TechSpot

Task Mgr doesn't work, but does if re-named

Inactive
By BreCalmor
Sep 18, 2010
  1. Subject says it all. It seems I have a bug, but how do I get rid of it and why the heck did SEP let it through???

    It wouldn't let me paste everything here so the the DDS files are attached.

    Running Windows 7 64 bit, so no GMER information.

    Thanks !!
    ----------------------------------------------------------------------------------------------
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4645

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    9/18/2010 10:20:39 AM
    mbam-log-2010-09-18 (10-20-39).txt

    Scan type: Full scan (E:\|)
    Objects scanned: 157394
    Time elapsed: 10 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ----------------------------------------------------------------------------------------------
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Welcome aboard [​IMG]

    There is no perfect security program.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ==========================================================================

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):

    • Close browsers before scanning.
      Scan for tracking cookies.
      Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.

    • Click Preferences, then click the Statistics/Logs tab.
      Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    ======================================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  3. BreCalmor

    BreCalmor TS Rookie Topic Starter

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Inspiron 1545
    Logical Drives Mask: 0x0000302c

    Kernel Drivers (total 161):
    0x02A5F000 \SystemRoot\system32\ntoskrnl.exe
    0x02A16000 \SystemRoot\system32\hal.dll
    0x00B96000 \SystemRoot\system32\kdcom.dll
    0x00C44000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00C88000 \SystemRoot\system32\PSHED.dll
    0x00C9C000 \SystemRoot\system32\CLFS.SYS
    0x00CFA000 \SystemRoot\system32\CI.dll
    0x00E25000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00EC9000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00ED8000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F2F000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F38000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F42000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00F75000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F82000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F97000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00FA0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00FAC000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x01050000 \SystemRoot\System32\drivers\volmgrx.sys
    0x010AC000 \SystemRoot\System32\drivers\mountmgr.sys
    0x010C6000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x011E2000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00FC1000 \SystemRoot\system32\drivers\fileinfo.sys
    0x011ED000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x01251000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01406000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01464000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0147E000 \SystemRoot\System32\Drivers\cng.sys
    0x014F1000 \SystemRoot\System32\drivers\pcw.sys
    0x01502000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0150C000 \SystemRoot\system32\drivers\ndis.sys
    0x016C2000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01722000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x0174D000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01799000 \SystemRoot\System32\Drivers\spldr.sys
    0x017A1000 \SystemRoot\System32\drivers\rdyboost.sys
    0x017DB000 \SystemRoot\System32\Drivers\mup.sys
    0x017ED000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x0163A000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01650000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x02B31000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02B5B000 \SystemRoot\System32\Drivers\SRTSP64.SYS
    0x03834000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20100917.003\EX64.SYS
    0x01200000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    0x03800000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20100917.003\ENG64.SYS
    0x03820000 \SystemRoot\System32\Drivers\SRTSPX64.SYS
    0x039EE000 \SystemRoot\System32\Drivers\Null.SYS
    0x039F7000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02BCF000 \SystemRoot\System32\drivers\vga.sys
    0x0168E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02BDD000 \SystemRoot\System32\drivers\watchdog.sys
    0x02BED000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02BF6000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x016B3000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01236000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x00FD5000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x03A00000 \SystemRoot\System32\drivers\tcpip.sys
    0x03C79000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x03CC3000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x03CE1000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03CEE000 \??\C:\Windows\system32\drivers\wpsdrvnt.sys
    0x03D01000 \SystemRoot\system32\drivers\afd.sys
    0x03D8B000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03DD0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03DD9000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x03C16000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03C25000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03C40000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03EBF000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03F10000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03F1C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03F27000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    0x03F9D000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x03FC2000 \SystemRoot\System32\drivers\discache.sys
    0x03FD1000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03FEF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x04689000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x08828000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x0891C000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x08962000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x0896F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x089C5000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x089D6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x054DD000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
    0x05B8A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x05B97000 \SystemRoot\system32\DRIVERS\yk62x64.sys
    0x05400000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x0541E000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0x0545A000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x05469000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x05478000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x0547D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x05486000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x0549C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x054AC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x08800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x054C2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04D88000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04DB7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04DD2000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04600000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x0461A000 \SystemRoot\system32\DRIVERS\teefer2.sys
    0x054CE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x04640000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03E26000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03E38000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x03E92000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x070E1000 \SystemRoot\system32\DRIVERS\stwrt64.sys
    0x0715C000 \SystemRoot\system32\DRIVERS\portcls.sys
    0x07199000 \SystemRoot\system32\DRIVERS\drmk.sys
    0x071BB000 \SystemRoot\system32\drivers\ksthunk.sys
    0x071C1000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x02A00000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x071CF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x071FD000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x07000000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x0701D000 \SystemRoot\System32\Drivers\RtsUStor.sys
    0x07057000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x07085000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
    0x000C0000 \SystemRoot\System32\win32k.sys
    0x070B0000 \SystemRoot\System32\drivers\Dxapi.sys
    0x070BC000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x004B0000 \SystemRoot\System32\TSDDD.dll
    0x00780000 \SystemRoot\System32\cdd.dll
    0x03C54000 \SystemRoot\system32\drivers\luafv.sys
    0x00E00000 \SystemRoot\system32\drivers\WudfPf.sys
    0x070CA000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x0247A000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x024CD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x024E0000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x024F8000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x02502000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x02538000 \SystemRoot\system32\drivers\HTTP.sys
    0x02400000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x0241E000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x02436000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x03297000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x032E5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x03308000 \SystemRoot\system32\drivers\peauth.sys
    0x033AE000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x033B9000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x033E6000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x03200000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x07253000 \SystemRoot\System32\DRIVERS\srv.sys
    0x072E9000 \??\C:\Windows\system32\drivers\WpsHelper.sys
    0x77AF0000 \WINDOWS\System32\ntdll.dll
    0x47630000 \WINDOWS\System32\smss.exe
    0xFFE10000 \WINDOWS\System32\apisetschema.dll
    0xFF0A0000 \WINDOWS\System32\autochk.exe
    0x779F0000 \WINDOWS\System32\user32.dll
    0xFFDE0000 \WINDOWS\System32\sechost.dll
    0xFFDB0000 \WINDOWS\System32\imm32.dll
    0xFFD60000 \WINDOWS\System32\Wldap32.dll
    0xFFC90000 \WINDOWS\System32\usp10.dll
    0xFFB80000 \WINDOWS\System32\msctf.dll
    0xFFA50000 \WINDOWS\System32\rpcrt4.dll
    0xFF840000 \WINDOWS\System32\ole32.dll

    Processes (total 84):
    0 System Idle Process
    4 System
    308 C:\WINDOWS\System32\smss.exe
    416 csrss.exe
    476 csrss.exe
    484 C:\WINDOWS\System32\wininit.exe
    540 C:\WINDOWS\System32\winlogon.exe
    580 C:\WINDOWS\System32\services.exe
    588 C:\WINDOWS\System32\lsass.exe
    600 C:\WINDOWS\System32\lsm.exe
    708 C:\WINDOWS\System32\svchost.exe
    788 C:\WINDOWS\System32\svchost.exe
    876 C:\WINDOWS\System32\svchost.exe
    912 C:\WINDOWS\System32\svchost.exe
    960 C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    344 C:\WINDOWS\System32\svchost.exe
    428 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
    1036 C:\WINDOWS\System32\svchost.exe
    1088 C:\Program Files\Dell\DellDock\DockLogin.exe
    1224 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    1384 C:\WINDOWS\System32\svchost.exe
    1484 C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    1696 C:\WINDOWS\System32\spoolsv.exe
    1804 C:\WINDOWS\System32\svchost.exe
    1920 C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteService.exe
    1272 C:\WINDOWS\System32\lxeecoms.exe
    1328 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    1176 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1260 C:\WINDOWS\System32\svchost.exe
    1672 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    2068 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2132 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2500 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3056 C:\WINDOWS\System32\svchost.exe
    2444 C:\WINDOWS\System32\taskhost.exe
    1976 C:\WINDOWS\System32\svchost.exe
    3196 C:\WINDOWS\System32\dwm.exe
    3204 C:\WINDOWS\explorer.exe
    3220 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    3596 C:\Program Files\DellTPad\Apoint.exe
    3676 C:\Program Files\IDT\WDM\sttray64.exe
    3852 C:\WINDOWS\System32\igfxtray.exe
    3892 C:\Program Files\DellTPad\ApMsgFwd.exe
    3956 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    3980 C:\WINDOWS\System32\hkcmd.exe
    3996 C:\WINDOWS\System32\igfxsrvc.exe
    4032 C:\Program Files\DellTPad\ApntEx.exe
    4056 C:\WINDOWS\System32\conhost.exe
    3120 C:\Program Files\DellTPad\hidfind.exe
    3316 C:\WINDOWS\System32\igfxpers.exe
    276 C:\Program Files\Dell\QuickSet\quickset.exe
    1100 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    2788 C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
    3476 C:\WINDOWS\System32\SearchIndexer.exe
    1480 WmiPrvSE.exe
    1000 C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
    940 C:\WINDOWS\WindowsMobile\wmdc.exe
    2432 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3992 C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    4060 C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    2780 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2804 C:\WINDOWS\System32\svchost.exe
    3812 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    3464 C:\Program Files (x86)\Palm\Hotsync.exe
    2956 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    2816 C:\Program Files\Dell\DellDock\DellDock.exe
    1192 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    868 C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    1096 C:\Program Files (x86)\SyncBack\SyncBack.exe
    3924 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    4192 C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    4332 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    5024 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    888 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    2732 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    656 C:\WINDOWS\System32\svchost.exe
    5244 C:\WINDOWS\System32\svchost.exe
    5612 dllhost.exe
    1928 C:\WINDOWS\System32\audiodg.exe
    592 C:\WINDOWS\System32\SearchProtocolHost.exe
    3748 C:\WINDOWS\System32\SearchFilterHost.exe
    3244 C:\WINDOWS\System32\SearchProtocolHost.exe
    324 C:\Users\Sheri\Desktop\MBRCheck.exe
    5240 C:\WINDOWS\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OC60S

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
  4. BreCalmor

    BreCalmor TS Rookie Topic Starter

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 09/19/2010 at 02:24 AM

    Application Version : 4.43.1000

    Core Rules Database Version : 5530
    Trace Rules Database Version: 3342

    Scan type : Complete Scan
    Total Scan Time : 01:56:37

    Memory items scanned : 335
    Memory threats detected : 0
    Registry items scanned : 15283
    Registry threats detected : 0
    File items scanned : 172050
    File threats detected : 231

    Adware.Tracking Cookie
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@a1.interclick[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.windowsmedia[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@l1.qsstats[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.lucidmedia[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.entrepreneur[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@atlas.entrepreneur[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.foodbuzz[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@windowsmedia[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@chitika[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@swissknivesexpress[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@tracking.realtor[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.findstone[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@tribalfusion[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@specificmedia[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@bizrate[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@findstone[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@interclick[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@adinterax[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@samsclubus.pnimedia[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.lockedonmedia[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@media6degrees[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@qnsr[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@collective-media[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@centralmediaserver[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.ak.facebook[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.shutterfly[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@traffic.prod.cobaltgroup[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@eas.apm.emediate[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ad1.clickhype[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@uk.sitestat[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@clicksor[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@liveperson[3].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ecnext.advertserve[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@euroclick[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@sitestats.ets[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.palminfocenter[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@trackalyzer[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@insightcruises[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@stats.townnews[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@track.bestbuy[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@invitemedia[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.discounttiredirect[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@myaccount.verizonwireless[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.backcountry[3].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.backcountry[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@eyewonder[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@mmstat[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@youporn[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@findagrave[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.associatedcontent[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@uk.sitestat[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.clickmanage[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@rinckadvertising[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.rinckadvertising[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.us.e-planning[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@discounttire[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@backcountry[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@petfinder[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@tracking.foxnews[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@dc.tremormedia[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@discounttiredirect[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.discountschoolsupply[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@v7.stats.load[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@stats.amnh[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@t.bbtrack[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@discountschoolsupply[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.reason[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@findarticles[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.widgetbucks[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@tracking.foundry42[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@thefind[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.collegeconfidential[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@bannerads.wedalert[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@tracking.dsmmadvantage[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.lucidmedia[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@1.sharkadnetwork[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.toseeka[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@mediawebmonster[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.tnt[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@couponmountain[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@myaccounts.navyfcu[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.backcountry[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@clickaider[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.ez-tracks[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@kronos.bravenetmedia[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@media.mtvnservices[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@richmedia.yahoo[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@e-2dj6wjlyqgcjwkq.stats.esomniture[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@pointroll[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.arbookfind[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.epitrack[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.undertone[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@intermundomedia[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@toseeka[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.gmodules[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@goodstats1[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ez-tracks[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.somd[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@tracking.foundry42[3].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@discount-all-inclusive[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@media.causes[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@sex-and-the-city[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.socialtrack[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ez-tracks.demdex[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@discountofficeitems[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.freefoto[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@lucidmedia[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@adserver.onlinegames[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@nakedscience[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@e-2dj6wgkyopd5mdp.stats.esomniture[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.nakedscience[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.decorati[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.stackoverflow[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@kanoodle[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.findgift[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@videos.mediaite[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads-dev.youporn[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.4shared[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.songlyrics[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@countryliving[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@e-2dj6wmlowiczmeo.stats.esomniture[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@discountrubberstamps[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@find.t-mobile[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@zanox[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@urlb--collective-media--net.reachlocal[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@linksynergy.walmart[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.cnn[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@123stat[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.ourstage[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@adxpose[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@liveperson[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@media.expedia[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@revsci[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@precisionclick[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@trafficmp[3].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ad.wsod[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ad.yieldmanager[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ad.wikinvest[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@media.adfrontiers[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@advertising[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@doubleclick[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@pro-market[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@find.hamptonroads[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@fr.sitestat[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.raasnet[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@gotquestions[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.jartrack[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.petfinder[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@sales.liveperson[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.googleadservices[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@imrworldwide[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.googleadservices[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@advertise[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.incentaclick[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@burstnet[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@in.getclicky[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@a2zwordfinder[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@atdmt[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@adserving.autotrader[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.pointroll[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@adv.dmv[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@tracking.williamsburgmarketplace[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@statcounter[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@e-2dj6wjl4olazeep.stats.esomniture[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@steelhousemedia[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.telegraph.co[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@hornymatches[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.burstbeacon[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@stats.townnews[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@urlcdn--at--atwola--com.reachlocal[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@burstbeacon[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@apmebf[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.questionhub[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@mediabrandsww[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@adserving.contextualmarketplace[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@zedomax[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@myaccountsaws.navyfcu[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.intergi[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.backcountry[4].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@advertising.sheknows[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@adserver.cjrwbeta[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@e-2dj6wfkialdjihp.stats.esomniture[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@bs.serving-sys[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@media.legacy[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@beacon.dmsinsights[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@adbrite[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@stats.paypal[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.index-stats[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@incentaclick[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@e-2dj6wfmyqgdzaao.stats.esomniture[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@sftrack.searchforce[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@zedo[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.like[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@lockedonmedia[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@urlleadback--advertising--com.reachlocal[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@digimetrix.advertserve[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.googleadservices[10].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@pluckit.demandmedia[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@e-2dj6wjkycpazwko.stats.esomniture[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.googleadservices[6].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.neudesicmediagroup[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@track.prize-wave[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@mediaplex[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@questionmarket[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.meredithads[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@r.unicornmedia[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@metroleap.rotator.hadj7.adjuggler[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@multimedialearning[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.googleadservices[3].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.roiserver[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.googleadservices[11].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@cozi.adbureau[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ad.adlantis[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@legolas-media[2].txt
     
  5. BreCalmor

    BreCalmor TS Rookie Topic Starter

    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@w3counter[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@flightstats[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@e1.cdn.qnsr[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@e-2dj6aekiwldjofp.stats.esomniture[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.googleadservices[9].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.simonandschuster[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.burstnet[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@tracking.admarketplace[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.gotquestions[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@ads.pubmatic[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@serving-sys[2].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@hippocounter[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@specificclick[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@edgeadx[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@snapfish.112.2o7[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@www.countryliving[1].txt
    C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Cookies\sheri@fastclick[1].txt
     
  6. BreCalmor

    BreCalmor TS Rookie Topic Starter

    OTL logfile created on: 9/18/2010 6:26:05 PM - Run 1
    OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Sheri\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.40 Gb Total Space | 184.16 Gb Free Space | 64.98% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 1863.01 Gb Total Space | 52.06 Gb Free Space | 2.79% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive M: | 931.51 Gb Total Space | 44.23 Gb Free Space | 4.75% Space Free | Partition Type: NTFS
    Drive N: | 931.51 Gb Total Space | 44.23 Gb Free Space | 4.75% Space Free | Partition Type: NTFS

    Computer Name: SHERI-PC
    Current User Name: Sheri
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/09/18 18:24:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sheri\Desktop\OTL.exe
    PRC - [2010/05/14 18:45:40 | 003,016,960 | ---- | M] (2BrightSparks) -- C:\Program Files (x86)\SyncBack\SyncBack.exe
    PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2010/04/26 20:23:24 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2010/04/03 16:44:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    PRC - [2010/01/18 10:51:22 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
    PRC - [2010/01/18 10:51:20 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
    PRC - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteService.exe
    PRC - [2009/12/03 16:52:32 | 000,670,864 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    PRC - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2009/09/17 18:55:12 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    PRC - [2009/07/08 20:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    PRC - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2009/06/24 18:31:44 | 001,942,792 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    PRC - [2009/06/24 18:31:44 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    PRC - [2009/06/24 18:31:22 | 002,368,776 | ---- | M] (Sensible Vision ) -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    PRC - [2009/06/18 23:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    PRC - [2008/01/03 18:28:08 | 001,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files (x86)\Palm\Hotsync.exe
    PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/09/18 18:24:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sheri\Desktop\OTL.exe
    MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msscript.ocx
    MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2010/04/14 19:01:38 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
    SRV:64bit: - [2010/01/07 15:20:39 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeecoms.exe -- (lxee_device)
    SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2010/03/31 16:04:13 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/25 09:45:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2010/01/07 15:20:28 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxeecoms.exe -- (lxee_device)
    SRV - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
    SRV - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2009/09/17 18:37:56 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2009/09/17 17:22:16 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
    SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2009/06/26 13:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
    SRV - [2009/06/24 18:31:22 | 002,368,776 | ---- | M] (Sensible Vision ) [Auto | Running] -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
    SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
    SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\RxFilter.sys -- (RxFilter)
    DRV:64bit: - [2010/06/02 21:21:20 | 000,219,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\wpshelper.sys -- (WpsHelper)
    DRV:64bit: - [2010/03/21 03:15:13 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2009/10/22 15:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
    DRV:64bit: - [2009/10/22 15:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ftser2k.sys -- (FTSER2K)
    DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/09/17 18:37:52 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\WPSDRVnt.sys -- (WPS)
    DRV:64bit: - [2009/09/15 00:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
    DRV:64bit: - [2009/08/25 20:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2009/08/25 20:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\srtspl64.sys -- (SRTSPL)
    DRV:64bit: - [2009/08/25 20:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/06/02 23:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/05/27 14:31:34 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Teefer2.sys -- (Teefer2)
    DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/02/05 07:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2008/09/24 22:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\facap.sys -- (FACAP)
    DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2010/07/15 04:00:00 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100918.003\EX64.SYS -- (NAVEX15)
    DRV - [2010/07/15 04:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2010/07/15 04:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100918.003\ENG64.SYS -- (NAVENG)
    DRV - [2010/05/27 04:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2009/08/25 20:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
    DRV - [2009/08/25 20:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
    DRV - [2009/08/25 20:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
    DRV - [2009/06/26 12:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


    ========== Standard Registry (SafeList) ==========
     
  7. BreCalmor

    BreCalmor TS Rookie Topic Starter

    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010/05/02 14:09:33 | 000,000,842 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
    O1 - Hosts: 192.168.2.2 tivo
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
    O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [lxeemon.exe] C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe ()
    O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\WINDOWS\WindowsMobile\wmdc.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [FAStartup] File not found
    O4 - HKLM..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
    O4 - HKLM..\Run: [HotSync] C:\Program Files\PalmSource\Desktop\HotSync.exe File not found
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
    O4 - Startup: C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
    O4 - Startup: C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SyncBack.lnk = C:\Program Files (x86)\SyncBack\SyncBack.exe (2BrightSparks)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15:64bit: - ..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Domains: portaportal.com ([my] http in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/63.18/uploader2.cab (UploadListView Class)
    O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab (LogMeIn Rescue Applet Downloader)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\FastAccess: DllName - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - File not found
    O27 - HKLM IFEO\taskmgr.exe: Debugger - "®œ?" File not found
    O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
  8. BreCalmor

    BreCalmor TS Rookie Topic Starter

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/09/18 18:24:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Sheri\Desktop\OTL.exe
    [2010/09/18 12:27:51 | 000,000,000 | ---D | C] -- C:\Users\Sheri\AppData\Roaming\SUPERAntiSpyware.com
    [2010/09/18 12:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/09/18 12:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2010/09/18 12:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/09/18 12:23:59 | 009,458,552 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Sheri\Desktop\SUPERAntiSpyware.exe
    [2010/09/18 10:44:26 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Sheri\Desktop\TFC.exe
    [2010/08/29 19:33:11 | 000,000,000 | ---D | C] -- C:\Users\Sheri\AppData\Roaming\Malwarebytes
    [2010/08/29 19:33:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/08/29 19:33:01 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/08/29 19:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/08/29 19:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/08/26 21:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SyncBack
    [2010/08/07 11:20:31 | 000,000,000 | ---D | C] -- C:\Users\Sheri\AppData\Local\ICS
    [2010/08/07 10:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HotSync
    [2010/08/07 09:40:42 | 000,000,000 | ---D | C] -- C:\Users\Sheri\AppData\Roaming\HotSync
    [2010/08/07 09:17:21 | 000,000,000 | ---D | C] -- C:\Users\Sheri\AppData\Roaming\Arcsoft
    [2010/08/07 09:16:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Palm
    [2010/08/05 16:16:06 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
    [2010/08/05 16:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
    [2010/07/23 10:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cozi Express
    [2010/07/19 20:06:30 | 000,000,000 | ---D | C] -- C:\Users\Sheri\AppData\Local\PhotoChannel
    [2010/07/03 16:45:52 | 000,000,000 | ---D | C] -- C:\Users\Sheri\AppData\Local\PowerDVD DX
    [2010/07/03 16:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
    [2010/07/03 10:31:40 | 000,000,000 | ---D | C] -- C:\Users\Sheri\Desktop\Jamestown
    [2010/07/01 08:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cricut Software
    [2010/06/27 13:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paint Shop Pro 5
    [2010/06/24 18:53:59 | 000,000,000 | ---D | C] -- C:\Users\Sheri\Desktop\Digital Picture Frame
    [2010/06/22 23:48:32 | 000,000,000 | ---D | C] -- C:\Users\Sheri\AppData\Local\Microsoft Games
    [2010/06/21 22:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexmark Pro700 Series
    [2010/03/21 05:31:04 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeinpa.dll
    [2010/03/21 05:31:03 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeserv.dll
    [2010/03/21 05:31:03 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeusb1.dll
    [2010/03/21 05:31:03 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecomc.dll
    [2010/03/21 05:31:03 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeehbn3.dll
    [2010/03/21 05:31:03 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeepmui.dll
    [2010/03/21 05:31:03 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeelmpm.dll
    [2010/03/21 05:31:03 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecomm.dll
    [2010/03/21 05:31:03 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeiesc.dll
    [6 C:\Users\Sheri\*.tmp files -> C:\Users\Sheri\*.tmp -> ]
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/09/18 18:29:02 | 004,718,592 | -HS- | M] () -- C:\Users\Sheri\NTUSER.DAT
    [2010/09/18 18:28:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/09/18 18:24:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sheri\Desktop\OTL.exe
    [2010/09/18 18:14:33 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/09/18 18:14:33 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/09/18 18:03:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/09/18 18:03:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/09/18 18:03:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/09/18 18:03:03 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
    [2010/09/18 12:30:40 | 006,893,954 | -H-- | M] () -- C:\Users\Sheri\AppData\Local\IconCache.db
    [2010/09/18 12:27:48 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/09/18 12:24:12 | 009,458,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Sheri\Desktop\SUPERAntiSpyware.exe
    [2010/09/18 12:21:33 | 000,080,384 | ---- | M] () -- C:\Users\Sheri\Desktop\MBRCheck.exe
    [2010/09/18 11:20:11 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/09/18 11:20:11 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/09/18 11:20:11 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/09/18 10:44:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sheri\Desktop\TFC.exe
    [2010/09/18 09:57:06 | 000,525,824 | ---- | M] () -- C:\Users\Sheri\Desktop\dds.scr
    [2010/09/16 22:06:19 | 000,011,580 | ---- | M] () -- C:\Users\Sheri\Documents\Classes.xlsx
    [2010/09/16 22:05:04 | 000,000,016 | ---- | M] () -- C:\Windows\popcinfo.dat
    [2010/09/16 19:50:06 | 000,010,552 | ---- | M] () -- C:\Users\Sheri\Desktop\5.6 Vocab Sort.xlsx
    [2010/09/15 19:30:31 | 000,000,170 | ---- | M] () -- C:\Users\Sheri\Desktop\QuizStar - Create Online Quizzes.url
    [2010/09/04 10:39:23 | 000,006,656 | ---- | M] () -- C:\palm.grf
    [2010/08/30 21:22:43 | 000,003,584 | ---- | M] () -- C:\Users\Sheri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/27 23:13:30 | 000,036,150 | ---- | M] () -- C:\Users\Sheri\Desktop\BETTA FISH VASE.docx
    [2010/08/27 23:06:53 | 000,025,860 | ---- | M] () -- C:\Users\Sheri\Desktop\Creating a Closed Aquatic Ecosystem.docx
    [2010/08/26 22:06:13 | 000,001,112 | ---- | M] () -- C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SyncBack.lnk
    [2010/08/19 10:58:55 | 000,000,016 | ---- | M] () -- C:\Users\Sheri\persistent_state
    [2010/08/11 19:20:20 | 000,469,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/08/07 10:46:41 | 000,001,858 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
    [2010/08/07 09:40:42 | 000,000,094 | ---- | M] () -- C:\Windows\family.ini
    [2010/08/06 22:11:00 | 000,179,464 | ---- | M] () -- C:\Users\Sheri\Desktop\Reaching the Reluctant Writer_ Fast ... - Google Books.pdf
    [2010/07/25 16:39:44 | 000,002,243 | ---- | M] () -- C:\Users\Sheri\Desktop\1small.gif
    [2010/07/23 14:15:59 | 000,026,656 | ---- | M] () -- C:\Users\Sheri\Documents\5.3 Experiment Opaque, tansparent, trasnslucent.docx
    [2010/07/18 22:28:23 | 000,014,768 | ---- | M] () -- C:\Users\Sheri\Desktop\science Links.docx
    [2010/07/06 23:05:16 | 191,369,160 | ---- | M] () -- C:\Users\Sheri\Desktop\Nortwest Arkansas Visitor Guide 30448.pdf
    [2010/07/01 20:22:44 | 002,719,744 | ---- | M] () -- C:\Users\Sheri\Desktop\Timmy TODO Database.accdb
    [2010/07/01 11:21:36 | 000,001,321 | ---- | M] () -- C:\Users\Public\Desktop\Cricut DesignStudio.lnk
    [2010/06/28 18:17:57 | 007,551,351 | ---- | M] () -- C:\Users\Sheri\Desktop\2742_CompiledTeacherInstitute_2010.pdf
    [6 C:\Users\Sheri\*.tmp files -> C:\Users\Sheri\*.tmp -> ]
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/09/18 12:27:48 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/09/18 12:21:32 | 000,080,384 | ---- | C] () -- C:\Users\Sheri\Desktop\MBRCheck.exe
    [2010/09/18 09:57:04 | 000,525,824 | ---- | C] () -- C:\Users\Sheri\Desktop\dds.scr
    [2010/09/16 22:06:19 | 000,011,580 | ---- | C] () -- C:\Users\Sheri\Documents\Classes.xlsx
    [2010/09/16 19:47:33 | 000,010,552 | ---- | C] () -- C:\Users\Sheri\Desktop\5.6 Vocab Sort.xlsx
    [2010/09/15 19:30:31 | 000,000,170 | ---- | C] () -- C:\Users\Sheri\Desktop\QuizStar - Create Online Quizzes.url
    [2010/08/30 21:22:45 | 000,006,656 | ---- | C] () -- C:\palm.grf
    [2010/08/30 21:22:43 | 000,003,584 | ---- | C] () -- C:\Users\Sheri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/27 23:13:29 | 000,036,150 | ---- | C] () -- C:\Users\Sheri\Desktop\BETTA FISH VASE.docx
    [2010/08/27 23:06:53 | 000,025,860 | ---- | C] () -- C:\Users\Sheri\Desktop\Creating a Closed Aquatic Ecosystem.docx
    [2010/08/26 22:06:13 | 000,001,112 | ---- | C] () -- C:\Users\Sheri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SyncBack.lnk
    [2010/08/07 10:46:41 | 000,001,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
    [2010/08/07 09:40:42 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
    [2010/08/06 22:10:46 | 000,179,464 | ---- | C] () -- C:\Users\Sheri\Desktop\Reaching the Reluctant Writer_ Fast ... - Google Books.pdf
    [2010/07/25 16:53:51 | 000,002,243 | ---- | C] () -- C:\Users\Sheri\Desktop\1small.gif
    [2010/07/23 14:15:58 | 000,026,656 | ---- | C] () -- C:\Users\Sheri\Documents\5.3 Experiment Opaque, tansparent, trasnslucent.docx
    [2010/07/18 22:28:22 | 000,014,768 | ---- | C] () -- C:\Users\Sheri\Desktop\science Links.docx
    [2010/07/06 23:05:14 | 191,369,160 | ---- | C] () -- C:\Users\Sheri\Desktop\Nortwest Arkansas Visitor Guide 30448.pdf
    [2010/07/01 20:53:17 | 000,000,723 | ---- | C] () -- C:\Users\Sheri\Sti_Trace.log
    [2010/07/01 08:49:32 | 000,001,321 | ---- | C] () -- C:\Users\Public\Desktop\Cricut DesignStudio.lnk
    [2010/06/28 18:17:57 | 007,551,351 | ---- | C] () -- C:\Users\Sheri\Desktop\2742_CompiledTeacherInstitute_2010.pdf
    [2010/04/02 16:12:00 | 000,000,712 | ---- | C] () -- C:\ProgramData\lxee.log
    [2010/03/27 01:13:30 | 000,000,774 | ---- | C] () -- C:\Users\Sheri\AppData\Roaming\wklnhst.dat
    [2010/03/26 06:45:45 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/03/21 05:43:25 | 000,271,420 | ---- | C] () -- C:\ProgramData\lxeeJSW.log
    [2010/03/21 05:43:16 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
    [2010/03/21 05:32:33 | 000,027,071 | ---- | C] () -- C:\ProgramData\lxeescan.log
    [2010/03/21 05:31:07 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEEinst.dll
    [2010/03/21 05:31:04 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeecomx.dll
    [2010/03/21 05:31:03 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeeins.dll
    [2010/03/21 05:31:03 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeeinsb.dll
    [2010/03/21 05:31:03 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeecu.dll
    [2010/03/21 05:31:03 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeeinsr.dll
    [2010/03/21 05:31:03 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeecub.dll
    [2010/03/21 05:31:03 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeejswr.dll
    [2010/03/21 05:31:03 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeecur.dll
    [2010/03/21 05:16:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
    [2010/03/21 05:16:15 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
    [2010/03/21 05:15:58 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
    [2010/03/21 05:15:29 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEEsmr.dll
    [2010/03/21 05:15:28 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEEsm.dll
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/24 18:32:34 | 000,089,352 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
    [2009/06/24 18:31:46 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
    [2009/06/24 18:31:00 | 000,234,760 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll

    ========== LOP Check ==========

    [2010/08/07 09:40:42 | 000,000,000 | ---D | M] -- C:\Users\Sheri\AppData\Roaming\HotSync
    [2010/03/19 00:49:27 | 000,000,000 | ---D | M] -- C:\Users\Sheri\AppData\Roaming\Template
    [2010/03/21 06:14:23 | 000,000,000 | ---D | M] -- C:\Users\Sheri\AppData\Roaming\Windows Live Writer
    [2009/07/14 01:08:49 | 000,021,166 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
     
  9. BreCalmor

    BreCalmor TS Rookie Topic Starter

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/02/16 23:54:28 | 000,004,323 | RH-- | M] () -- C:\dell (1).sdr
    [2010/02/25 11:26:12 | 000,003,563 | RH-- | M] () -- C:\dell.sdr
    [2010/09/18 18:03:03 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
    [2010/07/26 11:45:52 | 000,000,086 | ---- | M] () -- C:\lxeePpx.log
    [2010/03/21 12:12:45 | 000,000,546 | ---- | M] () -- C:\Media (TIVO) (n) - Shortcut.lnk
    [2010/09/18 18:03:07 | 4253,405,184 | -HS- | M] () -- C:\pagefile.sys
    [2010/09/04 10:39:23 | 000,006,656 | ---- | M] () -- C:\palm.grf
    [2009/07/13 21:39:47 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\taskmgr_back.exe

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 14:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/01/11 17:41:55 | 000,000,286 | -HS- | M] () -- C:\Users\Sheri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2010/03/19 15:39:55 | 000,000,221 | -HS- | M] () -- C:\Users\Sheri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/09/18 12:21:33 | 000,080,384 | ---- | M] () -- C:\Users\Sheri\Desktop\MBRCheck.exe
    [2010/09/18 18:24:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sheri\Desktop\OTL.exe
    [2010/09/18 12:24:12 | 009,458,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Sheri\Desktop\SUPERAntiSpyware.exe
    [2010/09/18 10:44:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sheri\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2010/01/11 19:34:27 | 000,061,224 | ---- | M] () -- C:\Users\Sheri\GoToAssistDownloadHelper.exe
    [6 C:\Users\Sheri\*.tmp files -> C:\Users\Sheri\*.tmp -> ]

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\WINDOWS\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/08/07 10:41:51 | 000,008,192 | ---- | M] () -- C:\WINDOWS\security\database\edb.chk
    [2010/08/07 10:41:51 | 001,048,576 | ---- | M] () -- C:\WINDOWS\security\database\edb.log
    [2010/08/07 10:41:50 | 001,048,576 | ---- | M] () -- C:\WINDOWS\security\database\edbres00001.jrs
    [2010/08/07 10:41:51 | 001,048,576 | ---- | M] () -- C:\WINDOWS\security\database\edbres00002.jrs
    [2010/08/07 10:41:50 | 000,786,432 | ---- | M] () -- C:\WINDOWS\security\database\edbtmp.log
    [2010/08/07 10:41:51 | 001,056,768 | ---- | M] () -- C:\WINDOWS\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/03 08:19:13 | 000,000,402 | -HS- | M] () -- C:\Users\Sheri\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/03/21 05:16:18 | 000,000,000 | ---- | M] () -- C:\ProgramData\cmn_upld.log
    [2010/03/21 05:43:16 | 000,000,252 | ---- | M] () -- C:\ProgramData\FastPics.log
    [2010/04/02 16:50:41 | 000,000,712 | ---- | M] () -- C:\ProgramData\lxee.log
    [2010/06/21 22:23:04 | 000,271,420 | ---- | M] () -- C:\ProgramData\lxeeJSW.log
    [2010/09/18 18:04:39 | 000,027,071 | ---- | M] () -- C:\ProgramData\lxeescan.log
    [2010/03/21 05:16:15 | 000,000,000 | ---- | M] () -- C:\ProgramData\LxWbGwLog.log
    [2010/03/21 05:15:58 | 000,000,000 | ---- | M] () -- C:\ProgramData\UpdaterLog.txt
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < End of report >
     
  10. BreCalmor

    BreCalmor TS Rookie Topic Starter

    OTL Extras logfile created on: 9/18/2010 6:26:06 PM - Run 1
    OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Sheri\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.40 Gb Total Space | 184.16 Gb Free Space | 64.98% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 1863.01 Gb Total Space | 52.06 Gb Free Space | 2.79% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive M: | 931.51 Gb Total Space | 44.23 Gb Free Space | 4.75% Space Free | Partition Type: NTFS
    Drive N: | 931.51 Gb Total Space | 44.23 Gb Free Space | 4.75% Space Free | Partition Type: NTFS

    Computer Name: SHERI-PC
    Current User Name: Sheri
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
    "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
    "{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{B4735ADA-2C32-4DB1-809C-D3D424343ED9}" = FastAccess
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
    "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "doPDF 6 printer_is1" = doPDF 6.2 printer
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Lexmark Pro700 Series" = Lexmark Pro700 Series
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
     
  11. BreCalmor

    BreCalmor TS Rookie Topic Starter

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
    "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
    "{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{194D0B58-ED34-444F-A1D1-C1CACFC3B7EE}" = Cozi Outlook Toolbar
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{81F1C6DE-C053-4C6C-9DE8-ED23D28FA9AB}" = Cozi
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
    "{AC76BA86-1033-0000-7760-000000000004}_934" = Adobe Acrobat 9.3.4 - CPSID_83708
    "{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
    "{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
    "Carbonite Backup" = Carbonite
    "Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
    "Cricut DesignStudio" = Cricut DesignStudio
    "Dell Webcam Central" = Dell Webcam Central
    "GoToAssist" = GoToAssist 8.0.0.514
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Paint Shop Pro 5.0 Evaluation" = Paint Shop Pro 5.0 Evaluation
    "Pegasus Mail" = Pegasus Mail
    "PROR" = Microsoft Office Professional 2007
    "SyncBack_is1" = SyncBack
    "Timez Attack 3.15" = Timez Attack
    "WildTangent dell Master Uninstall" = WildTangent Games
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Sound" = Sound
     
     
  12. BreCalmor

    BreCalmor TS Rookie Topic Starter

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/9/2010 11:57:19 PM | Computer Name = Sheri-PC | Source = VSS | ID = 22
    Description =

    Error - 9/9/2010 11:57:19 PM | Computer Name = Sheri-PC | Source = VSS | ID = 8193
    Description =

    Error - 9/10/2010 1:04:42 AM | Computer Name = Sheri-PC | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
    scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
    file was deleted successfully.

    Error - 9/10/2010 2:10:41 AM | Computer Name = Sheri-PC | Source = VSS | ID = 22
    Description =

    Error - 9/10/2010 2:10:41 AM | Computer Name = Sheri-PC | Source = VSS | ID = 8193
    Description =

    Error - 9/10/2010 2:11:43 AM | Computer Name = Sheri-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 9/10/2010 2:18:24 AM | Computer Name = Sheri-PC | Source = VSS | ID = 22
    Description =

    Error - 9/10/2010 2:18:24 AM | Computer Name = Sheri-PC | Source = VSS | ID = 8193
    Description =

    Error - 9/10/2010 2:56:58 PM | Computer Name = Sheri-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 9/11/2010 1:06:02 AM | Computer Name = Sheri-PC | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
    scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
    file was deleted successfully.

    [ Media Center Events ]
    Error - 8/12/2010 8:29:08 AM | Computer Name = Sheri-PC | Source = MCUpdate | ID = 0
    Description = 8:29:08 AM - Error connecting to the internet. 8:29:08 AM - Unable
    to contact server..

    Error - 8/12/2010 8:29:18 AM | Computer Name = Sheri-PC | Source = MCUpdate | ID = 0
    Description = 8:29:14 AM - Error connecting to the internet. 8:29:14 AM - Unable
    to contact server..

    Error - 8/12/2010 9:29:23 AM | Computer Name = Sheri-PC | Source = MCUpdate | ID = 0
    Description = 9:29:23 AM - Error connecting to the internet. 9:29:23 AM - Unable
    to contact server..

    Error - 8/12/2010 9:29:29 AM | Computer Name = Sheri-PC | Source = MCUpdate | ID = 0
    Description = 9:29:28 AM - Error connecting to the internet. 9:29:28 AM - Unable
    to contact server..

    Error - 8/12/2010 2:07:03 PM | Computer Name = Sheri-PC | Source = MCUpdate | ID = 0
    Description = 2:07:03 PM - Error connecting to the internet. 2:07:03 PM - Unable
    to contact server..

    Error - 8/12/2010 2:07:09 PM | Computer Name = Sheri-PC | Source = MCUpdate | ID = 0
    Description = 2:07:08 PM - Error connecting to the internet. 2:07:08 PM - Unable
    to contact server..

    Error - 9/18/2010 2:38:33 AM | Computer Name = Sheri-PC | Source = MCUpdate | ID = 0
    Description = 2:38:27 AM - Error connecting to the internet. 2:38:27 AM - Unable
    to contact server..

    Error - 9/18/2010 3:39:14 AM | Computer Name = Sheri-PC | Source = MCUpdate | ID = 0
    Description = 3:39:05 AM - Error connecting to the internet. 3:39:05 AM - Unable
    to contact server..

    Error - 9/18/2010 4:39:27 AM | Computer Name = Sheri-PC | Source = MCUpdate | ID = 0
    Description = 4:39:22 AM - Error connecting to the internet. 4:39:22 AM - Unable
    to contact server..

    Error - 9/18/2010 5:39:33 AM | Computer Name = Sheri-PC | Source = MCUpdate | ID = 0
    Description = 5:39:32 AM - Error connecting to the internet. 5:39:32 AM - Unable
    to contact server..

    [ OSession Events ]
    Error - 8/28/2010 9:29:04 PM | Computer Name = Sheri-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/31/2010 10:40:01 PM | Computer Name = Sheri-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/31/2010 10:40:30 PM | Computer Name = Sheri-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/31/2010 10:40:41 PM | Computer Name = Sheri-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/6/2010 3:07:23 PM | Computer Name = Sheri-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/6/2010 9:51:14 PM | Computer Name = Sheri-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/12/2010 10:52:51 PM | Computer Name = Sheri-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 8645
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 9/13/2010 7:28:49 PM | Computer Name = Sheri-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 202
    seconds with 180 seconds of active time. This session ended with a crash.

    Error - 9/13/2010 10:42:59 PM | Computer Name = Sheri-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 49
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/15/2010 9:58:06 PM | Computer Name = Sheri-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 9/17/2010 4:31:29 AM | Computer Name = Sheri-PC | Source = bowser | ID = 8003
    Description =

    Error - 9/17/2010 5:35:33 AM | Computer Name = Sheri-PC | Source = bowser | ID = 8003
    Description =

    Error - 9/17/2010 6:11:33 AM | Computer Name = Sheri-PC | Source = bowser | ID = 8003
    Description =

    Error - 9/17/2010 9:30:20 AM | Computer Name = Sheri-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the IPBusEnum service.

    Error - 9/17/2010 9:42:44 AM | Computer Name = Sheri-PC | Source = bowser | ID = 8003
    Description =

    Error - 9/17/2010 10:30:50 AM | Computer Name = Sheri-PC | Source = bowser | ID = 8003
    Description =

    Error - 9/17/2010 11:12:48 AM | Computer Name = Sheri-PC | Source = bowser | ID = 8003
    Description =

    Error - 9/17/2010 12:48:49 PM | Computer Name = Sheri-PC | Source = bowser | ID = 8003
    Description =

    Error - 9/17/2010 1:24:50 PM | Computer Name = Sheri-PC | Source = bowser | ID = 8003
    Description =

    Error - 9/17/2010 2:27:42 PM | Computer Name = Sheri-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the ShellHWDetection service.


    < End of report >
     
  13. BreCalmor

    BreCalmor TS Rookie Topic Starter

    I sure hope that was all, and that it didn't contain any private information...
    Dang that was a lot...
     
  14. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Please, don't wrap any logs in codes, because they're harder to read.
    I need to edit them. Hold on...
     
  15. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [FAStartup] File not found
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
      O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - File not found
      O27 - HKLM IFEO\taskmgr.exe: Debugger - "®œ?" File not found
      [6 C:\Users\Sheri\*.tmp files -> C:\Users\Sheri\*.tmp -> ]
      [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
      [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ========================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  16. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Are you still out there?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.