Dell w/Windows Vista just had virus removed, still bugging

Inactive
By tijiwo79
Nov 20, 2011
Topic Status:
Not open for further replies.
  1. random commercials are playing out the speakers i can manually turn it off but it comes back after awhile. all my search engines keep redirecting and on startup it says mri_disabled i don't know what to do
  2. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. tijiwo79

    tijiwo79 Newcomer, in training Topic Starter Posts: 34

    tijiwo; i have what you require thank you

    Windows Live Writer
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Search Protection
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/20/2011 2:40:11 PM, Error: Service Control Manager [7034] - The Marvell Yukon Service service terminated unexpectedly. It has done this 1 time(s).
    11/20/2011 12:45:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
    11/20/2011 12:43:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    11/20/2011 12:40:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    11/20/2011 12:39:40 PM, Error: EventLog [6008] - The previous system shutdown at 12:36:23 PM on 11/20/2011 was unexpected.
    11/20/2011 12:35:34 PM, Error: EventLog [6008] - The previous system shutdown at 12:30:38 PM on 11/20/2011 was unexpected.
    11/18/2011 10:08:42 PM, Error: EventLog [6008] - The previous system shutdown at 10:04:54 PM on 11/18/2011 was unexpected.
    11/14/2011 6:47:55 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    11/14/2011 6:45:42 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    11/14/2011 6:11:11 PM, Error: EventLog [6008] - The previous system shutdown at 6:00:24 PM on 11/14/2011 was unexpected.
    11/14/2011 10:30:08 PM, Error: EventLog [6008] - The previous system shutdown at 7:56:13 PM on 11/14/2011 was unexpected.
    11/13/2011 5:05:35 PM, Error: EventLog [6008] - The previous system shutdown at 5:02:48 PM on 11/13/2011 was unexpected.
    11/13/2011 2:36:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr
    11/13/2011 2:36:59 PM, Error: Service Control Manager [7023] - The Software Licensing service terminated with the following error: The system cannot find the file specified.
    11/13/2011 2:36:59 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
    11/13/2011 2:36:59 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
    11/13/2011 2:35:04 PM, Error: EventLog [6008] - The previous system shutdown at 2:32:14 PM on 11/13/2011 was unexpected.
    11/13/2011 2:06:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Webroot Spy Sweeper Engine service to connect.
    11/13/2011 2:06:15 PM, Error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/13/2011 2:03:00 PM, Error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
    11/13/2011 12:39:02 PM, Error: EventLog [6008] - The previous system shutdown at 12:37:40 PM on 11/13/2011 was unexpected.
    11/13/2011 12:09:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    11/13/2011 12:09:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
    11/13/2011 12:09:36 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/13/2011 12:09:10 PM, Error: Service Control Manager [7022] - The Webroot Spy Sweeper Engine service hung on starting.
    11/13/2011 12:07:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Marvell Yukon Service service to connect.
    11/13/2011 12:07:45 PM, Error: Service Control Manager [7000] - The Marvell Yukon Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/13/2011 11:59:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
    11/13/2011 11:59:39 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/13/2011 11:59:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/13/2011 11:59:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/13/2011 11:59:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/13/2011 11:59:06 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
    11/13/2011 11:59:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/13/2011 11:58:38 AM, Error: EventLog [6008] - The previous system shutdown at 11:56:22 AM on 11/13/2011 was unexpected.
    11/13/2011 11:40:13 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/13/2011 11:40:13 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/13/2011 11:39:30 AM, Error: EventLog [6008] - The previous system shutdown at 10:59:59 AM on 11/13/2011 was unexpected.
    11/13/2011 1:55:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    .
    ==== End Of File ===========================
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.6001.18762
    Run by Rebecca Marheine at 17:10:09 on 2011-11-20
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4057.1995 [GMT -5:00]
    .
    AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    C:\Program Files (x86)\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
    C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
    C:\Program Files (x86)\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe
    C:\Program Files (x86)\Verizon\Online Backup & Sharing\vewatch.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    c:\program files\windows defender\MpCmdRun.exe
    C:\Windows\system32\consent.exe
    c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Bar = Preserve
    uWindow Title = Internet Explorer provided by Dell
    mStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: MRI_DISABLED - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111114190747.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    uRun: [Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun
    uRun: [SightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Search Protection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
    mRun: [Online Backup Auto Update] "C:\Program Files (x86)\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe"
    mRun: [Vault Explorer Cache Watcher] "C:\Program Files (x86)\Verizon\Online Backup & Sharing\vewatch.exe"
    mRun: [Performance Center] "C:\Program Files (x86)\Ascentive\Performance Center\APCMain.exe" -m
    mRun: [Finally Fast] "C:\Program Files (x86)\Ascentive\Finally Fast\FinallyFast.exe" -m
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\REBECC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
    StartupFolder: C:\Users\REBECC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{943C0FDB-5E56-406E-B497-1A9DEB0BA382} : DhcpNameServer = 192.168.1.1 71.252.0.12
    TCP: Interfaces\{B0C3480D-E1C2-40B5-AFE2-1E3B6B153D7D} : DhcpNameServer = 192.168.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    BHO-X64: MRI_DISABLED - No File
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111114190747.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    BHO-X64: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask.com Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    BHO-X64: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
    BHO-X64: Verizon Toolbar - No File
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    TB-X64: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
    mRun-x64: [Online Backup Auto Update] "C:\Program Files (x86)\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe"
    mRun-x64: [Vault Explorer Cache Watcher] "C:\Program Files (x86)\Verizon\Online Backup & Sharing\vewatch.exe"
    mRun-x64: [Performance Center] "C:\Program Files (x86)\Ascentive\Performance Center\APCMain.exe" -m
    mRun-x64: [Finally Fast] "C:\Program Files (x86)\Ascentive\Finally Fast\FinallyFast.exe" -m
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 ssfs0bbc;ssfs0bbc;C:\Windows\system32\DRIVERS\ssfs0bbc.sys --> C:\Windows\system32\DRIVERS\ssfs0bbc.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [?]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    R2 FilesystemWatcher;Filesystem Watcher;C:\Program Files (x86)\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [2010-2-2 24576]
    R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-10-28 286736]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-20 366152]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-14 249936]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-14 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-14 249936]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-14 249936]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-11-14 199272]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-11-14 208536]
    R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
    R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2011-8-26 91456]
    R2 OnlineBackupSchedulerService;Online Backup Scheduler;C:\Program Files (x86)\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe [2010-2-10 20480]
    R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-5-15 206120]
    R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-5-15 185640]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA009Ufd.sys --> C:\Windows\system32\DRIVERS\OA009Ufd.sys [?]
    R3 OA009Vid;Creative Camera OA009 Function Driver;C:\Windows\system32\DRIVERS\OA009Vid.sys --> C:\Windows\system32\DRIVERS\OA009Vid.sys [?]
    R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-27 136176]
    S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-6 4048240]
    S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-4 93184]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-27 136176]
    S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-11-14 225216]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-14 249936]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-11-20 22:03:05 607260 ------r- C:\Users\Rebecca Marheine\dds.scr
    2011-11-20 19:29:35 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\Malwarebytes
    2011-11-20 19:29:22 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-11-20 19:29:17 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-11-20 19:29:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-20 19:27:36 9852544 ----a-w- C:\Users\Rebecca Marheine\mbam-setup-1.51.2.1300.exe
    2011-11-20 17:47:19 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB8D875B-E18C-4628-9ED7-D24E0929600B}\offreg.dll
    2011-11-20 17:17:53 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB8D875B-E18C-4628-9ED7-D24E0929600B}\mpengine.dll
    2011-11-18 01:31:11 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
    2011-11-18 01:31:10 974848 ----a-w- C:\Windows\SysWow64\mfc70.dll
    2011-11-18 01:31:10 608448 ----a-w- C:\Windows\SysWow64\comctl32.ocx
    2011-11-18 01:31:10 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
    2011-11-16 11:40:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-14 23:36:33 -------- d-----w- C:\Program Files (x86)\McAfee.com
    2011-11-14 23:34:55 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2011-11-14 23:34:55 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
    2011-11-14 23:34:52 161168 ----a-w- C:\Windows\System32\mfevtps.exe
    2011-11-14 23:34:48 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
    2011-11-14 23:34:48 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2011-11-14 23:34:48 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
    2011-11-14 23:34:48 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2011-11-14 23:34:48 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2011-11-14 23:34:48 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2011-11-14 23:34:48 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
    2011-11-14 23:34:48 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2011-11-14 23:33:46 -------- d-----w- C:\Program Files\Common Files\McAfee
    2011-11-14 23:33:45 -------- d-----w- C:\Program Files\McAfee.com
    2011-11-14 23:33:45 -------- d-----w- C:\Program Files\McAfee
    2011-11-14 23:33:43 -------- d-----w- C:\Program Files (x86)\McAfee
    2011-11-13 23:52:13 -------- d-----w- C:\Windows\System32\wbem\repository
    2011-11-13 23:03:00 -------- d-s---w- C:\Windows\SysWow64\Microsoft
    2011-11-13 20:51:04 -------- d-----w- C:\mfe
    2011-11-13 20:35:00 -------- d-----w- C:\!KillBox
    2011-11-13 19:39:59 -------- d-----w- C:\Program Files (x86)\Citrix
    2011-11-13 19:04:06 -------- d-----w- C:\ProgramData\Webroot
    2011-11-13 18:12:38 103784 ----a-w- C:\Users\Rebecca Marheine\GoToAssistDownloadHelper.exe
    2011-11-13 18:12:38 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\Citrix
    2011-11-13 18:12:13 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\Deployment
    2011-11-13 18:12:13 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\Apps
    2011-11-13 17:22:07 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\SpeedyPC Software
    2011-11-13 17:22:07 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\DriverCure
    2011-11-13 17:21:54 -------- d-----w- C:\ProgramData\SpeedyPC Software
    2011-11-11 18:48:23 -------- d-----w- C:\Users\Rebecca Marheine\New Folder (1)
    2011-11-11 18:47:54 -------- d-----w- C:\Users\Rebecca Marheine\New Folder
    2011-11-06 13:04:33 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\PC Cleaners
    2011-11-06 13:04:26 5359888 ----a-w- C:\Windows\uninst.exe
    2011-11-06 13:04:24 -------- d-----w- C:\ProgramData\PC1Data
    2011-11-06 12:30:12 -------- d-----w- C:\Program Files (x86)\AML Products
    2011-11-05 16:40:21 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\Xenocode
    2011-10-30 17:16:03 -------- d-----w- C:\Program Files (x86)\Ascentive
    2011-10-28 17:13:07 -------- d-----w- C:\Program Files\Verizon
    2011-10-28 17:12:50 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs
    2011-10-28 17:12:50 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat
    2011-10-28 17:12:46 -------- d-----w- C:\Program Files (x86)\verizontb
    2011-10-28 17:11:51 23896576 ----a-w- C:\Windows\VzInHomeAgentInstaller.msi
    2011-10-28 17:11:45 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\DigiData
    2011-10-28 17:11:05 -------- d-----w- C:\ProgramData\DigiData
    2011-10-28 17:10:58 -------- d-----w- C:\Program Files (x86)\Verizon Online Backup
    2011-10-28 17:06:30 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\SupportSoft
    2011-10-28 17:05:37 -------- d-----w- C:\Program Files (x86)\VERIZONDM
    2011-10-28 17:05:31 9782784 ----a-w- C:\Windows\VerizonDM.msi
    2011-10-28 17:05:12 -------- d-----w- C:\Program Files (x86)\Common Files\SupportSoft
    2011-10-28 17:05:11 -------- d-----w- C:\Program Files (x86)\Verizon
    2011-10-28 16:48:17 652296 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-10-28 16:48:01 644360 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-10-28 16:47:52 416128 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
    2011-10-28 16:47:44 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\TechWizard
    2011-10-28 01:24:20 -------- d-----w- C:\Users\Rebecca Marheine\PIMVLibraries
    2011-10-23 03:47:22 -------- d-sh--w- C:\found.000
    .
    ==================== Find3M ====================
    .
    2011-08-26 08:18:10 450560 ----a-w- C:\Windows\SysWow64\AscSQLite.dll
    .
    ============= FINISH: 17:20:48.23 ===============
  4. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Attach.txt log is incomplete.
    Repost it.
  5. tijiwo79

    tijiwo79 Newcomer, in training Topic Starter Posts: 34

    i hope this is it

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 5/8/2009 1:35:04 AM
    System Uptime: 11/20/2011 2:41:57 PM (4 hours ago)
    .
    Motherboard: Dell Inc. | | 0G848F
    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 207.792 GiB free.
    E: is FIXED (NTFS) - 15 GiB total, 6.083 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP207: 8/30/2011 1:45:21 AM - Windows Update
    RP208: 9/3/2011 8:09:09 PM - Windows Update
    RP209: 9/5/2011 7:41:04 PM - Scheduled Checkpoint
    RP210: 9/6/2011 8:28:43 PM - Windows Update
    RP211: 9/7/2011 6:14:33 PM - Scheduled Checkpoint
    RP212: 9/9/2011 12:01:20 PM - Windows Update
    RP213: 9/10/2011 1:19:24 PM - Scheduled Checkpoint
    RP214: 9/13/2011 10:32:16 PM - Windows Update
    RP215: 9/16/2011 6:52:27 PM - Windows Update
    RP216: 9/17/2011 2:19:23 PM - Scheduled Checkpoint
    RP217: 9/18/2011 2:14:09 PM - Scheduled Checkpoint
    RP218: 9/22/2011 8:23:09 PM - Windows Update
    RP219: 9/24/2011 2:58:58 PM - Scheduled Checkpoint
    RP220: 9/27/2011 6:48:15 PM - Windows Update
    RP221: 10/4/2011 7:46:48 PM - Windows Update
    RP222: 10/5/2011 7:56:16 PM - Scheduled Checkpoint
    RP223: 10/9/2011 11:05:42 PM - Windows Update
    RP224: 10/16/2011 4:43:41 PM - Windows Update
    RP225: 10/20/2011 4:38:07 PM - Windows Update
    RP226: 10/28/2011 12:48:24 PM - FiOS Installation
    RP227: 11/5/2011 12:41:08 PM - Windows Update
    RP228: 11/8/2011 8:00:09 PM - Windows Update
    RP229: 11/13/2011 1:33:22 AM - Windows Update
    RP230: 11/14/2011 6:35:01 PM - Device Driver Package Install: McAfee, Inc. Network Service
    RP231: 11/17/2011 8:37:36 PM - Windows Update
    RP232: 11/20/2011 12:17:11 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9
    Advanced Audio FX Engine
    AML Free Registry Cleaner 4.22
    Apple Application Support
    Apple Software Update
    Ask.com Toolbar
    Choice Guard
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Consumer In-Home Service Agreement
    Cozi
    Dell Getting Started Guide
    Dell Video Chat
    Dell Webcam Central
    DELL0703
    Finally Fast
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    IHA_MessageCenter
    Java Auto Updater
    Java(TM) 6 Update 20
    Junk Mail filter update
    LimeWire 5.5.16
    Live! Cam Avatar Creator
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft UI Engine
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mobile Broadband Generic Drivers
    MotoConnect
    MSN Toolbar
    MSN Toolbar Platform
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    Performance Center
    PowerDVD
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Spy Sweeper Core
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Verizon Download Manager
    Verizon Internet Security Suite
    Verizon Online Backup and Sharing
    Verizon Toolbar
    Vz In Home Agent
    VZAccess Manager for Novatel
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Search Protection
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/20/2011 2:40:11 PM, Error: Service Control Manager [7034] - The Marvell Yukon Service service terminated unexpectedly. It has done this 1 time(s).
    11/20/2011 12:45:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
    11/20/2011 12:43:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    11/20/2011 12:40:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    11/20/2011 12:39:40 PM, Error: EventLog [6008] - The previous system shutdown at 12:36:23 PM on 11/20/2011 was unexpected.
    11/20/2011 12:35:34 PM, Error: EventLog [6008] - The previous system shutdown at 12:30:38 PM on 11/20/2011 was unexpected.
    11/18/2011 10:08:42 PM, Error: EventLog [6008] - The previous system shutdown at 10:04:54 PM on 11/18/2011 was unexpected.
    11/14/2011 6:47:55 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    11/14/2011 6:45:42 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    11/14/2011 6:11:11 PM, Error: EventLog [6008] - The previous system shutdown at 6:00:24 PM on 11/14/2011 was unexpected.
    11/14/2011 10:30:08 PM, Error: EventLog [6008] - The previous system shutdown at 7:56:13 PM on 11/14/2011 was unexpected.
    11/13/2011 5:05:35 PM, Error: EventLog [6008] - The previous system shutdown at 5:02:48 PM on 11/13/2011 was unexpected.
    11/13/2011 2:36:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr
    11/13/2011 2:36:59 PM, Error: Service Control Manager [7023] - The Software Licensing service terminated with the following error: The system cannot find the file specified.
    11/13/2011 2:36:59 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
    11/13/2011 2:36:59 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
    11/13/2011 2:35:04 PM, Error: EventLog [6008] - The previous system shutdown at 2:32:14 PM on 11/13/2011 was unexpected.
    11/13/2011 2:06:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Webroot Spy Sweeper Engine service to connect.
    11/13/2011 2:06:15 PM, Error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/13/2011 2:03:00 PM, Error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
    11/13/2011 12:39:02 PM, Error: EventLog [6008] - The previous system shutdown at 12:37:40 PM on 11/13/2011 was unexpected.
    11/13/2011 12:09:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    11/13/2011 12:09:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
    11/13/2011 12:09:36 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/13/2011 12:09:10 PM, Error: Service Control Manager [7022] - The Webroot Spy Sweeper Engine service hung on starting.
    11/13/2011 12:07:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Marvell Yukon Service service to connect.
    11/13/2011 12:07:45 PM, Error: Service Control Manager [7000] - The Marvell Yukon Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/13/2011 11:59:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
    11/13/2011 11:59:39 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/13/2011 11:59:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/13/2011 11:59:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/13/2011 11:59:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/13/2011 11:59:06 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
    11/13/2011 11:59:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/13/2011 11:58:38 AM, Error: EventLog [6008] - The previous system shutdown at 11:56:22 AM on 11/13/2011 was unexpected.
    11/13/2011 11:40:13 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/13/2011 11:40:13 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/13/2011 11:39:30 AM, Error: EventLog [6008] - The previous system shutdown at 10:59:59 AM on 11/13/2011 was unexpected.
    11/13/2011 1:55:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    .
    ==== End Of File ===========================
  6. tijiwo79

    tijiwo79 Newcomer, in training Topic Starter Posts: 34

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-20 16:37:36
    Windows 6.0.6001 Service Pack 1
    Running: zvc7670y.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Users\Rebecca Marheine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5AULPDTC\fw-nonplayer-banner[2].htm 1302 bytes
    File C:\Users\Rebecca Marheine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5AULPDTC\fw-nonplayer-banner[3].htm 1311 bytes
    File C:\Users\Rebecca Marheine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5AULPDTC\fw-nonplayer-banner[4].htm 1302 bytes
    File C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Cookies\rebecca_marheine@mevio[1].txt 0 bytes
    File C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Cookies\rebecca_marheine@mmismm[1].txt 90 bytes
    File C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Cookies\rebecca_marheine@bluekai[5].txt 1790 bytes
    File C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Cookies\rebecca_marheine@www.mevio[4].txt 342 bytes

    ---- EOF - GMER 1.0.15 ----
  7. tijiwo79

    tijiwo79 Newcomer, in training Topic Starter Posts: 34

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8201

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.18762

    11/20/2011 2:38:56 PM
    mbam-log-2011-11-20 (14-38-56).txt

    Scan type: Quick scan
    Objects scanned: 171760
    Time elapsed: 7 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  8. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Uninstall Ask.com Toolbar, typical foistware.

    I don't see any AV program running.
    Install one of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
    Update, run full scan, report on any findings.

    When done....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  9. tijiwo79

    tijiwo79 Newcomer, in training Topic Starter Posts: 34

    i currently have mcafee through verizon and how do disenable script blocker. thanks
  10. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    OK. Disregard my advice regarding installing an AV program.

    I don't see any script blocking programs on your computer so you're good to proceed.
  11. tijiwo79

    tijiwo79 Newcomer, in training Topic Starter Posts: 34

    i dont know if this is right

    ComboFix 11-11-20.02 - Rebecca Marheine 11/20/2011 20:30:40.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4057.2420 [GMT -5:00]
    Running from: c:\Users\Rebecca Marheine\ComboFix.exe
    AV: Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
    C:\Users\Rebecca Marheine\ComboFix.exe
    C:\Users\Rebecca Marheine\dds.scr
    C:\Users\Rebecca Marheine\Desktop\Internet Explorer.lnk
    C:\Users\Rebecca Marheine\Desktop\Search.lnk
    C:\Users\Rebecca Marheine\GoToAssistDownloadHelper.exe
    C:\Users\Rebecca Marheine\mbam-setup-1.51.2.1300.exe


    ((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))


    2011-11-21 02:10:59 . 2011-11-21 02:10:59 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB8D875B-E18C-4628-9ED7-D24E0929600B}\offreg.dll
    2011-11-21 02:07:58 . 2011-11-21 02:15:14 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\temp
    2011-11-21 02:07:58 . 2011-11-21 02:07:58 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2011-11-20 19:29:35 . 2011-11-20 19:29:35 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\Malwarebytes
    2011-11-20 19:29:22 . 2011-11-20 19:29:22 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-11-20 19:29:17 . 2011-08-31 22:00:50 25416 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2011-11-20 19:29:16 . 2011-11-20 19:29:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-20 17:17:53 . 2011-10-07 04:16:03 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB8D875B-E18C-4628-9ED7-D24E0929600B}\mpengine.dll
    2011-11-18 01:31:11 . 2002-01-05 16:37:28 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
    2011-11-18 01:31:10 . 2002-01-05 11:48:16 974848 ----a-w- C:\Windows\SysWow64\mfc70.dll
    2011-11-18 01:31:10 . 2002-01-05 10:40:20 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
    2011-11-18 01:31:10 . 2000-05-22 21:58:00 608448 ----a-w- C:\Windows\SysWow64\comctl32.ocx
    2011-11-16 11:40:22 . 2011-11-16 11:40:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-14 23:34:55 . 2011-11-14 23:39:15 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
    2011-11-14 23:34:55 . 2011-10-15 18:16:16 10248 ----a-w- C:\Windows\system32\drivers\mfeclnk.sys
    2011-11-14 23:34:52 . 2011-10-18 19:32:28 161168 ----a-w- C:\Windows\system32\mfevtps.exe
    2011-11-14 23:34:48 . 2011-10-15 18:16:16 75808 ----a-w- C:\Windows\system32\drivers\mfenlfk.sys
    2011-11-14 23:34:48 . 2011-10-15 18:16:16 65264 ----a-w- C:\Windows\system32\drivers\cfwids.sys
    2011-11-14 23:34:48 . 2011-10-15 18:16:16 647080 ----a-w- C:\Windows\system32\drivers\mfehidk.sys
    2011-11-14 23:34:48 . 2011-10-15 18:16:16 481768 ----a-w- C:\Windows\system32\drivers\mfefirek.sys
    2011-11-14 23:34:48 . 2011-10-15 18:16:16 284648 ----a-w- C:\Windows\system32\drivers\mfewfpk.sys
    2011-11-14 23:34:48 . 2011-10-15 18:16:16 229528 ----a-w- C:\Windows\system32\drivers\mfeavfk.sys
    2011-11-14 23:34:48 . 2011-10-15 18:16:16 160280 ----a-w- C:\Windows\system32\drivers\mfeapfk.sys
    2011-11-14 23:34:48 . 2011-10-15 18:16:16 100912 ----a-w- C:\Windows\system32\drivers\mferkdet.sys
    2011-11-14 23:33:46 . 2011-11-14 23:38:20 -------- d-----w- C:\Program Files\Common Files\McAfee
    2011-11-14 23:33:45 . 2011-11-14 23:39:17 -------- d-----w- C:\Program Files\McAfee
    2011-11-14 23:33:43 . 2011-11-14 23:39:16 -------- d-----w- C:\Program Files (x86)\McAfee
    2011-11-13 23:52:13 . 2011-11-21 02:11:47 -------- d-----w- C:\Windows\system32\wbem\repository
    2011-11-13 23:29:08 . 2011-11-16 12:11:18 -------- d-----w- C:\ProgramData\McAfee
    2011-11-13 23:03:00 . 2011-11-13 23:03:00 -------- d-s---w- C:\Windows\SysWow64\Microsoft
    2011-11-13 20:51:04 . 2011-11-13 20:51:04 -------- d-----w- C:\mfe
    2011-11-13 20:35:00 . 2011-11-13 20:35:00 -------- d-----w- C:\!KillBox
    2011-11-13 19:39:59 . 2011-11-13 19:39:59 -------- d-----w- C:\Program Files (x86)\Citrix
    2011-11-13 19:04:06 . 2011-11-13 19:04:07 -------- d-----w- C:\ProgramData\Webroot
    2011-11-13 18:12:38 . 2011-11-13 18:12:38 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\Citrix
    2011-11-13 18:12:13 . 2011-11-20 05:22:58 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\Deployment
    2011-11-13 18:12:13 . 2011-11-13 18:12:13 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\Apps
    2011-11-13 17:22:07 . 2011-11-13 17:22:07 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\SpeedyPC Software
    2011-11-13 17:22:07 . 2011-11-13 17:22:07 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\DriverCure
    2011-11-13 17:21:54 . 2011-11-13 19:02:38 -------- d-----w- C:\ProgramData\SpeedyPC Software
    2011-11-11 18:48:23 . 2011-11-11 19:17:48 -------- d-----w- C:\Users\Rebecca Marheine\New Folder (1)
    2011-11-11 18:47:54 . 2011-11-11 18:47:54 -------- d-----w- C:\Users\Rebecca Marheine\New Folder
    2011-11-06 13:04:33 . 2011-11-06 13:04:33 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\PC Cleaners
    2011-11-06 13:04:26 . 2011-11-06 13:03:59 5359888 ----a-w- C:\Windows\uninst.exe
    2011-11-06 13:04:24 . 2011-11-06 13:04:26 -------- d-----w- C:\ProgramData\PC1Data
    2011-11-06 12:30:12 . 2011-11-21 00:48:02 -------- d-----w- C:\Program Files (x86)\AML Products
    2011-11-05 16:40:21 . 2011-11-05 16:40:21 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\Xenocode
    2011-10-30 17:16:03 . 2011-11-21 00:48:35 -------- d-----w- C:\Program Files (x86)\Ascentive
    2011-10-28 17:13:07 . 2011-10-28 17:13:07 -------- d-----w- C:\Program Files\Verizon
    2011-10-28 17:12:50 . 2011-11-14 23:30:00 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs
    2011-10-28 17:12:50 . 2011-11-14 23:30:00 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat
    2011-10-28 17:12:46 . 2011-10-28 17:14:31 -------- d-----w- C:\Program Files (x86)\verizontb
    2011-10-28 17:11:51 . 2011-05-26 19:00:20 23896576 ----a-w- C:\Windows\VzInHomeAgentInstaller.msi
    2011-10-28 17:11:45 . 2011-10-28 17:11:45 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\DigiData
    2011-10-28 17:11:05 . 2011-10-28 17:11:21 -------- d-----w- C:\ProgramData\DigiData
    2011-10-28 17:10:58 . 2011-10-28 17:10:59 -------- d-----w- C:\Program Files (x86)\Verizon Online Backup
    2011-10-28 17:06:30 . 2011-10-28 17:08:07 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\SupportSoft
    2011-10-28 17:05:37 . 2011-10-28 17:05:39 -------- d-----w- C:\Program Files (x86)\VERIZONDM
    2011-10-28 17:05:37 . 2011-10-28 17:05:37 -------- d-----w- C:\ProgramData\SupportSoft
    2011-10-28 17:05:31 . 2011-05-16 18:06:46 9782784 ----a-w- C:\Windows\VerizonDM.msi
    2011-10-28 17:05:12 . 2011-10-28 17:05:37 -------- d-----w- C:\Program Files (x86)\Common Files\SupportSoft
    2011-10-28 17:05:11 . 2011-10-28 17:14:39 -------- d-----w- C:\Program Files (x86)\Verizon
    2011-10-28 16:48:17 . 2011-10-28 16:48:17 652296 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-10-28 16:48:01 . 2011-10-28 16:48:01 644360 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-10-28 16:47:52 . 2011-10-28 16:47:52 416128 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
    2011-10-28 16:47:44 . 2011-10-28 17:01:31 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\TechWizard
    2011-10-28 01:24:30 . 2011-10-28 01:24:30 -------- d-----w- C:\Users\Public\Philips
    2011-10-28 01:24:20 . 2011-10-28 01:24:20 -------- d-----w- C:\Users\Rebecca Marheine\PIMVLibraries
    2011-10-23 03:47:22 . 2011-10-23 03:47:22 -------- d-----w- C:\found.000
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f8d96645-337c-419b-8792-b6c126145811}]
    2011-04-29 19:56:10 86696 ----a-w- C:\Program Files (x86)\verizontb\verizonDx.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{f8d96645-337c-419b-8792-b6c126145811}"= "C:\Program Files (x86)\verizontb\verizonDx.dll" [2011-04-29 19:56:10 86696]

    [HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\Sidebar.exe" [2008-01-21 02:47:57 1555968]
    "SightSpeed"="C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 04:27:22 4823928]
    "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-19 15:04:54 39408]
    "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 03:41:54 3882312]
    "Search Protection"="C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 13:05:34 111856]
    "Messenger (Yahoo!)"="C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 15:17:48 5252408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 19:06:08 128296]
    "YSearchProtection"="C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 13:05:34 111856]
    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 15:43:18 248040]
    "MSN Toolbar"="c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 01:29:44 240992]
    "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2010-09-08 15:17:42 421888]
    "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 06:10:52 421160]
    "VERIZONDM"="C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" [2011-05-16 04:35:50 206120]
    "Online Backup Auto Update"="C:\Program Files (x86)\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe" [2010-02-10 23:10:50 233472]
    "Vault Explorer Cache Watcher"="C:\Program Files (x86)\Verizon\Online Backup & Sharing\vewatch.exe" [2010-02-10 20:20:56 28672]
    "Performance Center"="C:\Program Files (x86)\Ascentive\Performance Center\APCMain.exe" [2011-08-22 12:27:12 622592]
    "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2011-09-16 23:38:42 1674896]
    "Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 22:00:48 449608]

    C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - C:\Program Files (x86)\LimeWire\LimeWire.exe [2010-9-30 503808]

    C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
    Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]

    C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-06-12 07:38:00 34672 ----a-w- c:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
    2008-06-03 20:54:56 446635 ------w- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe

    R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27 18:57:52 136176]
    R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27 18:57:52 136176]
    R3 McAWFwk;McAfee Activation Service;c:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-01-28 17:28:54 225216]
    R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [x]
    R3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
    R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [x]
    R4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 23:28:20 249936]
    S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x]
    S0 ssfs0bbc;ssfs0bbc;C:\Windows\system32\DRIVERS\ssfs0bbc.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [x]
    S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 18:05:28 155648]
    S2 FilesystemWatcher;Filesystem Watcher;C:\Program Files (x86)\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [2010-02-03 00:02:52 24576]
    S2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-10-28 23:20:16 286736]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 22:00:48 366152]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 23:28:20 249936]
    S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 23:28:20 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 23:28:20 249936]
    S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 19:23:24 208536]
    S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe [x]
    S2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-04-29 15:30:44 91456]
    S2 OnlineBackupSchedulerService;Online Backup Scheduler;C:\Program Files (x86)\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe [2010-02-10 23:11:00 20480]
    S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-05-16 04:36:04 206120]
    S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-05-16 04:36:08 185640]
    S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc [x]
    S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [x]
    S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [x]
    S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA009Ufd.sys [x]
    S3 OA009Vid;Creative Camera OA009 Function Driver;C:\Windows\system32\DRIVERS\OA009Vid.sys [x]
    S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys [x]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - mfeavfk01

    Contents of the 'Scheduled Tasks' folder

    2011-11-21 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27 18:58:01 . 2010-05-27 18:57:52]

    2011-11-21 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27 18:58:01 . 2010-05-27 18:57:52]

    2011-11-20 C:\Windows\Tasks\User_Feed_Synchronization-{2DC3A224-5A67-4900-B0EC-793D91740733}.job
    - C:\Windows\system32\msfeedssync.exe [2009-06-04 00:39:02 . 2009-03-08 11:31:52]


    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:47:32 1584184]
    "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2008-09-04 05:29:22 272896]
    "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2008-12-15 04:13:52 462336]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-12-09 05:13:00 153624]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-12-09 05:12:32 225816]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-12-09 05:12:44 200216]
    "Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2008-12-22 10:35:14 4119552]
    "QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" [2009-01-09 17:18:50 2115664]
    "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 22:41:12 178712]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0

    ------- Supplementary Scan -------

    uLocal Page = C:\Windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.yahoo.com
    mLocal Page = C:\Windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

    - - - - ORPHANS REMOVED - - - -

    Wow6432Node-HKCU-Run-WMPNSCFG - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    MSConfigStartUp-SunJavaUpdateSched - C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
     
  12. tijiwo79

    tijiwo79 Newcomer, in training Topic Starter Posts: 34

    here aswmbr

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-20 19:52:57
    -----------------------------
    19:52:57.272 OS Version: Windows x64 6.0.6001 Service Pack 1
    19:52:57.272 Number of processors: 2 586 0x170A
    19:52:57.273 ComputerName: REBECCAMARHE-PC UserName:
    19:53:02.312 Initialize success
    19:53:42.990 AVAST engine defs: 11112001
    19:53:55.040 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    19:53:55.044 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
    19:53:55.081 Disk 0 MBR read successfully
    19:53:55.086 Disk 0 MBR scan
    19:53:55.094 Disk 0 Windows VISTA default MBR code
    19:53:55.100 Service scanning
    19:53:57.459 Modules scanning
    19:53:57.466 Disk 0 trace - called modules:
    19:53:57.501 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800658c334]<<
    19:53:57.507 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800490e790]
    19:53:57.515 3 CLASSPNP.SYS[fffffa6000fc6b3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004582050]
    19:53:57.522 \Driver\iaStor[0xfffffa8003add520] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800658c334
    19:54:00.505 AVAST engine scan C:\Windows
    19:54:06.538 AVAST engine scan C:\Windows\system32
    19:57:08.529 AVAST engine scan C:\Windows\system32\drivers
    19:57:36.126 AVAST engine scan C:\Users\Rebecca Marheine
    19:58:14.071 Disk 0 MBR has been saved successfully to "C:\Users\Rebecca Marheine\Documents\MBR.dat"
    19:58:14.109 The log file has been saved successfully to "C:\Users\Rebecca Marheine\Documents\aswMBR.txt"
  13. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  14. tijiwo79

    tijiwo79 Newcomer, in training Topic Starter Posts: 34

    i tried to run it and my av is catching a trojan

    as of now i still have music coming out of the speakers

    the redirect problem seems to be solved

    i was getting malware blocks on iexplorer.exe
    then the music started after the last two steps
  15. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Unfortunately McAfee won't let you run OTL successfully.
    You have to uninstall McAfee, download fresh copy of OTL and then run it again.
  16. tijiwo79

    tijiwo79 Newcomer, in training Topic Starter Posts: 34

    trojan

    artemis!327ocb86f79b
  17. tijiwo79

    tijiwo79 Newcomer, in training Topic Starter Posts: 34

    i got hit with that trojan it wouldn't let me complete the scan
  18. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Please read my previous reply.
     
  19. tijiwo79

    tijiwo79 Newcomer, in training Topic Starter Posts: 34

    ok i uninstalled mcafee and
    tried to run otl 4 times
    it keeps stopping in the middle
  20. tijiwo79

    tijiwo79 Newcomer, in training Topic Starter Posts: 34

    i did it in safe mode

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop
    %*
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AutoUpdateDisableNotify" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2764788368-3418496698-3722962008-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{85D04DE9-FB94-40F8-AA76-A4F289A5E43D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{98612A84-8E77-44F1-973D-EB020531FFC6}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{D42F3BED-F8EB-44F3-AB62-B1DAD925250D}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{16EB7668-F690-4A47-9589-B9836F5370A6}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{26055791-D1CA-4F74-9AFE-2115DE47A409}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{34E2EBEB-3526-4857-BCB2-9ED171DDA06F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{601C54D7-0C01-455A-B968-8D851E3BC9F5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{6FEFE1DE-5E09-4E35-BDF5-35F56E03BACA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{8079CDB7-98C0-486F-AACC-BFADA2DE3D56}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{90E75132-F8F5-49B9-9774-3804FACF41C7}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
    "{93B1C13C-1DF8-4455-AA97-4BA5D08EDC10}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
    "{98DA887F-E27D-41B2-9C50-3571176229C9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{B63D2B68-8E26-4B02-A2BD-42D5B5ABA402}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{CC094103-3A71-4DA6-B41E-50223DA50D2D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{D367E884-097B-40E6-8950-2A254772A651}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{E28A66E5-7A24-4E6C-B074-453CA0B3ADAC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{EAA7F327-3021-44A7-AAD3-D39E5A404256}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{F733E037-B583-4CA0-AEEB-B95B03BD299C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{F8127765-DB47-4D28-9531-F3BBD4CD2B50}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "TCP Query User{10D26930-82AC-406E-8003-439EAA11E3FE}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
    "TCP Query User{3DE5307F-21C9-4B01-A1E4-7BB317DCDBD9}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "TCP Query User{47F32706-AE5F-4874-AD58-293A79660494}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
    "TCP Query User{A5B032CE-C4BD-44CA-8643-1CF3FD46B12A}D:\techwizard.exe" = protocol=6 | dir=in | app=d:\techwizard.exe |
    "TCP Query User{B4893355-8E39-45FC-A931-74035C4969F1}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{0D2B17B4-5732-4627-8769-375F158093F7}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
    "UDP Query User{4E0F8E42-DF9A-4327-8A7C-AE2A4D7D8B57}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
    "UDP Query User{4F0092B7-4226-436C-AB50-AF6ED7D8A266}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{51A3CC98-F128-4B08-B8BD-D6AE8EBD262F}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "UDP Query User{797F64B4-9AD1-4EA5-BE6B-5F20FED6D74F}D:\techwizard.exe" = protocol=17 | dir=in | app=d:\techwizard.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
    "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
    "Creative OA009" = Integrated Webcam Driver (1.00.02.0825)
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
    "{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
    "{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{5F89E4AF-07EF-48C7-9F3D-46E96E338D1D}" = Verizon Online Backup and Sharing
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{68CC54AC-EFE5-4CE4-81F8-BE0C834E2D86}" = Mobile Broadband Generic Drivers
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{7456BBA3-642F-4E59-9F89-7639977D7C39}" = Cozi
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7BA20EF6-AE4E-4408-B083-7AE999E92D73}" = VZAccess Manager for Novatel
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{859963C1-E908-49E8-9FA3-9E833D717563}" = IHA_MessageCenter
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DDC5B3E0-C656-4070-9CF0-E592EC60AD42}" = MotoConnect
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{FB7D0926-37A5-4042-9DF4-046BAF608B76}" = Verizon Download Manager
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Dell Video Chat" = Dell Video Chat
    "Dell Webcam Central" = Dell Webcam Central
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "MSC" = Verizon Internet Security Suite
    "verizontb" = Verizon Toolbar
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2764788368-3418496698-3722962008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/28/2011 4:10:03 PM | Computer Name = RebeccaMarhe-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 115270

    Error - 10/28/2011 4:10:03 PM | Computer Name = RebeccaMarhe-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 115270

    Error - 10/28/2011 4:11:22 PM | Computer Name = RebeccaMarhe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 10/29/2011 8:42:15 PM | Computer Name = RebeccaMarhe-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/29/2011 8:50:37 PM | Computer Name = RebeccaMarhe-PC | Source = RasClient | ID = 20227
    Description =

    Error - 10/29/2011 8:58:58 PM | Computer Name = RebeccaMarhe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 10/29/2011 8:59:17 PM | Computer Name = RebeccaMarhe-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/30/2011 12:28:27 PM | Computer Name = RebeccaMarhe-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/30/2011 12:50:33 PM | Computer Name = RebeccaMarhe-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/30/2011 1:09:53 PM | Computer Name = RebeccaMarhe-PC | Source = WinMgmt | ID = 10
    Description =

    [ Broadcom Wireless LAN Events ]
    Error - 8/29/2011 12:35:54 PM | Computer Name = RebeccaMarhe-PC | Source = WLAN-Tray | ID = 0
    Description = 12:35:52, Mon, Aug 29, 11 Error - Unable to gain access to user store


    [ System Events ]
    Error - 11/21/2011 6:37:36 PM | Computer Name = RebeccaMarhe-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/21/2011 7:10:44 PM | Computer Name = RebeccaMarhe-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 5:55:14 PM on 11/21/2011 was unexpected.

    Error - 11/21/2011 7:11:06 PM | Computer Name = RebeccaMarhe-PC | Source = DCOM | ID = 10005
    Description =

    Error - 11/21/2011 7:11:09 PM | Computer Name = RebeccaMarhe-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description =

    Error - 11/21/2011 7:11:14 PM | Computer Name = RebeccaMarhe-PC | Source = DCOM | ID = 10005
    Description =

    Error - 11/21/2011 7:11:21 PM | Computer Name = RebeccaMarhe-PC | Source = DCOM | ID = 10005
    Description =

    Error - 11/21/2011 7:11:21 PM | Computer Name = RebeccaMarhe-PC | Source = DCOM | ID = 10005
    Description =

    Error - 11/21/2011 7:11:38 PM | Computer Name = RebeccaMarhe-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 11/21/2011 7:11:38 PM | Computer Name = RebeccaMarhe-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/21/2011 7:24:35 PM | Computer Name = RebeccaMarhe-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.


    < End of report >
  21. tijiwo79

    tijiwo79 Newcomer, in training Topic Starter Posts: 34

    otl.txt

    OTL logfile created on: 11/21/2011 6:18:22 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rebecca Marheine\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18762)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.96 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 75.51% Memory free
    8.10 Gb Paging File | 7.23 Gb Available in Paging File | 89.26% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.40 Gb Total Space | 251.74 Gb Free Space | 88.83% Space Free | Partition Type: NTFS
    Drive E: | 14.65 Gb Total Space | 6.08 Gb Free Space | 41.53% Space Free | Partition Type: NTFS

    Computer Name: REBECCAMARHE-PC | User Name: Rebecca Marheine | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/21 17:47:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rebecca Marheine\Desktop\OTL.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] () [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV:64bit: - [2011/01/28 12:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV:64bit: - [2008/12/22 05:35:16 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2008/12/14 23:13:46 | 000,281,600 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
    SRV:64bit: - [2008/12/14 23:13:30 | 000,088,576 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2006/11/02 06:16:05 | 000,046,592 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
    SRV - [2011/10/28 18:20:16 | 000,286,736 | ---- | M] (Verizon) [Auto | Stopped] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/05/15 23:36:08 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
    SRV - [2011/05/15 23:36:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
    SRV - [2010/04/29 10:30:44 | 000,091,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
    SRV - [2010/02/10 18:11:00 | 000,020,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe -- (OnlineBackupSchedulerService)
    SRV - [2010/02/02 19:02:52 | 000,024,576 | ---- | M] (DigiData Corp.) [Auto | Stopped] -- C:\Program Files (x86)\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe -- (FilesystemWatcher)
    SRV - [2009/11/06 11:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] () [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] () [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] () [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
    DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2009/11/06 11:00:36 | 000,135,280 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssidrv.sys -- (ssidrv)
    DRV:64bit: - [2009/11/06 11:00:34 | 000,037,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/12/22 05:34:48 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
    DRV:64bit: - [2008/12/17 04:22:04 | 001,526,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
    DRV:64bit: - [2008/12/14 23:13:56 | 000,472,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2008/12/09 00:12:36 | 008,036,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2008/12/08 00:32:48 | 000,068,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
    DRV:64bit: - [2008/09/04 00:29:22 | 000,199,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2008/09/03 03:44:22 | 000,307,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
    DRV:64bit: - [2008/09/03 03:44:22 | 000,168,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
    DRV:64bit: - [2008/09/01 05:19:24 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
    DRV:64bit: - [2008/09/01 05:15:58 | 000,395,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
    DRV:64bit: - [2008/07/07 11:23:56 | 000,025,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
    DRV:64bit: - [2008/06/02 15:28:52 | 000,247,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys -- (NWADI)
    DRV:64bit: - [2008/05/09 10:08:40 | 000,213,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser2.sys -- (NWUSBPort2)
    DRV:64bit: - [2008/05/09 10:08:40 | 000,213,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser.sys -- (NWUSBPort)
    DRV:64bit: - [2008/05/09 10:08:40 | 000,213,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbmdm.sys -- (NWUSBModem)
    DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
    DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Rebecca Marheine\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/15 19:30:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/11/14 19:09:03 | 000,000,000 | ---D | M]

    [2010/10/12 19:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rebecca Marheine\AppData\Roaming\Mozilla\Extensions
    [2010/10/12 19:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rebecca Marheine\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\2.0.40115.0\npctrl.dll
    CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Rebecca Marheine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Rebecca Marheine\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: SiteAdvisor = C:\Users\Rebecca Marheine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

    O1 HOSTS File: ([2011/11/20 21:12:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111114190746.dll (McAfee, Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111114190747.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()
    O3:64bit: - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
    O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSN Toolbar] c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [Online Backup Auto Update] C:\Program Files (x86)\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe ()
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Verizon\Online Backup & Sharing\vewatch.exe (DigiData Corp.)
    O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O4 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O4 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
    O4 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/06/03 14:04:46 | 000,000,000 | ---D | M]
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{943C0FDB-5E56-406E-B497-1A9DEB0BA382}: DhcpNameServer = 192.168.1.1 71.252.0.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0C3480D-E1C2-40B5-AFE2-1E3B6B153D7D}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\cozi - No CLSID value found
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/21 17:41:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rebecca Marheine\Desktop\OTL.exe
    [2011/11/20 22:08:42 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\Template
    [2011/11/20 22:04:37 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Rebecca Marheine\aswMBR.exe
    [2011/11/20 21:13:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/11/20 21:07:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/11/20 21:07:58 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\temp
    [2011/11/20 20:20:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/11/20 20:20:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/11/20 20:20:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/11/20 20:19:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/11/20 20:19:34 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/11/20 20:18:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/20 16:56:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rebecca Marheine\Desktop\dds.scr
    [2011/11/20 14:29:35 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\Malwarebytes
    [2011/11/20 14:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/20 14:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/11/20 14:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/11/20 12:53:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/11/14 18:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
    [2011/11/14 18:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
    [2011/11/14 18:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
    [2011/11/14 18:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2011/11/14 18:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [2011/11/14 18:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
    [2011/11/13 18:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2011/11/13 18:03:00 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
    [2011/11/13 15:51:04 | 000,000,000 | ---D | C] -- C:\mfe
    [2011/11/13 15:35:00 | 000,000,000 | ---D | C] -- C:\!KillBox
    [2011/11/13 14:59:56 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\Documents\VRTOOLS
    [2011/11/13 14:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
    [2011/11/13 14:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
    [2011/11/13 13:12:38 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\Citrix
    [2011/11/13 13:12:13 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\Deployment
    [2011/11/13 13:12:13 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\Apps
    [2011/11/13 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\SpeedyPC Software
    [2011/11/13 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\DriverCure
    [2011/11/13 12:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
    [2011/11/11 13:48:23 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\New Folder (1)
    [2011/11/11 13:47:54 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\New Folder
    [2011/11/06 08:04:33 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\PC Cleaners
    [2011/11/06 08:04:26 | 005,359,888 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
    [2011/11/06 08:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
    [2011/11/06 07:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AML Products
    [2011/11/05 11:40:21 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\Xenocode
    [2011/10/30 12:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ascentive
    [2011/10/28 12:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
    [2011/10/28 12:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\verizontb
    [2011/10/28 12:11:45 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\DigiData
    [2011/10/28 12:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Online Backup and Sharing
    [2011/10/28 12:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DigiData
    [2011/10/28 12:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon Online Backup
    [2011/10/28 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\SupportSoft
    [2011/10/28 12:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VERIZONDM
    [2011/10/28 12:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
    [2011/10/28 12:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SupportSoft
    [2011/10/28 12:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon
    [2011/10/28 11:47:44 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\TechWizard
    [2011/10/27 20:24:20 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\PIMVLibraries
    [2011/10/22 22:47:22 | 000,000,000 | ---D | C] -- C:\found.000

    ========== Files - Modified Within 30 Days ==========

    [2011/11/21 18:12:24 | 000,006,756 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Local\d3d9caps.dat
    [2011/11/21 18:10:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/21 17:47:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rebecca Marheine\Desktop\OTL.exe
    [2011/11/21 17:35:48 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/21 17:35:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/21 17:35:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/21 17:35:17 | 431,117,067 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/11/21 17:11:24 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2DC3A224-5A67-4900-B0EC-793D91740733}.job
    [2011/11/21 00:22:28 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/11/20 22:12:31 | 000,000,512 | ---- | M] () -- C:\Users\Rebecca Marheine\Documents\MBR.dat
    [2011/11/20 22:08:41 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Roaming\wklnhst.dat
    [2011/11/20 22:05:04 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Rebecca Marheine\aswMBR.exe
    [2011/11/20 21:12:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/11/20 19:58:14 | 000,000,512 | ---- | M] () -- C:\Users\Rebecca Marheine\MBR.dat
    [2011/11/20 16:57:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rebecca Marheine\Desktop\dds.scr
    [2011/11/20 16:10:48 | 000,302,592 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\zvc7670y.exe
    [2011/11/20 14:29:23 | 000,000,974 | ---- | M] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/11/20 14:29:23 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/20 12:48:32 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Local\{34284B71-9489-46E6-83DE-EFBDFDC7B0DE}
    [2011/11/20 12:36:53 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Local\{985C741A-D6C3-46D9-9E8D-8868269C08DB}
    [2011/11/19 12:10:29 | 000,002,585 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
    [2011/11/16 21:04:20 | 000,002,737 | ---- | M] () -- C:\Users\Public\Desktop\Verizon Online Backup.lnk
    [2011/11/14 18:30:00 | 000,000,260 | ---- | M] () -- C:\Windows\SysWow64\cmdVBS.vbs
    [2011/11/14 18:30:00 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\MSIevent.bat
    [2011/11/08 07:38:53 | 000,648,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/11/08 07:38:53 | 000,119,758 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/11/08 07:38:53 | 000,004,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/11/06 08:03:59 | 005,359,888 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
    [2011/10/28 12:16:58 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Local\{F3F08FBF-79F0-47EA-A339-41A0904CDE06}
    [2011/10/28 12:14:41 | 000,001,737 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\Click for Verizon Wi-Fi Setup.lnk
    [2011/10/28 12:14:39 | 000,002,069 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\Verizon Message Center.lnk
    [2011/10/28 12:14:39 | 000,001,949 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\My Verizon.lnk
    [2011/10/28 11:50:08 | 000,001,931 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\FiOS Information.lnk
    [2011/10/28 11:50:07 | 000,001,960 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\Install Verizon Media Manager.lnk
  22. tijiwo79

    tijiwo79 Newcomer, in training Topic Starter Posts: 34

    heres the rest of it

    ========== Files Created - No Company Name ==========

    [2011/11/20 22:08:41 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Roaming\wklnhst.dat
    [2011/11/20 21:59:32 | 000,000,512 | ---- | C] () -- C:\Users\Rebecca Marheine\MBR.dat
    [2011/11/20 20:20:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/20 20:20:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/20 20:20:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/20 20:20:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/20 20:20:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/20 19:58:14 | 000,000,512 | ---- | C] () -- C:\Users\Rebecca Marheine\Documents\MBR.dat
    [2011/11/20 16:04:48 | 000,302,592 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\zvc7670y.exe
    [2011/11/20 14:29:23 | 000,000,974 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/11/20 14:29:23 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/20 14:29:17 | 000,025,416 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/11/20 12:51:52 | 431,117,067 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/11/20 12:48:32 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\{34284B71-9489-46E6-83DE-EFBDFDC7B0DE}
    [2011/11/20 12:36:53 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\{985C741A-D6C3-46D9-9E8D-8868269C08DB}
    [2011/11/20 00:43:32 | 000,000,414 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{2DC3A224-5A67-4900-B0EC-793D91740733}.job
    [2011/11/14 18:34:55 | 000,010,248 | ---- | C] () -- C:\Windows\SysNative\drivers\mfeclnk.sys
    [2011/11/14 18:34:52 | 000,161,168 | ---- | C] () -- C:\Windows\SysNative\mfevtps.exe
    [2011/11/14 18:34:48 | 000,647,080 | ---- | C] () -- C:\Windows\SysNative\drivers\mfehidk.sys
    [2011/11/14 18:34:48 | 000,481,768 | ---- | C] () -- C:\Windows\SysNative\drivers\mfefirek.sys
    [2011/11/14 18:34:48 | 000,284,648 | ---- | C] () -- C:\Windows\SysNative\drivers\mfewfpk.sys
    [2011/11/14 18:34:48 | 000,229,528 | ---- | C] () -- C:\Windows\SysNative\drivers\mfeavfk.sys
    [2011/11/14 18:34:48 | 000,160,280 | ---- | C] () -- C:\Windows\SysNative\drivers\mfeapfk.sys
    [2011/11/14 18:34:48 | 000,100,912 | ---- | C] () -- C:\Windows\SysNative\drivers\mferkdet.sys
    [2011/11/14 18:34:48 | 000,075,808 | ---- | C] () -- C:\Windows\SysNative\drivers\mfenlfk.sys
    [2011/11/14 18:34:48 | 000,065,264 | ---- | C] () -- C:\Windows\SysNative\drivers\cfwids.sys
    [2011/11/13 15:00:12 | 000,000,958 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2011/11/13 15:00:12 | 000,000,935 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/11/13 15:00:12 | 000,000,930 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/11/13 15:00:12 | 000,000,258 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2011/11/13 15:00:12 | 000,000,240 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2011/11/13 15:00:10 | 000,002,737 | ---- | C] () -- C:\Users\Public\Desktop\Verizon Online Backup.lnk
    [2011/11/13 15:00:10 | 000,002,585 | ---- | C] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
    [2011/11/13 15:00:10 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/11/13 15:00:10 | 000,001,718 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/11/13 15:00:10 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
    [2011/11/13 15:00:10 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2011/11/13 14:57:30 | 003,908,082 | ---- | C] () -- C:\Users\Rebecca Marheine\Documents\VRTOOLS.zip
    [2011/11/13 14:45:15 | 000,293,776 | ---- | C] () -- C:\Users\Rebecca Marheine\Documents\autoruns.zip
    [2011/10/28 12:16:58 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\{F3F08FBF-79F0-47EA-A339-41A0904CDE06}
    [2011/10/28 12:14:41 | 000,001,737 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\Click for Verizon Wi-Fi Setup.lnk
    [2011/10/28 12:14:39 | 000,002,069 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\Verizon Message Center.lnk
    [2011/10/28 12:14:39 | 000,001,949 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\My Verizon.lnk
    [2011/10/28 12:12:50 | 000,000,260 | ---- | C] () -- C:\Windows\SysWow64\cmdVBS.vbs
    [2011/10/28 12:12:50 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\MSIevent.bat
    [2011/10/28 12:11:51 | 023,896,576 | ---- | C] () -- C:\Windows\VzInHomeAgentInstaller.msi
    [2011/10/28 12:05:31 | 009,782,784 | ---- | C] () -- C:\Windows\VerizonDM.msi
    [2011/10/28 11:50:08 | 000,001,931 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\FiOS Information.lnk
    [2011/10/28 11:50:07 | 000,001,960 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\Install Verizon Media Manager.lnk
    [2009/12/09 18:57:23 | 000,003,584 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/09/15 12:10:39 | 000,006,756 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\d3d9caps.dat
    [2009/06/08 14:38:33 | 001,058,871 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Roaming\UserTile.png
    [2009/06/03 16:37:52 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
    [2009/05/08 08:24:24 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2009/05/08 08:24:24 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2009/05/08 08:24:24 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
    [2009/05/08 08:16:38 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2009/05/08 08:16:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2009/05/08 06:02:21 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
    [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    ========== LOP Check ==========

    [2011/10/28 12:11:45 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\DigiData
    [2011/11/13 12:22:07 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\DriverCure
    [2011/11/06 08:04:33 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\PC Cleaners
    [2009/10/26 16:30:54 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\Smith Micro
    [2011/11/13 12:22:07 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\SpeedyPC Software
    [2011/10/28 12:01:31 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\TechWizard
    [2011/11/20 22:08:42 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\Template
    [2011/11/20 23:10:01 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/11/21 17:11:24 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2DC3A224-5A67-4900-B0EC-793D91740733}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2008/01/20 21:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2008/06/24 05:22:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
    [2009/05/08 08:24:37 | 000,003,456 | R--- | M] () -- C:\dell.sdr
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2011/11/21 18:10:09 | 274,145,279 | -HS- | M] () -- C:\pagefile.sys
    [2011/11/13 14:03:51 | 000,000,000 | ---- | M] () -- C:\ProgramData.LOG1
    [2011/11/13 14:03:51 | 000,000,000 | ---- | M] () -- C:\ProgramData.LOG2
    [2009/06/03 14:37:47 | 000,000,000 | ---- | M] () -- C:\Updates.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 10:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2008/12/04 22:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2011/11/13 15:51:03 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/01/14 13:26:13 | 000,000,286 | -HS- | M] () -- C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/11/21 17:47:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rebecca Marheine\Desktop\OTL.exe
    [2011/11/20 16:10:48 | 000,302,592 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\zvc7670y.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2011/11/20 22:05:04 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Rebecca Marheine\aswMBR.exe

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/06/03 13:49:48 | 000,000,402 | -HS- | M] () -- C:\Users\Rebecca Marheine\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
  23. Broni

    Broni Malware Annihilator Posts: 46,153   +251

  24. tijiwo79

    tijiwo79 Newcomer, in training Topic Starter Posts: 34

    new otl.txt

    OTL logfile created on: 11/21/2011 7:35:49 PM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rebecca Marheine\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18762)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.96 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 54.06% Memory free
    8.10 Gb Paging File | 5.91 Gb Available in Paging File | 73.02% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.40 Gb Total Space | 247.91 Gb Free Space | 87.47% Space Free | Partition Type: NTFS
    Drive E: | 14.65 Gb Total Space | 6.08 Gb Free Space | 41.53% Space Free | Partition Type: NTFS

    Computer Name: REBECCAMARHE-PC | User Name: Rebecca Marheine | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/21 19:33:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rebecca Marheine\Desktop\OTL.exe
    PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/05/15 23:36:08 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
    PRC - [2011/05/15 23:36:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
    PRC - [2011/05/15 23:35:50 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
    PRC - [2010/04/29 10:30:44 | 000,091,456 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    PRC - [2010/04/29 10:30:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    PRC - [2009/12/08 20:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    PRC - [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
    PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/12/17 23:27:22 | 004,823,928 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/05/07 17:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/08/09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    MOD - [2009/06/04 11:11:27 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll
    MOD - [2009/06/04 11:10:57 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll
    MOD - [2009/06/04 11:10:48 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll
    MOD - [2008/12/17 23:24:14 | 006,510,416 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtGui4.dll
    MOD - [2008/12/17 23:24:14 | 001,657,168 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtCore4.dll
    MOD - [2008/12/17 23:24:14 | 000,396,112 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtOpenGL4.dll
    MOD - [2008/12/17 23:24:14 | 000,366,928 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtNetwork4.dll
    MOD - [2008/12/17 23:24:14 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\SDL.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2008/12/22 05:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2008/12/14 23:13:46 | 000,281,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
    SRV:64bit: - [2008/12/14 23:13:30 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2006/11/02 06:16:05 | 000,046,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
    SRV - [2011/10/28 18:20:16 | 000,286,736 | ---- | M] (Verizon) [Auto | Stopped] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/05/15 23:36:08 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
    SRV - [2011/05/15 23:36:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
    SRV - [2010/04/29 10:30:44 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
    SRV - [2010/02/10 18:11:00 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe -- (OnlineBackupSchedulerService)
    SRV - [2010/02/02 19:02:52 | 000,024,576 | ---- | M] (DigiData Corp.) [Auto | Running] -- C:\Program Files (x86)\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe -- (FilesystemWatcher)
    SRV - [2009/11/06 11:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2009/11/06 11:00:36 | 000,135,280 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssidrv.sys -- (ssidrv)
    DRV:64bit: - [2009/11/06 11:00:34 | 000,037,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/12/22 05:34:48 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
    DRV:64bit: - [2008/12/17 04:22:04 | 001,526,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
    DRV:64bit: - [2008/12/14 23:13:56 | 000,472,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2008/12/09 00:12:36 | 008,036,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2008/12/08 00:32:48 | 000,068,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
    DRV:64bit: - [2008/09/04 00:29:22 | 000,199,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2008/09/03 03:44:22 | 000,307,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
    DRV:64bit: - [2008/09/03 03:44:22 | 000,168,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
    DRV:64bit: - [2008/09/01 05:19:24 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
    DRV:64bit: - [2008/09/01 05:15:58 | 000,395,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
    DRV:64bit: - [2008/07/07 11:23:56 | 000,025,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
    DRV:64bit: - [2008/06/02 15:28:52 | 000,247,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys -- (NWADI)
    DRV:64bit: - [2008/05/09 10:08:40 | 000,213,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser2.sys -- (NWUSBPort2)
    DRV:64bit: - [2008/05/09 10:08:40 | 000,213,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser.sys -- (NWUSBPort)
    DRV:64bit: - [2008/05/09 10:08:40 | 000,213,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbmdm.sys -- (NWUSBModem)
    DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
    DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Rebecca Marheine\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore

    [2010/10/12 19:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rebecca Marheine\AppData\Roaming\Mozilla\Extensions
    [2010/10/12 19:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rebecca Marheine\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\2.0.40115.0\npctrl.dll
    CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Rebecca Marheine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Rebecca Marheine\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: SiteAdvisor = C:\Users\Rebecca Marheine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

    O1 HOSTS File: ([2011/11/20 21:12:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
    O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
    O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()
    O3:64bit: - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
    O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSN Toolbar] c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [Online Backup Auto Update] C:\Program Files (x86)\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe ()
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Verizon\Online Backup & Sharing\vewatch.exe (DigiData Corp.)
    O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O4 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O4 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
    O4 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/06/03 14:04:46 | 000,000,000 | ---D | M]
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{943C0FDB-5E56-406E-B497-1A9DEB0BA382}: DhcpNameServer = 192.168.1.1 71.252.0.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0C3480D-E1C2-40B5-AFE2-1E3B6B153D7D}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\cozi - No CLSID value found
    O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\dssrequest - No CLSID value found
    O18 - Protocol\Handler\sacore - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
    O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/21 19:33:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rebecca Marheine\Desktop\OTL.exe
    [2011/11/20 22:08:42 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\Template
    [2011/11/20 22:04:37 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Rebecca Marheine\aswMBR.exe
    [2011/11/20 21:13:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/11/20 21:07:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/11/20 21:07:58 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\temp
    [2011/11/20 20:20:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/11/20 20:20:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/11/20 20:20:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/11/20 20:19:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/11/20 20:19:34 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/11/20 20:18:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/20 16:56:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rebecca Marheine\Desktop\dds.scr
    [2011/11/20 14:29:35 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\Malwarebytes
    [2011/11/20 14:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/20 14:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/11/20 14:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/11/20 12:53:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/11/13 18:03:00 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
    [2011/11/13 15:51:04 | 000,000,000 | ---D | C] -- C:\mfe
    [2011/11/13 15:35:00 | 000,000,000 | ---D | C] -- C:\!KillBox
    [2011/11/13 14:59:56 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\Documents\VRTOOLS
    [2011/11/13 14:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
    [2011/11/13 14:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
    [2011/11/13 13:12:38 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\Citrix
    [2011/11/13 13:12:13 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\Deployment
    [2011/11/13 13:12:13 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\Apps
    [2011/11/13 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\SpeedyPC Software
    [2011/11/13 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\DriverCure
    [2011/11/13 12:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
    [2011/11/11 13:48:23 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\New Folder (1)
    [2011/11/11 13:47:54 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\New Folder
    [2011/11/06 08:04:33 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\PC Cleaners
    [2011/11/06 08:04:26 | 005,359,888 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
    [2011/11/06 08:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
    [2011/11/06 07:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AML Products
    [2011/11/05 11:40:21 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\Xenocode
    [2011/10/30 12:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ascentive
    [2011/10/28 12:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
    [2011/10/28 12:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\verizontb
    [2011/10/28 12:11:45 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\DigiData
    [2011/10/28 12:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Online Backup and Sharing
    [2011/10/28 12:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DigiData
    [2011/10/28 12:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon Online Backup
    [2011/10/28 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\SupportSoft
    [2011/10/28 12:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VERIZONDM
    [2011/10/28 12:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
    [2011/10/28 12:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SupportSoft
    [2011/10/28 12:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon
    [2011/10/28 11:47:44 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\TechWizard
    [2011/10/27 20:24:20 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\PIMVLibraries
    [2011/10/22 22:47:22 | 000,000,000 | ---D | C] -- C:\found.000

    ========== Files - Modified Within 30 Days ==========

    [2011/11/21 19:33:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rebecca Marheine\Desktop\OTL.exe
    [2011/11/21 19:29:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/21 19:29:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/21 19:29:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/21 19:29:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/21 19:29:07 | 4255,502,336 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/21 19:22:15 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/11/21 19:14:17 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2DC3A224-5A67-4900-B0EC-793D91740733}.job
    [2011/11/21 19:06:49 | 000,006,756 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Local\d3d9caps.dat
    [2011/11/21 17:35:17 | 431,117,067 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/11/20 22:12:31 | 000,000,512 | ---- | M] () -- C:\Users\Rebecca Marheine\Documents\MBR.dat
    [2011/11/20 22:08:41 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Roaming\wklnhst.dat
    [2011/11/20 22:05:04 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Rebecca Marheine\aswMBR.exe
    [2011/11/20 21:12:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/11/20 19:58:14 | 000,000,512 | ---- | M] () -- C:\Users\Rebecca Marheine\MBR.dat
    [2011/11/20 16:57:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rebecca Marheine\Desktop\dds.scr
    [2011/11/20 16:10:48 | 000,302,592 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\zvc7670y.exe
    [2011/11/20 14:29:23 | 000,000,974 | ---- | M] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/11/20 14:29:23 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/20 12:48:32 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Local\{34284B71-9489-46E6-83DE-EFBDFDC7B0DE}
    [2011/11/20 12:36:53 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Local\{985C741A-D6C3-46D9-9E8D-8868269C08DB}
    [2011/11/19 12:10:29 | 000,002,585 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
    [2011/11/16 21:04:20 | 000,002,737 | ---- | M] () -- C:\Users\Public\Desktop\Verizon Online Backup.lnk
    [2011/11/14 18:30:00 | 000,000,260 | ---- | M] () -- C:\Windows\SysWow64\cmdVBS.vbs
    [2011/11/14 18:30:00 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\MSIevent.bat
    [2011/11/08 07:38:53 | 000,648,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/11/08 07:38:53 | 000,119,758 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/11/08 07:38:53 | 000,004,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/11/06 08:03:59 | 005,359,888 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
    [2011/10/28 12:16:58 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Local\{F3F08FBF-79F0-47EA-A339-41A0904CDE06}
    [2011/10/28 12:14:41 | 000,001,737 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\Click for Verizon Wi-Fi Setup.lnk
    [2011/10/28 12:14:39 | 000,002,069 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\Verizon Message Center.lnk
    [2011/10/28 12:14:39 | 000,001,949 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\My Verizon.lnk
    [2011/10/28 11:50:08 | 000,001,931 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\FiOS Information.lnk
    [2011/10/28 11:50:07 | 000,001,960 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\Install Verizon Media Manager.lnk

    ========== Files Created - No Company Name ==========

    [2011/11/21 19:11:26 | 4255,502,336 | -HS- | C] () -- C:\hiberfil.sys
    [2011/11/20 22:08:41 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Roaming\wklnhst.dat
    [2011/11/20 21:59:32 | 000,000,512 | ---- | C] () -- C:\Users\Rebecca Marheine\MBR.dat
    [2011/11/20 20:20:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/20 20:20:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/20 20:20:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/20 20:20:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/20 20:20:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/20 19:58:14 | 000,000,512 | ---- | C] () -- C:\Users\Rebecca Marheine\Documents\MBR.dat
    [2011/11/20 16:04:48 | 000,302,592 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\zvc7670y.exe
    [2011/11/20 14:29:23 | 000,000,974 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/11/20 14:29:23 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/20 14:29:17 | 000,025,416 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/11/20 12:51:52 | 431,117,067 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/11/20 12:48:32 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\{34284B71-9489-46E6-83DE-EFBDFDC7B0DE}
    [2011/11/20 12:36:53 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\{985C741A-D6C3-46D9-9E8D-8868269C08DB}
    [2011/11/20 00:43:32 | 000,000,414 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{2DC3A224-5A67-4900-B0EC-793D91740733}.job
    [2011/11/13 15:00:12 | 000,000,958 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2011/11/13 15:00:12 | 000,000,935 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/11/13 15:00:12 | 000,000,930 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/11/13 15:00:12 | 000,000,258 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2011/11/13 15:00:12 | 000,000,240 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2011/11/13 15:00:10 | 000,002,737 | ---- | C] () -- C:\Users\Public\Desktop\Verizon Online Backup.lnk
    [2011/11/13 15:00:10 | 000,002,585 | ---- | C] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
    [2011/11/13 15:00:10 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/11/13 15:00:10 | 000,001,718 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/11/13 15:00:10 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
    [2011/11/13 15:00:10 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2011/11/13 14:57:30 | 003,908,082 | ---- | C] () -- C:\Users\Rebecca Marheine\Documents\VRTOOLS.zip
    [2011/11/13 14:45:15 | 000,293,776 | ---- | C] () -- C:\Users\Rebecca Marheine\Documents\autoruns.zip
    [2011/10/28 12:16:58 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\{F3F08FBF-79F0-47EA-A339-41A0904CDE06}
    [2011/10/28 12:14:41 | 000,001,737 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\Click for Verizon Wi-Fi Setup.lnk
    [2011/10/28 12:14:39 | 000,002,069 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\Verizon Message Center.lnk
    [2011/10/28 12:14:39 | 000,001,949 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\My Verizon.lnk
    [2011/10/28 12:12:50 | 000,000,260 | ---- | C] () -- C:\Windows\SysWow64\cmdVBS.vbs
    [2011/10/28 12:12:50 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\MSIevent.bat
    [2011/10/28 12:11:51 | 023,896,576 | ---- | C] () -- C:\Windows\VzInHomeAgentInstaller.msi
    [2011/10/28 12:05:31 | 009,782,784 | ---- | C] () -- C:\Windows\VerizonDM.msi
    [2011/10/28 11:50:08 | 000,001,931 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\FiOS Information.lnk
    [2011/10/28 11:50:07 | 000,001,960 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\Install Verizon Media Manager.lnk
    [2009/12/09 18:57:23 | 000,003,584 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/09/15 12:10:39 | 000,006,756 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\d3d9caps.dat
    [2009/06/08 14:38:33 | 001,058,871 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Roaming\UserTile.png
    [2009/06/03 16:37:52 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
    [2009/05/08 08:24:24 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2009/05/08 08:24:24 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2009/05/08 08:24:24 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
    [2009/05/08 08:16:38 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2009/05/08 08:16:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2009/05/08 06:02:21 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
    [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    ========== LOP Check ==========

    [2011/10/28 12:11:45 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\DigiData
    [2011/11/13 12:22:07 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\DriverCure
    [2011/11/06 08:04:33 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\PC Cleaners
    [2009/10/26 16:30:54 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\Smith Micro
    [2011/11/13 12:22:07 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\SpeedyPC Software
    [2011/10/28 12:01:31 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\TechWizard
    [2011/11/20 22:08:42 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\Template
    [2011/11/21 19:28:27 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/11/21 19:14:17 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2DC3A224-5A67-4900-B0EC-793D91740733}.job
  25. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    The log is incomplete.
    Please repost it.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.