/02/16 11:31:35 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2010/10/18 23:34:33 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\mgr9egbp.default\extensions

[2010/08/28 16:55:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\mgr9egbp.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

[2010/09/14 12:03:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\mgr9egbp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/08/28 16:55:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\mgr9egbp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/09/01 21:35:35 | 000,001,820 | ---- | M] () -- C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\mgr9egbp.default\searchplugins\bing.xml

[2010/10/17 23:07:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/06/16 21:16:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/20 19:42:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/17 23:07:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()

O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe ()

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

O4 - HKLM..\Run: [cfFncEnabler.exe] File not found

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [jswtrayutil] C:\Program Files (x86)\Jumpstart\jswtrayutil.exe File not found

O4 - HKLM..\Run: [NDSTray.exe] File not found

O4 - HKLM..\Run: [RDVCHG] C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)

O4 - HKLM..\Run: [sprint SmartView] C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe (Sprint)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe File not found

O4 - HKCU..\Run: [bitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe File not found

O4 - HKCU..\Run: [KOO9RV9K4Z] C:\Users\Deb\AppData\Local\Temp\Gt1.exe (Trend Micro Inc.)

O4 - HKCU..\Run: [sMH2B46TDP] C:\Users\Deb\AppData\Local\Temp\Gt0.exe (Trend Micro Inc.)

O4 - HKCU..\Run: [TOSCDSPD] File not found

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O4 - HKCU..\RunOnce: [10727299] C:\Users\Deb\AppData\Local\10727299.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} http://phughescw.hughes.motive.com/wizlet/.../Mcci_6-1-0.cab (McciContext Class)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{40507e3e-aa37-11df-92dd-8ef50315eb1f}\Shell - "" = AutoRun

O33 - MountPoints2\{40507e3e-aa37-11df-92dd-8ef50315eb1f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/19 12:34:51 | 000,196,608 | ---- | C] (Trend Micro Inc.) -- C:\Windows\Gmupoc.exe

[2010/10/19 11:10:52 | 000,196,608 | ---- | C] (Trend Micro Inc.) -- C:\Windows\Gmupob.exe

[2010/10/19 10:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DNA

[2010/10/19 10:03:10 | 000,196,608 | ---- | C] (Trend Micro Inc.) -- C:\Windows\Gmupoa.exe

[2010/10/16 20:55:00 | 000,000,000 | ---D | C] -- C:\Users\Deb\Desktop\Deb

[2010/10/15 17:24:35 | 000,000,000 | ---D | C] -- C:\Users\Deb\Desktop\2010-10-15

[2010/10/15 16:23:13 | 000,000,000 | ---D | C] -- C:\Users\Deb\Desktop\Moi

[2010/10/09 21:15:07 | 000,000,000 | ---D | C] -- C:\Users\Deb\Desktop\embalming

[2010/10/09 20:35:03 | 000,000,000 | ---D | C] -- C:\Users\Deb\Desktop\Abandoned

[2010/10/09 18:47:35 | 000,000,000 | ---D | C] -- C:\Users\Deb\Desktop\Devices

[2010/10/07 17:47:24 | 000,000,000 | ---D | C] -- C:\Users\Deb\Desktop\miscfb

[2010/10/07 16:21:56 | 000,000,000 | ---D | C] -- C:\Users\Deb\Desktop\Specimens

[2010/10/07 16:02:07 | 000,000,000 | ---D | C] -- C:\Users\Deb\Desktop\taxidermy

[2010/10/06 21:43:05 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\Raptr

[2010/10/06 21:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr

[2010/09/22 17:35:57 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\Vivox

[2010/09/08 11:25:40 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\vSide

[2010/09/03 22:52:59 | 000,000,000 | ---D | C] -- C:\Users\Deb\Desktop\DivX

[2010/09/02 19:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2010/09/01 11:29:28 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\IsolatedStorage

[2010/09/01 11:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Earth 3D

[2010/08/22 13:27:15 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\Toshiba

[2010/08/22 12:27:54 | 000,000,000 | ---D | C] -- C:\Users\Deb\Desktop\tempmovie

[2010/08/20 19:37:04 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\LimeWire

[2010/08/19 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Deb\Desktop\limewiremusic

[2010/08/18 11:54:05 | 000,000,000 | ---D | C] -- C:\Users\Deb\Desktop\Temporary Downloaded Files

[2010/08/18 10:21:27 | 000,000,000 | ---D | C] -- C:\Windows\SQLTools9_KB970892_ENU

[2010/08/18 10:19:19 | 000,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU

[2010/08/17 16:02:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ

[2010/08/17 15:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache

[2010/08/03 21:48:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/07/24 21:48:24 | 000,000,000 | ---D | C] -- C:\Users\Deb\Desktop\subha

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/19 12:38:00 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

[2010/10/19 12:34:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/19 12:34:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/19 12:34:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/19 12:34:14 | 4156,551,168 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/19 12:30:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-389025536-2933004900-1149884802-1000UA.job

[2010/10/19 10:30:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-389025536-2933004900-1149884802-1000Core.job

[2010/10/19 10:14:14 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/10/18 23:08:40 | 000,196,608 | ---- | M] (Trend Micro Inc.) -- C:\Windows\Gmupoc.exe

[2010/10/18 23:08:40 | 000,196,608 | ---- | M] (Trend Micro Inc.) -- C:\Windows\Gmupob.exe

[2010/10/18 23:08:40 | 000,196,608 | ---- | M] (Trend Micro Inc.) -- C:\Windows\Gmupoa.exe

[2010/10/18 23:07:51 | 001,193,472 | ---- | M] () -- C:\Users\Deb\AppData\Local\10727299.exe

[2010/10/15 17:29:47 | 000,005,120 | ---- | M] () -- C:\Users\Deb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/15 17:26:02 | 000,769,072 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/10/15 17:26:02 | 000,651,210 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/10/15 17:26:02 | 000,121,692 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/10/15 09:54:59 | 000,406,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/10/13 09:47:11 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/10/09 23:23:50 | 000,001,558 | ---- | M] () -- C:\Users\Deb\Desktop\LastChaos.lnk

[2010/10/03 15:25:49 | 000,001,727 | ---- | M] () -- C:\Users\Deb\Desktop\LimeWire 5.5.16.lnk

[2010/09/23 19:25:36 | 000,002,043 | ---- | M] () -- C:\Users\Deb\Desktop\Google Chrome.lnk

[2010/09/23 19:25:36 | 000,002,005 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/09/21 18:54:00 | 000,005,245 | ---- | M] () -- C:\Users\Deb\.recently-used.xbel

[2010/09/20 12:16:09 | 000,010,816 | ---- | M] () -- C:\Users\Deb\Desktop\psychchart2.xlsx

[2010/09/20 07:14:32 | 000,316,416 | ---- | M] () -- C:\Windows\SysNative\msshsq.dll

[2010/09/17 13:30:24 | 000,020,958 | ---- | M] () -- C:\Users\Deb\Desktop\Shampoochart3.xlsx

[2010/09/16 19:54:01 | 000,010,495 | ---- | M] () -- C:\Users\Deb\Desktop\Piechart1.xlsx

[2010/09/10 12:30:57 | 013,425,152 | ---- | M] () -- C:\Windows\SysNative\wmp.dll

[2010/09/10 10:52:05 | 008,147,968 | ---- | M] () -- C:\Windows\SysNative\wmploc.DLL

[2010/09/08 01:39:23 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll

[2010/09/08 01:37:26 | 000,096,768 | ---- | M] () -- C:\Windows\SysNative\mshtmled.dll

[2010/09/08 01:37:23 | 000,710,656 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll

[2010/09/08 01:36:53 | 000,056,832 | ---- | M] () -- C:\Windows\SysNative\licmgr10.dll

[2010/09/08 01:36:38 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl

[2010/09/08 01:36:24 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll

[2010/09/08 01:36:24 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll

[2010/09/08 01:36:23 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll

[2010/09/08 01:36:23 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll

[2010/09/08 01:36:23 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll

[2010/09/08 00:36:07 | 000,479,232 | ---- | M] () -- C:\Windows\SysNative\html.iec

[2010/09/07 23:51:18 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe

[2010/09/07 23:51:01 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe

[2010/09/07 23:50:15 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe

[2010/09/06 10:59:19 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\sscore.dll

[2010/09/06 10:57:48 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\netevent.dll

[2010/09/02 19:42:09 | 000,001,727 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.5.14.lnk

[2010/09/01 11:29:02 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Bing Maps 3D.lnk

[2010/08/31 10:21:34 | 000,633,856 | ---- | M] () -- C:\Windows\SysNative\comctl32.dll

[2010/08/26 11:27:46 | 000,189,952 | ---- | M] () -- C:\Windows\SysNative\t2embed.dll

[2010/08/20 10:56:01 | 001,090,048 | ---- | M] () -- C:\Windows\SysNative\wmpmde.dll

[2010/08/19 11:19:39 | 000,709,336 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/08/03 21:48:17 | 453,231,341 | ---- | M] () -- C:\Windows\MEMORY.DMP

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/19 10:10:15 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/10/18 23:08:43 | 000,000,278 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

[2010/10/18 23:07:51 | 001,193,472 | ---- | C] () -- C:\Users\Deb\AppData\Local\10727299.exe

[2010/10/14 09:51:56 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll

[2010/10/13 14:08:08 | 001,923,584 | ---- | C] () -- C:\Windows\SysNative\ole32.dll

[2010/10/13 14:08:02 | 000,189,952 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll

[2010/10/13 14:08:00 | 000,633,856 | ---- | C] () -- C:\Windows\SysNative\comctl32.dll

[2010/10/13 14:07:57 | 002,751,488 | ---- | C] () -- C:\Windows\SysNative\win32k.sys

[2010/10/13 14:07:47 | 013,425,152 | ---- | C] () -- C:\Windows\SysNative\wmp.dll

[2010/10/13 14:07:33 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL

[2010/10/13 14:07:22 | 009,257,472 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll

[2010/10/13 14:07:20 | 012,474,368 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll

[2010/10/13 14:07:16 | 001,486,848 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll

[2010/10/13 14:07:16 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll

[2010/10/13 14:07:16 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec

[2010/10/13 14:07:15 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll

[2010/10/13 14:07:14 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll

[2010/10/13 14:07:14 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll

[2010/10/13 14:07:12 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll

[2010/10/13 14:07:12 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl

[2010/10/13 14:07:12 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll

[2010/10/13 14:07:12 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll

[2010/10/13 14:07:12 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll

[2010/10/13 14:07:12 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll

[2010/10/13 14:07:12 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll

[2010/10/13 14:07:12 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll

[2010/10/13 14:07:12 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll

[2010/10/13 14:07:12 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll

[2010/10/13 14:07:12 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll

[2010/10/13 14:07:11 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe

[2010/10/13 14:07:11 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll

[2010/10/13 14:07:10 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb

[2010/10/13 14:07:10 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe

[2010/10/13 14:07:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe

[2010/10/13 14:07:04 | 000,461,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys

[2010/10/13 14:07:04 | 000,179,712 | ---- | C] () -- C:\Windows\SysNative\srvsvc.dll

[2010/10/13 14:07:04 | 000,175,104 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys

[2010/10/13 14:07:04 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys

[2010/10/13 14:07:04 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll

[2010/10/13 14:07:04 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\sscore.dll

[2010/10/13 14:07:00 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll

[2010/10/13 14:06:59 | 001,090,048 | ---- | C] () -- C:\Windows\SysNative\wmpmde.dll

[2010/10/13 09:47:11 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/10/03 15:25:49 | 000,001,727 | ---- | C] () -- C:\Users\Deb\Desktop\LimeWire 5.5.16.lnk

[2010/09/28 13:43:04 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll

[2010/09/22 21:10:10 | 000,334,432 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistMSI57F9.txt

[2010/09/22 21:10:10 | 000,011,182 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistUI57F9.txt

[2010/09/21 18:54:00 | 000,005,245 | ---- | C] () -- C:\Users\Deb\.recently-used.xbel

[2010/09/17 13:30:23 | 000,020,958 | ---- | C] () -- C:\Users\Deb\Desktop\Shampoochart3.xlsx

[2010/09/16 20:21:19 | 000,010,816 | ---- | C] () -- C:\Users\Deb\Desktop\psychchart2.xlsx

[2010/09/16 19:49:16 | 000,010,495 | ---- | C] () -- C:\Users\Deb\Desktop\Piechart1.xlsx

[2010/09/15 15:51:05 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL

[2010/09/15 15:51:04 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll

[2010/09/15 15:50:59 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe

[2010/09/15 15:50:57 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll

[2010/09/09 16:29:14 | 000,332,902 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistMSI0939.txt

[2010/09/09 16:29:14 | 000,011,118 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistUI0939.txt

[2010/09/02 19:42:09 | 000,001,727 | ---- | C] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.5.14.lnk

[2010/09/01 11:29:02 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Bing Maps 3D.lnk

[2010/08/23 15:18:10 | 000,335,566 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistMSI228F.txt

[2010/08/23 15:18:09 | 000,011,230 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistUI228F.txt

[2010/08/19 12:41:13 | 000,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll

[2010/08/19 12:06:26 | 000,024,064 | ---- | C] () -- C:\Windows\SysNative\wsepno.dll

[2010/08/19 12:06:26 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msshooks.dll

[2010/08/19 12:06:25 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2010/08/19 12:06:25 | 000,106,605 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin

[2010/08/19 12:06:25 | 000,080,896 | ---- | C] () -- C:\Windows\SysNative\propdefs.dll

[2010/08/19 12:06:25 | 000,067,072 | ---- | C] () -- C:\Windows\SysNative\xmlfilter.dll

[2010/08/19 12:06:25 | 000,044,544 | ---- | C] () -- C:\Windows\SysNative\msscb.dll

[2010/08/19 12:06:25 | 000,043,008 | ---- | C] () -- C:\Windows\SysNative\rtffilt.dll

[2010/08/19 12:06:25 | 000,037,376 | ---- | C] () -- C:\Windows\SysNative\mimefilt.dll

[2010/08/19 12:06:25 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2010/08/19 12:06:25 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin

[2010/08/19 12:06:23 | 001,676,800 | ---- | C] () -- C:\Windows\SysNative\chsbrkr.dll

[2010/08/19 12:06:23 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\mssitlb.dll

[2010/08/19 12:06:23 | 000,040,448 | ---- | C] () -- C:\Windows\SysNative\mssprxy.dll

[2010/08/19 12:06:22 | 000,921,088 | ---- | C] () -- C:\Windows\SysNative\propsys.dll

[2010/08/19 12:06:22 | 000,347,648 | ---- | C] () -- C:\Windows\SysNative\srchadmin.dll

[2010/08/19 12:06:22 | 000,317,440 | ---- | C] () -- C:\Windows\SysNative\thawbrkr.dll

[2010/08/19 12:06:22 | 000,280,064 | ---- | C] () -- C:\Windows\SysNative\offfilt.dll

[2010/08/19 12:06:22 | 000,181,248 | ---- | C] () -- C:\Windows\SysNative\nlhtml.dll

[2010/08/19 12:06:22 | 000,180,736 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.dll

[2010/08/19 12:06:21 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex

[2010/08/19 12:06:21 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex

[2010/08/19 12:06:21 | 006,100,480 | ---- | C] () -- C:\Windows\SysNative\chtbrkr.dll

[2010/08/19 12:06:21 | 000,796,672 | ---- | C] () -- C:\Windows\SysNative\mssvp.dll

[2010/08/19 12:06:21 | 000,498,176 | ---- | C] () -- C:\Windows\SysNative\mssph.dll

[2010/08/19 12:06:21 | 000,312,832 | ---- | C] () -- C:\Windows\SysNative\mssphtb.dll

[2010/08/19 12:06:21 | 000,258,560 | ---- | C] () -- C:\Windows\SysNative\SearchProtocolHost.exe

[2010/08/19 12:06:21 | 000,112,128 | ---- | C] () -- C:\Windows\SysNative\SearchFilterHost.exe

[2010/08/19 12:06:21 | 000,078,848 | ---- | C] () -- C:\Windows\SysNative\msstrc.dll

[2010/08/19 12:06:21 | 000,073,728 | ---- | C] () -- C:\Windows\SysNative\msscntrs.dll

[2010/08/19 12:06:20 | 002,209,792 | ---- | C] () -- C:\Windows\SysNative\tquery.dll

[2010/08/19 12:06:20 | 002,176,512 | ---- | C] () -- C:\Windows\SysNative\mssrch.dll

[2010/08/19 12:06:20 | 000,598,016 | ---- | C] () -- C:\Windows\SysNative\SearchIndexer.exe

[2010/08/19 11:42:26 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll

[2010/08/19 11:42:23 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys

[2010/08/19 11:42:23 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll

[2010/08/19 11:30:00 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax

[2010/08/19 11:30:00 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax

[2010/08/19 11:29:57 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll

[2010/08/19 11:29:56 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll

[2010/08/19 11:29:56 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax

[2010/08/19 11:27:35 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll

[2010/08/19 11:27:35 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll

[2010/08/19 11:27:35 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe

[2010/08/19 11:27:35 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll

[2010/08/19 11:27:35 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll

[2010/08/18 19:29:55 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll

[2010/08/18 19:29:55 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll

[2010/08/18 19:29:36 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe

[2010/08/18 19:28:43 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys

[2010/08/18 19:28:40 | 001,691,648 | ---- | C] () -- C:\Windows\SysNative\connect.dll

[2010/08/18 19:28:32 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll

[2010/08/18 19:28:32 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll

[2010/08/18 19:28:32 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll

[2010/08/18 19:28:31 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll

[2010/08/18 19:28:31 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll

[2010/08/18 19:28:31 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll

[2010/08/18 19:28:31 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll

[2010/08/18 19:28:31 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll

[2010/08/18 19:28:30 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll

[2010/08/18 19:27:57 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll

[2010/08/18 19:27:44 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll

[2010/08/18 19:27:42 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll

[2010/08/18 19:27:30 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll

[2010/08/18 19:27:30 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll

[2010/08/18 19:27:30 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll

[2010/08/18 19:27:22 | 000,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL

[2010/08/18 19:27:20 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll

[2010/08/18 19:27:13 | 000,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll

[2010/08/18 19:26:55 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll

[2010/08/18 19:26:52 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll

[2010/08/18 19:26:39 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys

[2010/08/18 19:26:39 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys

[2010/08/18 19:26:39 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys

[2010/08/18 19:26:33 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll

[2010/08/18 19:26:32 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll

[2010/08/18 19:26:13 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe

[2010/08/18 19:26:10 | 000,324,608 | ---- | C] () -- C:\Windows\SysNative\PortableDeviceApi.dll

[2010/08/18 19:26:01 | 002,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll

[2010/08/18 19:25:57 | 000,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl

[2010/08/18 19:25:52 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe

[2010/08/18 19:25:52 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe

[2010/08/18 19:25:51 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe

[2010/08/18 19:25:51 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe

[2010/08/18 19:25:50 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll

[2010/08/18 19:25:50 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll

[2010/08/18 19:25:50 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll

[2010/08/18 19:25:50 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll

[2010/08/18 19:25:50 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll

[2010/08/18 19:24:51 | 002,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL

[2010/08/18 19:24:50 | 003,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll

[2010/08/18 19:24:43 | 001,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll

[2010/08/18 19:24:43 | 000,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll

[2010/08/18 19:24:42 | 000,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll

[2010/08/18 19:24:41 | 000,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys

[2010/08/18 19:24:40 | 000,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll

[2010/08/18 19:24:40 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe

[2010/08/18 19:24:38 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll

[2010/08/18 19:24:13 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll

[2010/08/18 19:24:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE

[2010/08/18 19:24:13 | 000,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE

[2010/08/18 19:24:13 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE

[2010/08/18 19:24:12 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE

[2010/08/18 19:24:12 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe

[2010/08/18 19:24:12 | 000,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE

[2010/08/18 19:24:12 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE

[2010/08/18 19:23:34 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll

[2010/08/18 19:23:30 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll

[2010/08/18 19:23:26 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll

[2010/08/18 19:23:23 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll

[2010/08/18 19:23:21 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll

[2010/08/18 19:22:25 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll

[2010/08/18 19:04:10 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm

[2010/08/18 19:03:57 | 000,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll

[2010/08/18 19:03:55 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll

[2010/08/18 19:03:55 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx

[2010/08/18 19:03:55 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll

[2010/08/18 19:03:54 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb

[2010/08/18 19:03:53 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb

[2010/08/18 19:03:09 | 000,176,640 | ---- | C] () -- C:\Windows\SysNative\Faultrep.dll

[2010/08/18 19:03:08 | 000,120,832 | ---- | C] () -- C:\Windows\SysNative\wersvc.dll

[2010/08/18 19:02:52 | 000,470,016 | ---- | C] () -- C:\Windows\SysNative\PhotoMetadataHandler.dll

[2010/08/18 19:02:48 | 000,386,560 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecsExt.dll

[2010/08/18 19:02:47 | 000,841,216 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecs.dll

[2010/08/18 19:02:29 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf

[2010/08/18 19:02:28 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll

[2010/08/18 19:02:28 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll

[2010/08/18 19:02:28 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll

[2010/08/18 19:02:27 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll

[2010/08/18 19:02:27 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll

[2010/08/18 19:02:27 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll

[2010/08/17 16:00:59 | 000,235,520 | ---- | C] () -- C:\Windows\SysNative\CNMLM82.DLL

[2010/08/03 21:47:00 | 453,231,341 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/07/27 20:40:54 | 000,001,558 | ---- | C] () -- C:\Users\Deb\Desktop\LastChaos.lnk

[2010/07/02 16:08:08 | 000,334,802 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistMSI69E3.txt

[2010/07/02 16:08:07 | 000,011,198 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistUI69E3.txt

[2010/06/02 15:20:09 | 000,005,120 | ---- | C] () -- C:\Users\Deb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/24 15:39:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/05/10 16:30:38 | 000,335,192 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistMSI4E12.txt

[2010/05/10 16:30:38 | 000,011,214 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistUI4E12.txt

[2010/05/01 10:13:38 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi

[2010/04/26 11:43:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/04/23 09:39:09 | 000,334,098 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistMSI62DF.txt

[2010/04/23 09:39:09 | 000,011,182 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistUI62DF.txt

[2010/04/08 22:44:55 | 000,010,562 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistUI2848.txt

[2010/04/08 22:44:54 | 000,424,098 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistMSI2845.txt

[2010/04/08 22:44:54 | 000,011,390 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistUI2845.txt

[2009/06/01 22:19:36 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/05/28 13:27:18 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys

[2009/04/23 06:14:31 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini

[2009/04/23 06:14:31 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll

[2009/04/23 06:14:31 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini

[2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2008/09/15 19:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll

[2008/08/18 13:37:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2008/08/18 13:23:51 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll

[2008/08/18 13:23:51 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll

[2008/08/18 13:23:51 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll

[2008/08/18 13:23:51 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll

[2008/08/18 13:23:51 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll

[2008/08/18 13:23:51 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll

[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/02/17 18:32:53 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Ambient Design

[2010/10/16 22:02:19 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\BitTorrent

[2010/05/24 15:40:39 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Bytemobile

[2009/06/01 19:39:41 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/10/19 12:34:55 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\DNA

[2010/07/31 15:18:55 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\GetRightToGo

[2010/09/21 18:54:00 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\gtk-2.0

[2009/11/26 19:17:43 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\ijjigame

[2010/10/18 23:16:52 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\LimeWire

[2010/03/25 21:39:17 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Opera

[2010/03/10 11:29:40 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\PhotoFiltre

[2010/10/17 23:25:06 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Raptr

[2010/05/24 15:39:03 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Sierra Wireless

[2009/12/02 10:12:05 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\SiteRanker

[2010/08/22 13:27:15 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Toshiba

[2010/09/22 17:35:57 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Vivox

[2010/10/19 12:33:12 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/10/19 12:38:00 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Link to post
Share on other sites

OTL logfile created on: 10/19/2010 12:38:56 PM - Run 1

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Deb\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 139.51 Gb Total Space | 33.80 Gb Free Space | 24.23% Space Free | Partition Type: NTFS

Computer Name: DEB-PC | User Name: Deb | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/19 12:36:56 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Deb\Downloads\OTH(2).scr

PRC - [2010/10/19 12:36:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Deb\Downloads\OTL.scr

PRC - [2010/01/11 14:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe

PRC - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2010/10/19 12:36:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Deb\Downloads\OTL.scr

MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)

SRV:64bit: - [2008/04/24 20:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)

SRV:64bit: - [2008/02/06 15:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2008/01/20 21:50:24 | 000,027,648 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)

SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/12/11 13:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)

SRV:64bit: - [2007/12/03 19:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)

SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV - [2010/09/22 21:08:00 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)

SRV - [2010/06/08 16:48:26 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)

SRV - [2010/06/08 16:45:24 | 000,124,224 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)

SRV - [2010/04/26 16:15:00 | 003,826,032 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/11 14:10:52 | 000,082,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)

SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)

SRV - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2008/04/16 17:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi)

SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel

Link to post
Share on other sites

========== Files Created - No Company Name ==========

[2010/10/19 10:10:15 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/10/18 23:08:43 | 000,000,278 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

[2010/10/18 23:07:51 | 001,193,472 | ---- | C] () -- C:\Users\Deb\AppData\Local\10727299.exe

[2010/10/14 09:51:56 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll

[2010/10/13 14:08:08 | 001,923,584 | ---- | C] () -- C:\Windows\SysNative\ole32.dll

[2010/10/13 14:08:02 | 000,189,952 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll

[2010/10/13 14:08:00 | 000,633,856 | ---- | C] () -- C:\Windows\SysNative\comctl32.dll

[2010/10/13 14:07:57 | 002,751,488 | ---- | C] () -- C:\Windows\SysNative\win32k.sys

[2010/10/13 14:07:47 | 013,425,152 | ---- | C] () -- C:\Windows\SysNative\wmp.dll

[2010/10/13 14:07:33 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL

[2010/10/13 14:07:22 | 009,257,472 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll

[2010/10/13 14:07:20 | 012,474,368 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll

[2010/10/13 14:07:16 | 001,486,848 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll

[2010/10/13 14:07:16 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll

[2010/10/13 14:07:16 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec

[2010/10/13 14:07:15 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll

[2010/10/13 14:07:14 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll

[2010/10/13 14:07:14 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll

[2010/10/13 14:07:12 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll

[2010/10/13 14:07:12 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl

[2010/10/13 14:07:12 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll

[2010/10/13 14:07:12 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll

[2010/10/13 14:07:12 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll

[2010/10/13 14:07:12 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll

[2010/10/13 14:07:12 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll

[2010/10/13 14:07:12 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll

[2010/10/13 14:07:12 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll

[2010/10/13 14:07:12 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll

[2010/10/13 14:07:12 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll

[2010/10/13 14:07:11 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe

[2010/10/13 14:07:11 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll

[2010/10/13 14:07:10 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb

[2010/10/13 14:07:10 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe

[2010/10/13 14:07:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe

[2010/10/13 14:07:04 | 000,461,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys

[2010/10/13 14:07:04 | 000,179,712 | ---- | C] () -- C:\Windows\SysNative\srvsvc.dll

[2010/10/13 14:07:04 | 000,175,104 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys

[2010/10/13 14:07:04 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys

[2010/10/13 14:07:04 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll

[2010/10/13 14:07:04 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\sscore.dll

[2010/10/13 14:07:00 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll

[2010/10/13 14:06:59 | 001,090,048 | ---- | C] () -- C:\Windows\SysNative\wmpmde.dll

[2010/10/13 09:47:11 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/10/03 15:25:49 | 000,001,727 | ---- | C] () -- C:\Users\Deb\Desktop\LimeWire 5.5.16.lnk

[2010/09/28 13:43:04 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll

[2010/09/22 21:10:10 | 000,334,432 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistMSI57F9.txt

[2010/09/22 21:10:10 | 000,011,182 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistUI57F9.txt

[2010/09/21 18:54:00 | 000,005,245 | ---- | C] () -- C:\Users\Deb\.recently-used.xbel

[2010/09/17 13:30:23 | 000,020,958 | ---- | C] () -- C:\Users\Deb\Desktop\Shampoochart3.xlsx

[2010/09/16 20:21:19 | 000,010,816 | ---- | C] () -- C:\Users\Deb\Desktop\psychchart2.xlsx

[2010/09/16 19:49:16 | 000,010,495 | ---- | C] () -- C:\Users\Deb\Desktop\Piechart1.xlsx

[2010/09/15 15:51:05 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL

[2010/09/15 15:51:04 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll

[2010/09/15 15:50:59 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe

[2010/09/15 15:50:57 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll

[2010/09/09 16:29:14 | 000,332,902 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistMSI0939.txt

[2010/09/09 16:29:14 | 000,011,118 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistUI0939.txt

[2010/09/02 19:42:09 | 000,001,727 | ---- | C] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.5.14.lnk

[2010/09/01 11:29:02 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Bing Maps 3D.lnk

[2010/08/23 15:18:10 | 000,335,566 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistMSI228F.txt

[2010/08/23 15:18:09 | 000,011,230 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistUI228F.txt

[2010/08/19 12:41:13 | 000,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll

[2010/08/19 12:06:26 | 000,024,064 | ---- | C] () -- C:\Windows\SysNative\wsepno.dll

[2010/08/19 12:06:26 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msshooks.dll

[2010/08/19 12:06:25 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2010/08/19 12:06:25 | 000,106,605 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin

[2010/08/19 12:06:25 | 000,080,896 | ---- | C] () -- C:\Windows\SysNative\propdefs.dll

[2010/08/19 12:06:25 | 000,067,072 | ---- | C] () -- C:\Windows\SysNative\xmlfilter.dll

[2010/08/19 12:06:25 | 000,044,544 | ---- | C] () -- C:\Windows\SysNative\msscb.dll

[2010/08/19 12:06:25 | 000,043,008 | ---- | C] () -- C:\Windows\SysNative\rtffilt.dll

[2010/08/19 12:06:25 | 000,037,376 | ---- | C] () -- C:\Windows\SysNative\mimefilt.dll

[2010/08/19 12:06:25 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2010/08/19 12:06:25 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin

[2010/08/19 12:06:23 | 001,676,800 | ---- | C] () -- C:\Windows\SysNative\chsbrkr.dll

[2010/08/19 12:06:23 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\mssitlb.dll

[2010/08/19 12:06:23 | 000,040,448 | ---- | C] () -- C:\Windows\SysNative\mssprxy.dll

[2010/08/19 12:06:22 | 000,921,088 | ---- | C] () -- C:\Windows\SysNative\propsys.dll

[2010/08/19 12:06:22 | 000,347,648 | ---- | C] () -- C:\Windows\SysNative\srchadmin.dll

[2010/08/19 12:06:22 | 000,317,440 | ---- | C] () -- C:\Windows\SysNative\thawbrkr.dll

[2010/08/19 12:06:22 | 000,280,064 | ---- | C] () -- C:\Windows\SysNative\offfilt.dll

[2010/08/19 12:06:22 | 000,181,248 | ---- | C] () -- C:\Windows\SysNative\nlhtml.dll

[2010/08/19 12:06:22 | 000,180,736 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.dll

[2010/08/19 12:06:21 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex

[2010/08/19 12:06:21 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex

[2010/08/19 12:06:21 | 006,100,480 | ---- | C] () -- C:\Windows\SysNative\chtbrkr.dll

[2010/08/19 12:06:21 | 000,796,672 | ---- | C] () -- C:\Windows\SysNative\mssvp.dll

[2010/08/19 12:06:21 | 000,498,176 | ---- | C] () -- C:\Windows\SysNative\mssph.dll

[2010/08/19 12:06:21 | 000,312,832 | ---- | C] () -- C:\Windows\SysNative\mssphtb.dll

[2010/08/19 12:06:21 | 000,258,560 | ---- | C] () -- C:\Windows\SysNative\SearchProtocolHost.exe

[2010/08/19 12:06:21 | 000,112,128 | ---- | C] () -- C:\Windows\SysNative\SearchFilterHost.exe

[2010/08/19 12:06:21 | 000,078,848 | ---- | C] () -- C:\Windows\SysNative\msstrc.dll

[2010/08/19 12:06:21 | 000,073,728 | ---- | C] () -- C:\Windows\SysNative\msscntrs.dll

[2010/08/19 12:06:20 | 002,209,792 | ---- | C] () -- C:\Windows\SysNative\tquery.dll

[2010/08/19 12:06:20 | 002,176,512 | ---- | C] () -- C:\Windows\SysNative\mssrch.dll

[2010/08/19 12:06:20 | 000,598,016 | ---- | C] () -- C:\Windows\SysNative\SearchIndexer.exe

[2010/08/19 11:42:26 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll

[2010/08/19 11:42:23 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys

[2010/08/19 11:42:23 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll

[2010/08/19 11:30:00 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax

[2010/08/19 11:30:00 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax

[2010/08/19 11:29:57 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll

[2010/08/19 11:29:56 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll

[2010/08/19 11:29:56 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax

[2010/08/19 11:27:35 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll

[2010/08/19 11:27:35 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll

[2010/08/19 11:27:35 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe

[2010/08/19 11:27:35 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll

[2010/08/19 11:27:35 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll

[2010/08/18 19:29:55 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll

[2010/08/18 19:29:55 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll

[2010/08/18 19:29:36 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe

[2010/08/18 19:28:43 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys

[2010/08/18 19:28:40 | 001,691,648 | ---- | C] () -- C:\Windows\SysNative\connect.dll

[2010/08/18 19:28:32 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll

[2010/08/18 19:28:32 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll

[2010/08/18 19:28:32 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll

[2010/08/18 19:28:31 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll

[2010/08/18 19:28:31 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll

[2010/08/18 19:28:31 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll

[2010/08/18 19:28:31 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll

[2010/08/18 19:28:31 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll

[2010/08/18 19:28:30 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll

[2010/08/18 19:27:57 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll

[2010/08/18 19:27:44 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll

[2010/08/18 19:27:42 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll

[2010/08/18 19:27:30 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll

[2010/08/18 19:27:30 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll

[2010/08/18 19:27:30 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll

[2010/08/18 19:27:22 | 000,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL

[2010/08/18 19:27:20 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll

[2010/08/18 19:27:13 | 000,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll

[2010/08/18 19:26:55 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll

[2010/08/18 19:26:52 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll

[2010/08/18 19:26:39 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys

[2010/08/18 19:26:39 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys

[2010/08/18 19:26:39 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys

[2010/08/18 19:26:33 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll

[2010/08/18 19:26:32 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll

[2010/08/18 19:26:13 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe

[2010/08/18 19:26:10 | 000,324,608 | ---- | C] () -- C:\Windows\SysNative\PortableDeviceApi.dll

[2010/08/18 19:26:01 | 002,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll

[2010/08/18 19:25:57 | 000,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl

[2010/08/18 19:25:52 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe

[2010/08/18 19:25:52 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe

[2010/08/18 19:25:51 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe

[2010/08/18 19:25:51 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe

[2010/08/18 19:25:50 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll

[2010/08/18 19:25:50 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll

[2010/08/18 19:25:50 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll

[2010/08/18 19:25:50 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll

[2010/08/18 19:25:50 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll

[2010/08/18 19:24:51 | 002,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL

[2010/08/18 19:24:50 | 003,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll

[2010/08/18 19:24:43 | 001,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll

[2010/08/18 19:24:43 | 000,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll

[2010/08/18 19:24:42 | 000,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll

[2010/08/18 19:24:41 | 000,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys

[2010/08/18 19:24:40 | 000,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll

[2010/08/18 19:24:40 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe

[2010/08/18 19:24:38 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll

[2010/08/18 19:24:13 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll

[2010/08/18 19:24:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE

[2010/08/18 19:24:13 | 000,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE

[2010/08/18 19:24:13 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE

[2010/08/18 19:24:12 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE

[2010/08/18 19:24:12 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe

[2010/08/18 19:24:12 | 000,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE

[2010/08/18 19:24:12 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE

[2010/08/18 19:23:34 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll

[2010/08/18 19:23:30 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll

[2010/08/18 19:23:26 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll

[2010/08/18 19:23:23 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll

[2010/08/18 19:23:21 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll

[2010/08/18 19:22:25 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll

[2010/08/18 19:04:10 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm

[2010/08/18 19:03:57 | 000,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll

[2010/08/18 19:03:55 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll

[2010/08/18 19:03:55 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx

[2010/08/18 19:03:55 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll

[2010/08/18 19:03:54 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb

[2010/08/18 19:03:53 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb

[2010/08/18 19:03:09 | 000,176,640 | ---- | C] () -- C:\Windows\SysNative\Faultrep.dll

[2010/08/18 19:03:08 | 000,120,832 | ---- | C] () -- C:\Windows\SysNative\wersvc.dll

[2010/08/18 19:02:52 | 000,470,016 | ---- | C] () -- C:\Windows\SysNative\PhotoMetadataHandler.dll

[2010/08/18 19:02:48 | 000,386,560 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecsExt.dll

[2010/08/18 19:02:47 | 000,841,216 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecs.dll

[2010/08/18 19:02:29 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf

[2010/08/18 19:02:28 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll

[2010/08/18 19:02:28 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll

[2010/08/18 19:02:28 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll

[2010/08/18 19:02:27 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll

[2010/08/18 19:02:27 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll

[2010/08/18 19:02:27 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll

[2010/08/17 16:00:59 | 000,235,520 | ---- | C] () -- C:\Windows\SysNative\CNMLM82.DLL

[2010/08/03 21:47:00 | 453,231,341 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/07/27 20:40:54 | 000,001,558 | ---- | C] () -- C:\Users\Deb\Desktop\LastChaos.lnk

[2010/07/02 16:08:08 | 000,334,802 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistMSI69E3.txt

[2010/07/02 16:08:07 | 000,011,198 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistUI69E3.txt

[2010/06/02 15:20:09 | 000,005,120 | ---- | C] () -- C:\Users\Deb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/24 15:39:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/05/10 16:30:38 | 000,335,192 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistMSI4E12.txt

[2010/05/10 16:30:38 | 000,011,214 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistUI4E12.txt

[2010/05/01 10:13:38 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi

[2010/04/26 11:43:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/04/23 09:39:09 | 000,334,098 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistMSI62DF.txt

[2010/04/23 09:39:09 | 000,011,182 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistUI62DF.txt

[2010/04/08 22:44:55 | 000,010,562 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistUI2848.txt

[2010/04/08 22:44:54 | 000,424,098 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistMSI2845.txt

[2010/04/08 22:44:54 | 000,011,390 | ---- | C] () -- C:\Users\Deb\AppData\Local\dd_vcredistUI2845.txt

[2009/06/01 22:19:36 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/05/28 13:27:18 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys

[2009/04/23 06:14:31 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini

[2009/04/23 06:14:31 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll

[2009/04/23 06:14:31 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini

[2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2008/09/15 19:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll

[2008/08/18 13:37:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2008/08/18 13:23:51 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll

[2008/08/18 13:23:51 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll

[2008/08/18 13:23:51 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll

[2008/08/18 13:23:51 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll

[2008/08/18 13:23:51 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll

[2008/08/18 13:23:51 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll

[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/02/17 18:32:53 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Ambient Design

[2010/10/16 22:02:19 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\BitTorrent

[2010/05/24 15:40:39 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Bytemobile

[2009/06/01 19:39:41 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/10/19 12:34:55 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\DNA

[2010/07/31 15:18:55 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\GetRightToGo

[2010/09/21 18:54:00 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\gtk-2.0

[2009/11/26 19:17:43 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\ijjigame

[2010/10/18 23:16:52 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\LimeWire

[2010/03/25 21:39:17 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Opera

[2010/03/10 11:29:40 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\PhotoFiltre

[2010/10/17 23:25:06 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Raptr

[2010/05/24 15:39:03 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Sierra Wireless

[2009/12/02 10:12:05 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\SiteRanker

[2010/08/22 13:27:15 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Toshiba

[2010/09/22 17:35:57 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Vivox

[2010/10/19 12:33:12 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/10/19 12:38:00 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Link to post
Share on other sites

Hi, please rerun OTL just like last time, but now with the following script and instead of a scan, we run a fix. :)

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    O4 - HKCU..\Run: [KOO9RV9K4Z] C:\Users\Deb\AppData\Local\Temp\Gt1.exe (Trend Micro Inc.)
    O4 - HKCU..\Run: [SMH2B46TDP] C:\Users\Deb\AppData\Local\Temp\Gt0.exe (Trend Micro Inc.)
    O4 - HKCU..\RunOnce: [10727299] C:\Users\Deb\AppData\Local\10727299.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    [2010/10/19 12:34:51 | 000,196,608 | ---- | C] (Trend Micro Inc.) -- C:\Windows\Gmupoc.exe
    [2010/10/19 11:10:52 | 000,196,608 | ---- | C] (Trend Micro Inc.) -- C:\Windows\Gmupob.exe
    [2010/10/19 10:03:10 | 000,196,608 | ---- | C] (Trend Micro Inc.) -- C:\Windows\Gmupoa.exe

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KOO9RV9K4Z deleted successfully.

C:\Users\Deb\AppData\Local\Temp\Gt1.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SMH2B46TDP deleted successfully.

C:\Users\Deb\AppData\Local\Temp\Gt0.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\10727299 deleted successfully.

C:\Users\Deb\AppData\Local\10727299.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

C:\Windows\Gmupoc.exe moved successfully.

C:\Windows\Gmupob.exe moved successfully.

C:\Windows\Gmupoa.exe moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Deb

->Temp folder emptied: 1502852427 bytes

->Temporary Internet Files folder emptied: 115296511 bytes

->Java cache emptied: 46992331 bytes

->FireFox cache emptied: 42282761 bytes

->Google Chrome cache emptied: 274396794 bytes

->Opera cache emptied: 10726363 bytes

->Flash cache emptied: 2474918 bytes

User: Debbie

->Temp folder emptied: 83337 bytes

->Temporary Internet Files folder emptied: 1401700 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 37165709 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 7319701 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 18355404 bytes

Total Files Cleaned = 1,964.00 mb

OTL by OldTimer - Version 3.2.15.2 log created on 10192010_143255

Files\Folders moved on Reboot...

C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNCRFH85\index[1].php moved successfully.

C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7YCED2F\iframe[1].htm moved successfully.

C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WWVLBJQD\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM43LG16\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5C9ZXTVX\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\202S6S0U\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Link to post
Share on other sites

It seems to be doing great! I've scanned with Malwarebytes. Here's the results-

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3970

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18975

10/19/2010 3:59:04 PM

mbam-log-2010-10-19 (15-59-04).txt

Scan type: Quick scan

Objects scanned: 114122

Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

Link to post
Share on other sites

That looks good. ;) Please let me know if there are any problems left.

Please visit Windows Update site and install all latest updates, including Service Pack 2 for Vista.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

I updated windows like you asked. Here's the ESET scan results

C:\Program Files (x86)\TalismanOnline\client.exe probably a variant of Win32/Packed.Themida application cleaned by deleting - quarantined

C:\Users\Deb\Downloads\TalismanOnline_1626_Setup.exe probably a variant of Win32/Packed.Themida application deleted - quarantined

C:\_OTL\MovedFiles\10192010_143255\C_Users\Deb\AppData\Local\10727299.exe a variant of Win32/Kryptik.HNQ trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\10192010_143255\C_Users\Deb\AppData\Local\Temp\Gt0.exe a variant of Win32/Kryptik.HMZ trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\10192010_143255\C_Users\Deb\AppData\Local\Temp\Gt1.exe a variant of Win32/Kryptik.HNB trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\10192010_143255\C_Windows\Gmupoa.exe a variant of Win32/Kryptik.HMZ trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\10192010_143255\C_Windows\Gmupob.exe a variant of Win32/Kryptik.HMZ trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\10192010_143255\C_Windows\Gmupoc.exe a variant of Win32/Kryptik.HMZ trojan cleaned by deleting - quarantined

Link to post
Share on other sites

Hi again, those were just some leftovers. Which means you are good to go! :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Rerun OTL and click the Cleanup button. Allow a reboot. This will remove all logs and tools we used.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.