Inactive Dell w/Windows Vista just had virus removed, still bugging

[tijiwo79]

random commercials are playing out the speakers i can manually turn it off but it comes back after awhile. all my search engines keep redirecting and on startup it says mri_disabled i don't know what to do

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[tijiwo79]

tijiwo; i have what you require thank you

Windows Live Writer
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/20/2011 2:40:11 PM, Error: Service Control Manager [7034] - The Marvell Yukon Service service terminated unexpectedly. It has done this 1 time(s).
11/20/2011 12:45:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
11/20/2011 12:43:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
11/20/2011 12:40:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/20/2011 12:39:40 PM, Error: EventLog [6008] - The previous system shutdown at 12:36:23 PM on 11/20/2011 was unexpected.
11/20/2011 12:35:34 PM, Error: EventLog [6008] - The previous system shutdown at 12:30:38 PM on 11/20/2011 was unexpected.
11/18/2011 10:08:42 PM, Error: EventLog [6008] - The previous system shutdown at 10:04:54 PM on 11/18/2011 was unexpected.
11/14/2011 6:47:55 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/14/2011 6:45:42 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/14/2011 6:11:11 PM, Error: EventLog [6008] - The previous system shutdown at 6:00:24 PM on 11/14/2011 was unexpected.
11/14/2011 10:30:08 PM, Error: EventLog [6008] - The previous system shutdown at 7:56:13 PM on 11/14/2011 was unexpected.
11/13/2011 5:05:35 PM, Error: EventLog [6008] - The previous system shutdown at 5:02:48 PM on 11/13/2011 was unexpected.
11/13/2011 2:36:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr
11/13/2011 2:36:59 PM, Error: Service Control Manager [7023] - The Software Licensing service terminated with the following error: The system cannot find the file specified.
11/13/2011 2:36:59 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
11/13/2011 2:36:59 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
11/13/2011 2:35:04 PM, Error: EventLog [6008] - The previous system shutdown at 2:32:14 PM on 11/13/2011 was unexpected.
11/13/2011 2:06:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Webroot Spy Sweeper Engine service to connect.
11/13/2011 2:06:15 PM, Error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2011 2:03:00 PM, Error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
11/13/2011 12:39:02 PM, Error: EventLog [6008] - The previous system shutdown at 12:37:40 PM on 11/13/2011 was unexpected.
11/13/2011 12:09:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/13/2011 12:09:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
11/13/2011 12:09:36 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2011 12:09:10 PM, Error: Service Control Manager [7022] - The Webroot Spy Sweeper Engine service hung on starting.
11/13/2011 12:07:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Marvell Yukon Service service to connect.
11/13/2011 12:07:45 PM, Error: Service Control Manager [7000] - The Marvell Yukon Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2011 11:59:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
11/13/2011 11:59:39 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2011 11:59:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/13/2011 11:59:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/13/2011 11:59:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/13/2011 11:59:06 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
11/13/2011 11:59:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/13/2011 11:58:38 AM, Error: EventLog [6008] - The previous system shutdown at 11:56:22 AM on 11/13/2011 was unexpected.
11/13/2011 11:40:13 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/13/2011 11:40:13 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/13/2011 11:39:30 AM, Error: EventLog [6008] - The previous system shutdown at 10:59:59 AM on 11/13/2011 was unexpected.
11/13/2011 1:55:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.18762
Run by Rebecca Marheine at 17:10:09 on 2011-11-20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4057.1995 [GMT -5:00]
.
AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files (x86)\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Program Files (x86)\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe
C:\Program Files (x86)\Verizon\Online Backup & Sharing\vewatch.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\consent.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: MRI_DISABLED - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111114190747.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun
uRun: [SightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Search Protection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun: [Online Backup Auto Update] "C:\Program Files (x86)\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe"
mRun: [Vault Explorer Cache Watcher] "C:\Program Files (x86)\Verizon\Online Backup & Sharing\vewatch.exe"
mRun: [Performance Center] "C:\Program Files (x86)\Ascentive\Performance Center\APCMain.exe" -m
mRun: [Finally Fast] "C:\Program Files (x86)\Ascentive\Finally Fast\FinallyFast.exe" -m
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\REBECC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
StartupFolder: C:\Users\REBECC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{943C0FDB-5E56-406E-B497-1A9DEB0BA382} : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{B0C3480D-E1C2-40B5-AFE2-1E3B6B153D7D} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: MRI_DISABLED - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111114190747.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
BHO-X64: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask.com Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
BHO-X64: Verizon Toolbar - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
TB-X64: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun-x64: [Online Backup Auto Update] "C:\Program Files (x86)\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe"
mRun-x64: [Vault Explorer Cache Watcher] "C:\Program Files (x86)\Verizon\Online Backup & Sharing\vewatch.exe"
mRun-x64: [Performance Center] "C:\Program Files (x86)\Ascentive\Performance Center\APCMain.exe" -m
mRun-x64: [Finally Fast] "C:\Program Files (x86)\Ascentive\Finally Fast\FinallyFast.exe" -m
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 ssfs0bbc;ssfs0bbc;C:\Windows\system32\DRIVERS\ssfs0bbc.sys --> C:\Windows\system32\DRIVERS\ssfs0bbc.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FilesystemWatcher;Filesystem Watcher;C:\Program Files (x86)\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [2010-2-2 24576]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-10-28 286736]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-20 366152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-14 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-14 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-14 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-14 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-11-14 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-11-14 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2011-8-26 91456]
R2 OnlineBackupSchedulerService;Online Backup Scheduler;C:\Program Files (x86)\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe [2010-2-10 20480]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-5-15 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-5-15 185640]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA009Ufd.sys --> C:\Windows\system32\DRIVERS\OA009Ufd.sys [?]
R3 OA009Vid;Creative Camera OA009 Function Driver;C:\Windows\system32\DRIVERS\OA009Vid.sys --> C:\Windows\system32\DRIVERS\OA009Vid.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-27 136176]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-6 4048240]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-4 93184]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-27 136176]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-11-14 225216]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-14 249936]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-20 22:03:05 607260 ------r- C:\Users\Rebecca Marheine\dds.scr
2011-11-20 19:29:35 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\Malwarebytes
2011-11-20 19:29:22 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-20 19:29:17 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-20 19:29:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-20 19:27:36 9852544 ----a-w- C:\Users\Rebecca Marheine\mbam-setup-1.51.2.1300.exe
2011-11-20 17:47:19 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB8D875B-E18C-4628-9ED7-D24E0929600B}\offreg.dll
2011-11-20 17:17:53 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB8D875B-E18C-4628-9ED7-D24E0929600B}\mpengine.dll
2011-11-18 01:31:11 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2011-11-18 01:31:10 974848 ----a-w- C:\Windows\SysWow64\mfc70.dll
2011-11-18 01:31:10 608448 ----a-w- C:\Windows\SysWow64\comctl32.ocx
2011-11-18 01:31:10 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
2011-11-16 11:40:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-14 23:36:33 -------- d-----w- C:\Program Files (x86)\McAfee.com
2011-11-14 23:34:55 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-11-14 23:34:55 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2011-11-14 23:34:52 161168 ----a-w- C:\Windows\System32\mfevtps.exe
2011-11-14 23:34:48 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-11-14 23:34:48 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-11-14 23:34:48 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-11-14 23:34:48 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-11-14 23:34:48 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-11-14 23:34:48 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-11-14 23:34:48 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-11-14 23:34:48 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-11-14 23:33:46 -------- d-----w- C:\Program Files\Common Files\McAfee
2011-11-14 23:33:45 -------- d-----w- C:\Program Files\McAfee.com
2011-11-14 23:33:45 -------- d-----w- C:\Program Files\McAfee
2011-11-14 23:33:43 -------- d-----w- C:\Program Files (x86)\McAfee
2011-11-13 23:52:13 -------- d-----w- C:\Windows\System32\wbem\repository
2011-11-13 23:03:00 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2011-11-13 20:51:04 -------- d-----w- C:\mfe
2011-11-13 20:35:00 -------- d-----w- C:\!KillBox
2011-11-13 19:39:59 -------- d-----w- C:\Program Files (x86)\Citrix
2011-11-13 19:04:06 -------- d-----w- C:\ProgramData\Webroot
2011-11-13 18:12:38 103784 ----a-w- C:\Users\Rebecca Marheine\GoToAssistDownloadHelper.exe
2011-11-13 18:12:38 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\Citrix
2011-11-13 18:12:13 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\Deployment
2011-11-13 18:12:13 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\Apps
2011-11-13 17:22:07 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\SpeedyPC Software
2011-11-13 17:22:07 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\DriverCure
2011-11-13 17:21:54 -------- d-----w- C:\ProgramData\SpeedyPC Software
2011-11-11 18:48:23 -------- d-----w- C:\Users\Rebecca Marheine\New Folder (1)
2011-11-11 18:47:54 -------- d-----w- C:\Users\Rebecca Marheine\New Folder
2011-11-06 13:04:33 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\PC Cleaners
2011-11-06 13:04:26 5359888 ----a-w- C:\Windows\uninst.exe
2011-11-06 13:04:24 -------- d-----w- C:\ProgramData\PC1Data
2011-11-06 12:30:12 -------- d-----w- C:\Program Files (x86)\AML Products
2011-11-05 16:40:21 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\Xenocode
2011-10-30 17:16:03 -------- d-----w- C:\Program Files (x86)\Ascentive
2011-10-28 17:13:07 -------- d-----w- C:\Program Files\Verizon
2011-10-28 17:12:50 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs
2011-10-28 17:12:50 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat
2011-10-28 17:12:46 -------- d-----w- C:\Program Files (x86)\verizontb
2011-10-28 17:11:51 23896576 ----a-w- C:\Windows\VzInHomeAgentInstaller.msi
2011-10-28 17:11:45 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\DigiData
2011-10-28 17:11:05 -------- d-----w- C:\ProgramData\DigiData
2011-10-28 17:10:58 -------- d-----w- C:\Program Files (x86)\Verizon Online Backup
2011-10-28 17:06:30 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\SupportSoft
2011-10-28 17:05:37 -------- d-----w- C:\Program Files (x86)\VERIZONDM
2011-10-28 17:05:31 9782784 ----a-w- C:\Windows\VerizonDM.msi
2011-10-28 17:05:12 -------- d-----w- C:\Program Files (x86)\Common Files\SupportSoft
2011-10-28 17:05:11 -------- d-----w- C:\Program Files (x86)\Verizon
2011-10-28 16:48:17 652296 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-28 16:48:01 644360 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-28 16:47:52 416128 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2011-10-28 16:47:44 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\TechWizard
2011-10-28 01:24:20 -------- d-----w- C:\Users\Rebecca Marheine\PIMVLibraries
2011-10-23 03:47:22 -------- d-sh--w- C:\found.000
.
==================== Find3M ====================
.
2011-08-26 08:18:10 450560 ----a-w- C:\Windows\SysWow64\AscSQLite.dll
.
============= FINISH: 17:20:48.23 ===============

 

[Broni]

Attach.txt log is incomplete.
Repost it.

 

[tijiwo79]

i hope this is it

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/8/2009 1:35:04 AM
System Uptime: 11/20/2011 2:41:57 PM (4 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 207.792 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 6.083 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP207: 8/30/2011 1:45:21 AM - Windows Update
RP208: 9/3/2011 8:09:09 PM - Windows Update
RP209: 9/5/2011 7:41:04 PM - Scheduled Checkpoint
RP210: 9/6/2011 8:28:43 PM - Windows Update
RP211: 9/7/2011 6:14:33 PM - Scheduled Checkpoint
RP212: 9/9/2011 12:01:20 PM - Windows Update
RP213: 9/10/2011 1:19:24 PM - Scheduled Checkpoint
RP214: 9/13/2011 10:32:16 PM - Windows Update
RP215: 9/16/2011 6:52:27 PM - Windows Update
RP216: 9/17/2011 2:19:23 PM - Scheduled Checkpoint
RP217: 9/18/2011 2:14:09 PM - Scheduled Checkpoint
RP218: 9/22/2011 8:23:09 PM - Windows Update
RP219: 9/24/2011 2:58:58 PM - Scheduled Checkpoint
RP220: 9/27/2011 6:48:15 PM - Windows Update
RP221: 10/4/2011 7:46:48 PM - Windows Update
RP222: 10/5/2011 7:56:16 PM - Scheduled Checkpoint
RP223: 10/9/2011 11:05:42 PM - Windows Update
RP224: 10/16/2011 4:43:41 PM - Windows Update
RP225: 10/20/2011 4:38:07 PM - Windows Update
RP226: 10/28/2011 12:48:24 PM - FiOS Installation
RP227: 11/5/2011 12:41:08 PM - Windows Update
RP228: 11/8/2011 8:00:09 PM - Windows Update
RP229: 11/13/2011 1:33:22 AM - Windows Update
RP230: 11/14/2011 6:35:01 PM - Device Driver Package Install: McAfee, Inc. Network Service
RP231: 11/17/2011 8:37:36 PM - Windows Update
RP232: 11/20/2011 12:17:11 PM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9
Advanced Audio FX Engine
AML Free Registry Cleaner 4.22
Apple Application Support
Apple Software Update
Ask.com Toolbar
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Consumer In-Home Service Agreement
Cozi
Dell Getting Started Guide
Dell Video Chat
Dell Webcam Central
DELL0703
Finally Fast
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
IHA_MessageCenter
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
LimeWire 5.5.16
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mobile Broadband Generic Drivers
MotoConnect
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Performance Center
PowerDVD
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Spy Sweeper Core
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon Download Manager
Verizon Internet Security Suite
Verizon Online Backup and Sharing
Verizon Toolbar
Vz In Home Agent
VZAccess Manager for Novatel
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/20/2011 2:40:11 PM, Error: Service Control Manager [7034] - The Marvell Yukon Service service terminated unexpectedly. It has done this 1 time(s).
11/20/2011 12:45:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
11/20/2011 12:43:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
11/20/2011 12:40:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/20/2011 12:39:40 PM, Error: EventLog [6008] - The previous system shutdown at 12:36:23 PM on 11/20/2011 was unexpected.
11/20/2011 12:35:34 PM, Error: EventLog [6008] - The previous system shutdown at 12:30:38 PM on 11/20/2011 was unexpected.
11/18/2011 10:08:42 PM, Error: EventLog [6008] - The previous system shutdown at 10:04:54 PM on 11/18/2011 was unexpected.
11/14/2011 6:47:55 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/14/2011 6:45:42 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/14/2011 6:11:11 PM, Error: EventLog [6008] - The previous system shutdown at 6:00:24 PM on 11/14/2011 was unexpected.
11/14/2011 10:30:08 PM, Error: EventLog [6008] - The previous system shutdown at 7:56:13 PM on 11/14/2011 was unexpected.
11/13/2011 5:05:35 PM, Error: EventLog [6008] - The previous system shutdown at 5:02:48 PM on 11/13/2011 was unexpected.
11/13/2011 2:36:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr
11/13/2011 2:36:59 PM, Error: Service Control Manager [7023] - The Software Licensing service terminated with the following error: The system cannot find the file specified.
11/13/2011 2:36:59 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
11/13/2011 2:36:59 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
11/13/2011 2:35:04 PM, Error: EventLog [6008] - The previous system shutdown at 2:32:14 PM on 11/13/2011 was unexpected.
11/13/2011 2:06:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Webroot Spy Sweeper Engine service to connect.
11/13/2011 2:06:15 PM, Error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2011 2:03:00 PM, Error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
11/13/2011 12:39:02 PM, Error: EventLog [6008] - The previous system shutdown at 12:37:40 PM on 11/13/2011 was unexpected.
11/13/2011 12:09:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/13/2011 12:09:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
11/13/2011 12:09:36 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2011 12:09:10 PM, Error: Service Control Manager [7022] - The Webroot Spy Sweeper Engine service hung on starting.
11/13/2011 12:07:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Marvell Yukon Service service to connect.
11/13/2011 12:07:45 PM, Error: Service Control Manager [7000] - The Marvell Yukon Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2011 11:59:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
11/13/2011 11:59:39 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/13/2011 11:59:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/13/2011 11:59:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/13/2011 11:59:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/13/2011 11:59:06 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
11/13/2011 11:59:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/13/2011 11:58:38 AM, Error: EventLog [6008] - The previous system shutdown at 11:56:22 AM on 11/13/2011 was unexpected.
11/13/2011 11:40:13 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/13/2011 11:40:13 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/13/2011 11:39:30 AM, Error: EventLog [6008] - The previous system shutdown at 10:59:59 AM on 11/13/2011 was unexpected.
11/13/2011 1:55:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
.
==== End Of File ===========================

 

[tijiwo79]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-20 16:37:36
Windows 6.0.6001 Service Pack 1
Running: zvc7670y.exe


---- Files - GMER 1.0.15 ----

File C:\Users\Rebecca Marheine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5AULPDTC\fw-nonplayer-banner[2].htm 1302 bytes
File C:\Users\Rebecca Marheine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5AULPDTC\fw-nonplayer-banner[3].htm 1311 bytes
File C:\Users\Rebecca Marheine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5AULPDTC\fw-nonplayer-banner[4].htm 1302 bytes
File C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Cookies\rebecca_marheine@mevio[1].txt 0 bytes
File C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Cookies\rebecca_marheine@mmismm[1].txt 90 bytes
File C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Cookies\rebecca_marheine@bluekai[5].txt 1790 bytes
File C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Cookies\rebecca_marheine@www.mevio[4].txt 342 bytes

---- EOF - GMER 1.0.15 ----

 

[tijiwo79]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8201

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18762

11/20/2011 2:38:56 PM
mbam-log-2011-11-20 (14-38-56).txt

Scan type: Quick scan
Objects scanned: 171760
Time elapsed: 7 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Broni]

Uninstall Ask.com Toolbar, typical foistware.

I don't see any AV program running.
Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.

When done....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[tijiwo79]

i currently have mcafee through verizon and how do disenable script blocker. thanks

 

[Broni]

i currently have mcafee through verizon

OK. Disregard my advice regarding installing an AV program.

I don't see any script blocking programs on your computer so you're good to proceed.

 

[tijiwo79]

i dont know if this is right

ComboFix 11-11-20.02 - Rebecca Marheine 11/20/2011 20:30:40.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4057.2420 [GMT -5:00]
Running from: c:\Users\Rebecca Marheine\ComboFix.exe
AV: Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
C:\Users\Rebecca Marheine\ComboFix.exe
C:\Users\Rebecca Marheine\dds.scr
C:\Users\Rebecca Marheine\Desktop\Internet Explorer.lnk
C:\Users\Rebecca Marheine\Desktop\Search.lnk
C:\Users\Rebecca Marheine\GoToAssistDownloadHelper.exe
C:\Users\Rebecca Marheine\mbam-setup-1.51.2.1300.exe


((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))


2011-11-21 02:10:59 . 2011-11-21 02:10:59 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB8D875B-E18C-4628-9ED7-D24E0929600B}\offreg.dll
2011-11-21 02:07:58 . 2011-11-21 02:15:14 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\temp
2011-11-21 02:07:58 . 2011-11-21 02:07:58 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-11-20 19:29:35 . 2011-11-20 19:29:35 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\Malwarebytes
2011-11-20 19:29:22 . 2011-11-20 19:29:22 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-20 19:29:17 . 2011-08-31 22:00:50 25416 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-11-20 19:29:16 . 2011-11-20 19:29:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-20 17:17:53 . 2011-10-07 04:16:03 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB8D875B-E18C-4628-9ED7-D24E0929600B}\mpengine.dll
2011-11-18 01:31:11 . 2002-01-05 16:37:28 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2011-11-18 01:31:10 . 2002-01-05 11:48:16 974848 ----a-w- C:\Windows\SysWow64\mfc70.dll
2011-11-18 01:31:10 . 2002-01-05 10:40:20 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
2011-11-18 01:31:10 . 2000-05-22 21:58:00 608448 ----a-w- C:\Windows\SysWow64\comctl32.ocx
2011-11-16 11:40:22 . 2011-11-16 11:40:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-14 23:34:55 . 2011-11-14 23:39:15 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2011-11-14 23:34:55 . 2011-10-15 18:16:16 10248 ----a-w- C:\Windows\system32\drivers\mfeclnk.sys
2011-11-14 23:34:52 . 2011-10-18 19:32:28 161168 ----a-w- C:\Windows\system32\mfevtps.exe
2011-11-14 23:34:48 . 2011-10-15 18:16:16 75808 ----a-w- C:\Windows\system32\drivers\mfenlfk.sys
2011-11-14 23:34:48 . 2011-10-15 18:16:16 65264 ----a-w- C:\Windows\system32\drivers\cfwids.sys
2011-11-14 23:34:48 . 2011-10-15 18:16:16 647080 ----a-w- C:\Windows\system32\drivers\mfehidk.sys
2011-11-14 23:34:48 . 2011-10-15 18:16:16 481768 ----a-w- C:\Windows\system32\drivers\mfefirek.sys
2011-11-14 23:34:48 . 2011-10-15 18:16:16 284648 ----a-w- C:\Windows\system32\drivers\mfewfpk.sys
2011-11-14 23:34:48 . 2011-10-15 18:16:16 229528 ----a-w- C:\Windows\system32\drivers\mfeavfk.sys
2011-11-14 23:34:48 . 2011-10-15 18:16:16 160280 ----a-w- C:\Windows\system32\drivers\mfeapfk.sys
2011-11-14 23:34:48 . 2011-10-15 18:16:16 100912 ----a-w- C:\Windows\system32\drivers\mferkdet.sys
2011-11-14 23:33:46 . 2011-11-14 23:38:20 -------- d-----w- C:\Program Files\Common Files\McAfee
2011-11-14 23:33:45 . 2011-11-14 23:39:17 -------- d-----w- C:\Program Files\McAfee
2011-11-14 23:33:43 . 2011-11-14 23:39:16 -------- d-----w- C:\Program Files (x86)\McAfee
2011-11-13 23:52:13 . 2011-11-21 02:11:47 -------- d-----w- C:\Windows\system32\wbem\repository
2011-11-13 23:29:08 . 2011-11-16 12:11:18 -------- d-----w- C:\ProgramData\McAfee
2011-11-13 23:03:00 . 2011-11-13 23:03:00 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2011-11-13 20:51:04 . 2011-11-13 20:51:04 -------- d-----w- C:\mfe
2011-11-13 20:35:00 . 2011-11-13 20:35:00 -------- d-----w- C:\!KillBox
2011-11-13 19:39:59 . 2011-11-13 19:39:59 -------- d-----w- C:\Program Files (x86)\Citrix
2011-11-13 19:04:06 . 2011-11-13 19:04:07 -------- d-----w- C:\ProgramData\Webroot
2011-11-13 18:12:38 . 2011-11-13 18:12:38 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\Citrix
2011-11-13 18:12:13 . 2011-11-20 05:22:58 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\Deployment
2011-11-13 18:12:13 . 2011-11-13 18:12:13 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\Apps
2011-11-13 17:22:07 . 2011-11-13 17:22:07 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\SpeedyPC Software
2011-11-13 17:22:07 . 2011-11-13 17:22:07 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\DriverCure
2011-11-13 17:21:54 . 2011-11-13 19:02:38 -------- d-----w- C:\ProgramData\SpeedyPC Software
2011-11-11 18:48:23 . 2011-11-11 19:17:48 -------- d-----w- C:\Users\Rebecca Marheine\New Folder (1)
2011-11-11 18:47:54 . 2011-11-11 18:47:54 -------- d-----w- C:\Users\Rebecca Marheine\New Folder
2011-11-06 13:04:33 . 2011-11-06 13:04:33 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\PC Cleaners
2011-11-06 13:04:26 . 2011-11-06 13:03:59 5359888 ----a-w- C:\Windows\uninst.exe
2011-11-06 13:04:24 . 2011-11-06 13:04:26 -------- d-----w- C:\ProgramData\PC1Data
2011-11-06 12:30:12 . 2011-11-21 00:48:02 -------- d-----w- C:\Program Files (x86)\AML Products
2011-11-05 16:40:21 . 2011-11-05 16:40:21 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\Xenocode
2011-10-30 17:16:03 . 2011-11-21 00:48:35 -------- d-----w- C:\Program Files (x86)\Ascentive
2011-10-28 17:13:07 . 2011-10-28 17:13:07 -------- d-----w- C:\Program Files\Verizon
2011-10-28 17:12:50 . 2011-11-14 23:30:00 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs
2011-10-28 17:12:50 . 2011-11-14 23:30:00 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat
2011-10-28 17:12:46 . 2011-10-28 17:14:31 -------- d-----w- C:\Program Files (x86)\verizontb
2011-10-28 17:11:51 . 2011-05-26 19:00:20 23896576 ----a-w- C:\Windows\VzInHomeAgentInstaller.msi
2011-10-28 17:11:45 . 2011-10-28 17:11:45 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\DigiData
2011-10-28 17:11:05 . 2011-10-28 17:11:21 -------- d-----w- C:\ProgramData\DigiData
2011-10-28 17:10:58 . 2011-10-28 17:10:59 -------- d-----w- C:\Program Files (x86)\Verizon Online Backup
2011-10-28 17:06:30 . 2011-10-28 17:08:07 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Local\SupportSoft
2011-10-28 17:05:37 . 2011-10-28 17:05:39 -------- d-----w- C:\Program Files (x86)\VERIZONDM
2011-10-28 17:05:37 . 2011-10-28 17:05:37 -------- d-----w- C:\ProgramData\SupportSoft
2011-10-28 17:05:31 . 2011-05-16 18:06:46 9782784 ----a-w- C:\Windows\VerizonDM.msi
2011-10-28 17:05:12 . 2011-10-28 17:05:37 -------- d-----w- C:\Program Files (x86)\Common Files\SupportSoft
2011-10-28 17:05:11 . 2011-10-28 17:14:39 -------- d-----w- C:\Program Files (x86)\Verizon
2011-10-28 16:48:17 . 2011-10-28 16:48:17 652296 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-28 16:48:01 . 2011-10-28 16:48:01 644360 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-28 16:47:52 . 2011-10-28 16:47:52 416128 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2011-10-28 16:47:44 . 2011-10-28 17:01:31 -------- d-----w- C:\Users\Rebecca Marheine\AppData\Roaming\TechWizard
2011-10-28 01:24:30 . 2011-10-28 01:24:30 -------- d-----w- C:\Users\Public\Philips
2011-10-28 01:24:20 . 2011-10-28 01:24:20 -------- d-----w- C:\Users\Rebecca Marheine\PIMVLibraries
2011-10-23 03:47:22 . 2011-10-23 03:47:22 -------- d-----w- C:\found.000
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f8d96645-337c-419b-8792-b6c126145811}]
2011-04-29 19:56:10 86696 ----a-w- C:\Program Files (x86)\verizontb\verizonDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f8d96645-337c-419b-8792-b6c126145811}"= "C:\Program Files (x86)\verizontb\verizonDx.dll" [2011-04-29 19:56:10 86696]

[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\Sidebar.exe" [2008-01-21 02:47:57 1555968]
"SightSpeed"="C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 04:27:22 4823928]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-19 15:04:54 39408]
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 03:41:54 3882312]
"Search Protection"="C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 13:05:34 111856]
"Messenger (Yahoo!)"="C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 15:17:48 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 19:06:08 128296]
"YSearchProtection"="C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 13:05:34 111856]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 15:43:18 248040]
"MSN Toolbar"="c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 01:29:44 240992]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2010-09-08 15:17:42 421888]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 06:10:52 421160]
"VERIZONDM"="C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" [2011-05-16 04:35:50 206120]
"Online Backup Auto Update"="C:\Program Files (x86)\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe" [2010-02-10 23:10:50 233472]
"Vault Explorer Cache Watcher"="C:\Program Files (x86)\Verizon\Online Backup & Sharing\vewatch.exe" [2010-02-10 20:20:56 28672]
"Performance Center"="C:\Program Files (x86)\Ascentive\Performance Center\APCMain.exe" [2011-08-22 12:27:12 622592]
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2011-09-16 23:38:42 1674896]
"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 22:00:48 449608]

C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files (x86)\LimeWire\LimeWire.exe [2010-9-30 503808]

C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38:00 34672 ----a-w- c:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2008-06-03 20:54:56 446635 ------w- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe

R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27 18:57:52 136176]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27 18:57:52 136176]
R3 McAWFwk;McAfee Activation Service;c:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-01-28 17:28:54 225216]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [x]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [x]
R4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 23:28:20 249936]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x]
S0 ssfs0bbc;ssfs0bbc;C:\Windows\system32\DRIVERS\ssfs0bbc.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [x]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 18:05:28 155648]
S2 FilesystemWatcher;Filesystem Watcher;C:\Program Files (x86)\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [2010-02-03 00:02:52 24576]
S2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-10-28 23:20:16 286736]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 22:00:48 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 23:28:20 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 23:28:20 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 23:28:20 249936]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 19:23:24 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe [x]
S2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-04-29 15:30:44 91456]
S2 OnlineBackupSchedulerService;Online Backup Scheduler;C:\Program Files (x86)\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe [2010-02-10 23:11:00 20480]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-05-16 04:36:04 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-05-16 04:36:08 185640]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc [x]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [x]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA009Ufd.sys [x]
S3 OA009Vid;Creative Camera OA009 Function Driver;C:\Windows\system32\DRIVERS\OA009Vid.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys [x]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

Contents of the 'Scheduled Tasks' folder

2011-11-21 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27 18:58:01 . 2010-05-27 18:57:52]

2011-11-21 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27 18:58:01 . 2010-05-27 18:57:52]

2011-11-20 C:\Windows\Tasks\User_Feed_Synchronization-{2DC3A224-5A67-4900-B0EC-793D91740733}.job
- C:\Windows\system32\msfeedssync.exe [2009-06-04 00:39:02 . 2009-03-08 11:31:52]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:47:32 1584184]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2008-09-04 05:29:22 272896]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2008-12-15 04:13:52 462336]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-12-09 05:13:00 153624]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-12-09 05:12:32 225816]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-12-09 05:12:44 200216]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2008-12-22 10:35:14 4119552]
"QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" [2009-01-09 17:18:50 2115664]
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 22:41:12 178712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-WMPNSCFG - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files (x86)\Java\jre6\bin\jusched.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

 

[tijiwo79]

here aswmbr

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-20 19:52:57
-----------------------------
19:52:57.272 OS Version: Windows x64 6.0.6001 Service Pack 1
19:52:57.272 Number of processors: 2 586 0x170A
19:52:57.273 ComputerName: REBECCAMARHE-PC UserName:
19:53:02.312 Initialize success
19:53:42.990 AVAST engine defs: 11112001
19:53:55.040 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:53:55.044 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
19:53:55.081 Disk 0 MBR read successfully
19:53:55.086 Disk 0 MBR scan
19:53:55.094 Disk 0 Windows VISTA default MBR code
19:53:55.100 Service scanning
19:53:57.459 Modules scanning
19:53:57.466 Disk 0 trace - called modules:
19:53:57.501 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800658c334]<<
19:53:57.507 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800490e790]
19:53:57.515 3 CLASSPNP.SYS[fffffa6000fc6b3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004582050]
19:53:57.522 \Driver\iaStor[0xfffffa8003add520] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800658c334
19:54:00.505 AVAST engine scan C:\Windows
19:54:06.538 AVAST engine scan C:\Windows\system32
19:57:08.529 AVAST engine scan C:\Windows\system32\drivers
19:57:36.126 AVAST engine scan C:\Users\Rebecca Marheine
19:58:14.071 Disk 0 MBR has been saved successfully to "C:\Users\Rebecca Marheine\Documents\MBR.dat"
19:58:14.109 The log file has been saved successfully to "C:\Users\Rebecca Marheine\Documents\aswMBR.txt"

 

[Broni]

Looks good.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[tijiwo79]

i tried to run it and my av is catching a trojan

as of now i still have music coming out of the speakers

the redirect problem seems to be solved

i was getting malware blocks on iexplorer.exe
then the music started after the last two steps

 

[Broni]

Unfortunately McAfee won't let you run OTL successfully.
You have to uninstall McAfee, download fresh copy of OTL and then run it again.

 

[tijiwo79]

trojan

artemis!327ocb86f79b

 

[tijiwo79]

i got hit with that trojan it wouldn't let me complete the scan

 

[Broni]

Please read my previous reply.

 

[tijiwo79]

ok i uninstalled mcafee and
tried to run otl 4 times
it keeps stopping in the middle

 

[tijiwo79]

i did it in safe mode

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2764788368-3418496698-3722962008-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{85D04DE9-FB94-40F8-AA76-A4F289A5E43D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{98612A84-8E77-44F1-973D-EB020531FFC6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D42F3BED-F8EB-44F3-AB62-B1DAD925250D}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16EB7668-F690-4A47-9589-B9836F5370A6}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{26055791-D1CA-4F74-9AFE-2115DE47A409}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{34E2EBEB-3526-4857-BCB2-9ED171DDA06F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{601C54D7-0C01-455A-B968-8D851E3BC9F5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6FEFE1DE-5E09-4E35-BDF5-35F56E03BACA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8079CDB7-98C0-486F-AACC-BFADA2DE3D56}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{90E75132-F8F5-49B9-9774-3804FACF41C7}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{93B1C13C-1DF8-4455-AA97-4BA5D08EDC10}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{98DA887F-E27D-41B2-9C50-3571176229C9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B63D2B68-8E26-4B02-A2BD-42D5B5ABA402}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{CC094103-3A71-4DA6-B41E-50223DA50D2D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D367E884-097B-40E6-8950-2A254772A651}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{E28A66E5-7A24-4E6C-B074-453CA0B3ADAC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EAA7F327-3021-44A7-AAD3-D39E5A404256}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{F733E037-B583-4CA0-AEEB-B95B03BD299C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{F8127765-DB47-4D28-9531-F3BBD4CD2B50}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"TCP Query User{10D26930-82AC-406E-8003-439EAA11E3FE}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{3DE5307F-21C9-4B01-A1E4-7BB317DCDBD9}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"TCP Query User{47F32706-AE5F-4874-AD58-293A79660494}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{A5B032CE-C4BD-44CA-8643-1CF3FD46B12A}D:\techwizard.exe" = protocol=6 | dir=in | app=d:\techwizard.exe |
"TCP Query User{B4893355-8E39-45FC-A931-74035C4969F1}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{0D2B17B4-5732-4627-8769-375F158093F7}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{4E0F8E42-DF9A-4327-8A7C-AE2A4D7D8B57}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{4F0092B7-4226-436C-AB50-AF6ED7D8A266}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{51A3CC98-F128-4B08-B8BD-D6AE8EBD262F}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"UDP Query User{797F64B4-9AD1-4EA5-BE6B-5F20FED6D74F}D:\techwizard.exe" = protocol=17 | dir=in | app=d:\techwizard.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA009" = Integrated Webcam Driver (1.00.02.0825)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5F89E4AF-07EF-48C7-9F3D-46E96E338D1D}" = Verizon Online Backup and Sharing
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68CC54AC-EFE5-4CE4-81F8-BE0C834E2D86}" = Mobile Broadband Generic Drivers
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7456BBA3-642F-4E59-9F89-7639977D7C39}" = Cozi
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7BA20EF6-AE4E-4408-B083-7AE999E92D73}" = VZAccess Manager for Novatel
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{859963C1-E908-49E8-9FA3-9E833D717563}" = IHA_MessageCenter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC5B3E0-C656-4070-9CF0-E592EC60AD42}" = MotoConnect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FB7D0926-37A5-4042-9DF4-046BAF608B76}" = Verizon Download Manager
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MSC" = Verizon Internet Security Suite
"verizontb" = Verizon Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2764788368-3418496698-3722962008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/28/2011 4:10:03 PM | Computer Name = RebeccaMarhe-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 115270

Error - 10/28/2011 4:10:03 PM | Computer Name = RebeccaMarhe-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 115270

Error - 10/28/2011 4:11:22 PM | Computer Name = RebeccaMarhe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/29/2011 8:42:15 PM | Computer Name = RebeccaMarhe-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/29/2011 8:50:37 PM | Computer Name = RebeccaMarhe-PC | Source = RasClient | ID = 20227
Description =

Error - 10/29/2011 8:58:58 PM | Computer Name = RebeccaMarhe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/29/2011 8:59:17 PM | Computer Name = RebeccaMarhe-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/30/2011 12:28:27 PM | Computer Name = RebeccaMarhe-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/30/2011 12:50:33 PM | Computer Name = RebeccaMarhe-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/30/2011 1:09:53 PM | Computer Name = RebeccaMarhe-PC | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 8/29/2011 12:35:54 PM | Computer Name = RebeccaMarhe-PC | Source = WLAN-Tray | ID = 0
Description = 12:35:52, Mon, Aug 29, 11 Error - Unable to gain access to user store


[ System Events ]
Error - 11/21/2011 6:37:36 PM | Computer Name = RebeccaMarhe-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/21/2011 7:10:44 PM | Computer Name = RebeccaMarhe-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:55:14 PM on 11/21/2011 was unexpected.

Error - 11/21/2011 7:11:06 PM | Computer Name = RebeccaMarhe-PC | Source = DCOM | ID = 10005
Description =

Error - 11/21/2011 7:11:09 PM | Computer Name = RebeccaMarhe-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 11/21/2011 7:11:14 PM | Computer Name = RebeccaMarhe-PC | Source = DCOM | ID = 10005
Description =

Error - 11/21/2011 7:11:21 PM | Computer Name = RebeccaMarhe-PC | Source = DCOM | ID = 10005
Description =

Error - 11/21/2011 7:11:21 PM | Computer Name = RebeccaMarhe-PC | Source = DCOM | ID = 10005
Description =

Error - 11/21/2011 7:11:38 PM | Computer Name = RebeccaMarhe-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/21/2011 7:11:38 PM | Computer Name = RebeccaMarhe-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/21/2011 7:24:35 PM | Computer Name = RebeccaMarhe-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.


< End of report >

 

[tijiwo79]

otl.txt

OTL logfile created on: 11/21/2011 6:18:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rebecca Marheine\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18762)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 75.51% Memory free
8.10 Gb Paging File | 7.23 Gb Available in Paging File | 89.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 251.74 Gb Free Space | 88.83% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 6.08 Gb Free Space | 41.53% Space Free | Partition Type: NTFS

Computer Name: REBECCAMARHE-PC | User Name: Rebecca Marheine | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 17:47:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rebecca Marheine\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] () [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/28 12:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2008/12/22 05:35:16 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/12/14 23:13:46 | 000,281,600 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/12/14 23:13:30 | 000,088,576 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 06:16:05 | 000,046,592 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2011/10/28 18:20:16 | 000,286,736 | ---- | M] (Verizon) [Auto | Stopped] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/15 23:36:08 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/05/15 23:36:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/04/29 10:30:44 | 000,091,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/02/10 18:11:00 | 000,020,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe -- (OnlineBackupSchedulerService)
SRV - [2010/02/02 19:02:52 | 000,024,576 | ---- | M] (DigiData Corp.) [Auto | Stopped] -- C:\Program Files (x86)\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe -- (FilesystemWatcher)
SRV - [2009/11/06 11:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] () [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] () [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] () [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/11/06 11:00:36 | 000,135,280 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2009/11/06 11:00:34 | 000,037,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/22 05:34:48 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/17 04:22:04 | 001,526,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/12/14 23:13:56 | 000,472,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/09 00:12:36 | 008,036,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/12/08 00:32:48 | 000,068,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/09/04 00:29:22 | 000,199,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/09/03 03:44:22 | 000,307,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
DRV:64bit: - [2008/09/03 03:44:22 | 000,168,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
DRV:64bit: - [2008/09/01 05:19:24 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/09/01 05:15:58 | 000,395,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/07/07 11:23:56 | 000,025,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
DRV:64bit: - [2008/06/02 15:28:52 | 000,247,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2008/05/09 10:08:40 | 000,213,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser2.sys -- (NWUSBPort2)
DRV:64bit: - [2008/05/09 10:08:40 | 000,213,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser.sys -- (NWUSBPort)
DRV:64bit: - [2008/05/09 10:08:40 | 000,213,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbmdm.sys -- (NWUSBModem)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Rebecca Marheine\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/15 19:30:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/11/14 19:09:03 | 000,000,000 | ---D | M]

[2010/10/12 19:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rebecca Marheine\AppData\Roaming\Mozilla\Extensions
[2010/10/12 19:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rebecca Marheine\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\2.0.40115.0\npctrl.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Rebecca Marheine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Rebecca Marheine\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\Rebecca Marheine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

O1 HOSTS File: ([2011/11/20 21:12:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111114190746.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111114190747.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()
O3:64bit: - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSN Toolbar] c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Online Backup Auto Update] C:\Program Files (x86)\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Verizon\Online Backup & Sharing\vewatch.exe (DigiData Corp.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/06/03 14:04:46 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{943C0FDB-5E56-406E-B497-1A9DEB0BA382}: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0C3480D-E1C2-40B5-AFE2-1E3B6B153D7D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 17:41:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rebecca Marheine\Desktop\OTL.exe
[2011/11/20 22:08:42 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\Template
[2011/11/20 22:04:37 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Rebecca Marheine\aswMBR.exe
[2011/11/20 21:13:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/20 21:07:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/20 21:07:58 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\temp
[2011/11/20 20:20:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/20 20:20:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/20 20:20:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/20 20:19:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/20 20:19:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/20 20:18:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/20 16:56:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rebecca Marheine\Desktop\dds.scr
[2011/11/20 14:29:35 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\Malwarebytes
[2011/11/20 14:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/20 14:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/20 14:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/20 12:53:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/14 18:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2011/11/14 18:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2011/11/14 18:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/11/14 18:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/11/14 18:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/11/14 18:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2011/11/13 18:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/11/13 18:03:00 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2011/11/13 15:51:04 | 000,000,000 | ---D | C] -- C:\mfe
[2011/11/13 15:35:00 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/11/13 14:59:56 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\Documents\VRTOOLS
[2011/11/13 14:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2011/11/13 14:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2011/11/13 13:12:38 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\Citrix
[2011/11/13 13:12:13 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\Deployment
[2011/11/13 13:12:13 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\Apps
[2011/11/13 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\SpeedyPC Software
[2011/11/13 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\DriverCure
[2011/11/13 12:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2011/11/11 13:48:23 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\New Folder (1)
[2011/11/11 13:47:54 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\New Folder
[2011/11/06 08:04:33 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\PC Cleaners
[2011/11/06 08:04:26 | 005,359,888 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/11/06 08:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2011/11/06 07:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AML Products
[2011/11/05 11:40:21 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\Xenocode
[2011/10/30 12:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ascentive
[2011/10/28 12:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2011/10/28 12:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\verizontb
[2011/10/28 12:11:45 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\DigiData
[2011/10/28 12:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Online Backup and Sharing
[2011/10/28 12:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DigiData
[2011/10/28 12:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon Online Backup
[2011/10/28 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\SupportSoft
[2011/10/28 12:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VERIZONDM
[2011/10/28 12:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2011/10/28 12:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SupportSoft
[2011/10/28 12:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon
[2011/10/28 11:47:44 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\TechWizard
[2011/10/27 20:24:20 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\PIMVLibraries
[2011/10/22 22:47:22 | 000,000,000 | ---D | C] -- C:\found.000

========== Files - Modified Within 30 Days ==========

[2011/11/21 18:12:24 | 000,006,756 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Local\d3d9caps.dat
[2011/11/21 18:10:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/21 17:47:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rebecca Marheine\Desktop\OTL.exe
[2011/11/21 17:35:48 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/21 17:35:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 17:35:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 17:35:17 | 431,117,067 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/21 17:11:24 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2DC3A224-5A67-4900-B0EC-793D91740733}.job
[2011/11/21 00:22:28 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/20 22:12:31 | 000,000,512 | ---- | M] () -- C:\Users\Rebecca Marheine\Documents\MBR.dat
[2011/11/20 22:08:41 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Roaming\wklnhst.dat
[2011/11/20 22:05:04 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Rebecca Marheine\aswMBR.exe
[2011/11/20 21:12:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/20 19:58:14 | 000,000,512 | ---- | M] () -- C:\Users\Rebecca Marheine\MBR.dat
[2011/11/20 16:57:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rebecca Marheine\Desktop\dds.scr
[2011/11/20 16:10:48 | 000,302,592 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\zvc7670y.exe
[2011/11/20 14:29:23 | 000,000,974 | ---- | M] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/20 14:29:23 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/20 12:48:32 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Local\{34284B71-9489-46E6-83DE-EFBDFDC7B0DE}
[2011/11/20 12:36:53 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Local\{985C741A-D6C3-46D9-9E8D-8868269C08DB}
[2011/11/19 12:10:29 | 000,002,585 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2011/11/16 21:04:20 | 000,002,737 | ---- | M] () -- C:\Users\Public\Desktop\Verizon Online Backup.lnk
[2011/11/14 18:30:00 | 000,000,260 | ---- | M] () -- C:\Windows\SysWow64\cmdVBS.vbs
[2011/11/14 18:30:00 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\MSIevent.bat
[2011/11/08 07:38:53 | 000,648,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 07:38:53 | 000,119,758 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/08 07:38:53 | 000,004,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/06 08:03:59 | 005,359,888 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/10/28 12:16:58 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Local\{F3F08FBF-79F0-47EA-A339-41A0904CDE06}
[2011/10/28 12:14:41 | 000,001,737 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\Click for Verizon Wi-Fi Setup.lnk
[2011/10/28 12:14:39 | 000,002,069 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\Verizon Message Center.lnk
[2011/10/28 12:14:39 | 000,001,949 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\My Verizon.lnk
[2011/10/28 11:50:08 | 000,001,931 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\FiOS Information.lnk
[2011/10/28 11:50:07 | 000,001,960 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\Install Verizon Media Manager.lnk

 

[tijiwo79]

heres the rest of it

========== Files Created - No Company Name ==========

[2011/11/20 22:08:41 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Roaming\wklnhst.dat
[2011/11/20 21:59:32 | 000,000,512 | ---- | C] () -- C:\Users\Rebecca Marheine\MBR.dat
[2011/11/20 20:20:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/20 20:20:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/20 20:20:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/20 20:20:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/20 20:20:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/20 19:58:14 | 000,000,512 | ---- | C] () -- C:\Users\Rebecca Marheine\Documents\MBR.dat
[2011/11/20 16:04:48 | 000,302,592 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\zvc7670y.exe
[2011/11/20 14:29:23 | 000,000,974 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/20 14:29:23 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/20 14:29:17 | 000,025,416 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/20 12:51:52 | 431,117,067 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/20 12:48:32 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\{34284B71-9489-46E6-83DE-EFBDFDC7B0DE}
[2011/11/20 12:36:53 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\{985C741A-D6C3-46D9-9E8D-8868269C08DB}
[2011/11/20 00:43:32 | 000,000,414 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{2DC3A224-5A67-4900-B0EC-793D91740733}.job
[2011/11/14 18:34:55 | 000,010,248 | ---- | C] () -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2011/11/14 18:34:52 | 000,161,168 | ---- | C] () -- C:\Windows\SysNative\mfevtps.exe
[2011/11/14 18:34:48 | 000,647,080 | ---- | C] () -- C:\Windows\SysNative\drivers\mfehidk.sys
[2011/11/14 18:34:48 | 000,481,768 | ---- | C] () -- C:\Windows\SysNative\drivers\mfefirek.sys
[2011/11/14 18:34:48 | 000,284,648 | ---- | C] () -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2011/11/14 18:34:48 | 000,229,528 | ---- | C] () -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2011/11/14 18:34:48 | 000,160,280 | ---- | C] () -- C:\Windows\SysNative\drivers\mfeapfk.sys
[2011/11/14 18:34:48 | 000,100,912 | ---- | C] () -- C:\Windows\SysNative\drivers\mferkdet.sys
[2011/11/14 18:34:48 | 000,075,808 | ---- | C] () -- C:\Windows\SysNative\drivers\mfenlfk.sys
[2011/11/14 18:34:48 | 000,065,264 | ---- | C] () -- C:\Windows\SysNative\drivers\cfwids.sys
[2011/11/13 15:00:12 | 000,000,958 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/11/13 15:00:12 | 000,000,935 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/13 15:00:12 | 000,000,930 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/13 15:00:12 | 000,000,258 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/11/13 15:00:12 | 000,000,240 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/11/13 15:00:10 | 000,002,737 | ---- | C] () -- C:\Users\Public\Desktop\Verizon Online Backup.lnk
[2011/11/13 15:00:10 | 000,002,585 | ---- | C] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2011/11/13 15:00:10 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/13 15:00:10 | 000,001,718 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/13 15:00:10 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
[2011/11/13 15:00:10 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/11/13 14:57:30 | 003,908,082 | ---- | C] () -- C:\Users\Rebecca Marheine\Documents\VRTOOLS.zip
[2011/11/13 14:45:15 | 000,293,776 | ---- | C] () -- C:\Users\Rebecca Marheine\Documents\autoruns.zip
[2011/10/28 12:16:58 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\{F3F08FBF-79F0-47EA-A339-41A0904CDE06}
[2011/10/28 12:14:41 | 000,001,737 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\Click for Verizon Wi-Fi Setup.lnk
[2011/10/28 12:14:39 | 000,002,069 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\Verizon Message Center.lnk
[2011/10/28 12:14:39 | 000,001,949 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\My Verizon.lnk
[2011/10/28 12:12:50 | 000,000,260 | ---- | C] () -- C:\Windows\SysWow64\cmdVBS.vbs
[2011/10/28 12:12:50 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\MSIevent.bat
[2011/10/28 12:11:51 | 023,896,576 | ---- | C] () -- C:\Windows\VzInHomeAgentInstaller.msi
[2011/10/28 12:05:31 | 009,782,784 | ---- | C] () -- C:\Windows\VerizonDM.msi
[2011/10/28 11:50:08 | 000,001,931 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\FiOS Information.lnk
[2011/10/28 11:50:07 | 000,001,960 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\Install Verizon Media Manager.lnk
[2009/12/09 18:57:23 | 000,003,584 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/15 12:10:39 | 000,006,756 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\d3d9caps.dat
[2009/06/08 14:38:33 | 001,058,871 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Roaming\UserTile.png
[2009/06/03 16:37:52 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/05/08 08:24:24 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/05/08 08:24:24 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/05/08 08:24:24 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/05/08 08:16:38 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/05/08 08:16:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/05/08 06:02:21 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/10/28 12:11:45 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\DigiData
[2011/11/13 12:22:07 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\DriverCure
[2011/11/06 08:04:33 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\PC Cleaners
[2009/10/26 16:30:54 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\Smith Micro
[2011/11/13 12:22:07 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\SpeedyPC Software
[2011/10/28 12:01:31 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\TechWizard
[2011/11/20 22:08:42 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\Template
[2011/11/20 23:10:01 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/21 17:11:24 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2DC3A224-5A67-4900-B0EC-793D91740733}.job

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2008/01/20 21:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/06/24 05:22:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2009/05/08 08:24:37 | 000,003,456 | R--- | M] () -- C:\dell.sdr
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/11/21 18:10:09 | 274,145,279 | -HS- | M] () -- C:\pagefile.sys
[2011/11/13 14:03:51 | 000,000,000 | ---- | M] () -- C:\ProgramData.LOG1
[2011/11/13 14:03:51 | 000,000,000 | ---- | M] () -- C:\ProgramData.LOG2
[2009/06/03 14:37:47 | 000,000,000 | ---- | M] () -- C:\Updates.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 10:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/12/04 22:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2011/11/13 15:51:03 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/01/14 13:26:13 | 000,000,286 | -HS- | M] () -- C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/11/21 17:47:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rebecca Marheine\Desktop\OTL.exe
[2011/11/20 16:10:48 | 000,302,592 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\zvc7670y.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2011/11/20 22:05:04 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Rebecca Marheine\aswMBR.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/06/03 13:49:48 | 000,000,402 | -HS- | M] () -- C:\Users\Rebecca Marheine\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

[Broni]

Run McAfee removal tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html (I still can see McAfee running) and re-run OTL in normal mode.
Only one log will be produced.

 

[tijiwo79]

new otl.txt

OTL logfile created on: 11/21/2011 7:35:49 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rebecca Marheine\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18762)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 54.06% Memory free
8.10 Gb Paging File | 5.91 Gb Available in Paging File | 73.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 247.91 Gb Free Space | 87.47% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 6.08 Gb Free Space | 41.53% Space Free | Partition Type: NTFS

Computer Name: REBECCAMARHE-PC | User Name: Rebecca Marheine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 19:33:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rebecca Marheine\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/15 23:36:08 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/05/15 23:36:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/05/15 23:35:50 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/04/29 10:30:44 | 000,091,456 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/04/29 10:30:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/12/08 20:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/17 23:27:22 | 004,823,928 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 17:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2010/08/09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2009/06/04 11:11:27 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll
MOD - [2009/06/04 11:10:57 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll
MOD - [2009/06/04 11:10:48 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll
MOD - [2008/12/17 23:24:14 | 006,510,416 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtGui4.dll
MOD - [2008/12/17 23:24:14 | 001,657,168 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtCore4.dll
MOD - [2008/12/17 23:24:14 | 000,396,112 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtOpenGL4.dll
MOD - [2008/12/17 23:24:14 | 000,366,928 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtNetwork4.dll
MOD - [2008/12/17 23:24:14 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\SDL.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/12/22 05:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/12/14 23:13:46 | 000,281,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/12/14 23:13:30 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 06:16:05 | 000,046,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2011/10/28 18:20:16 | 000,286,736 | ---- | M] (Verizon) [Auto | Stopped] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/15 23:36:08 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/05/15 23:36:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/04/29 10:30:44 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/02/10 18:11:00 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe -- (OnlineBackupSchedulerService)
SRV - [2010/02/02 19:02:52 | 000,024,576 | ---- | M] (DigiData Corp.) [Auto | Running] -- C:\Program Files (x86)\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe -- (FilesystemWatcher)
SRV - [2009/11/06 11:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/11/06 11:00:36 | 000,135,280 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2009/11/06 11:00:34 | 000,037,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/22 05:34:48 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/17 04:22:04 | 001,526,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/12/14 23:13:56 | 000,472,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/09 00:12:36 | 008,036,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/12/08 00:32:48 | 000,068,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/09/04 00:29:22 | 000,199,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/09/03 03:44:22 | 000,307,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
DRV:64bit: - [2008/09/03 03:44:22 | 000,168,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
DRV:64bit: - [2008/09/01 05:19:24 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/09/01 05:15:58 | 000,395,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/07/07 11:23:56 | 000,025,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
DRV:64bit: - [2008/06/02 15:28:52 | 000,247,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2008/05/09 10:08:40 | 000,213,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser2.sys -- (NWUSBPort2)
DRV:64bit: - [2008/05/09 10:08:40 | 000,213,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser.sys -- (NWUSBPort)
DRV:64bit: - [2008/05/09 10:08:40 | 000,213,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbmdm.sys -- (NWUSBModem)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Rebecca Marheine\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore

[2010/10/12 19:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rebecca Marheine\AppData\Roaming\Mozilla\Extensions
[2010/10/12 19:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rebecca Marheine\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\2.0.40115.0\npctrl.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Rebecca Marheine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Rebecca Marheine\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\Rebecca Marheine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

O1 HOSTS File: ([2011/11/20 21:12:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()
O3:64bit: - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSN Toolbar] c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Online Backup Auto Update] C:\Program Files (x86)\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Verizon\Online Backup & Sharing\vewatch.exe (DigiData Corp.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Rebecca Marheine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/06/03 14:04:46 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2764788368-3418496698-3722962008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{943C0FDB-5E56-406E-B497-1A9DEB0BA382}: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0C3480D-E1C2-40B5-AFE2-1E3B6B153D7D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 19:33:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rebecca Marheine\Desktop\OTL.exe
[2011/11/20 22:08:42 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\Template
[2011/11/20 22:04:37 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Rebecca Marheine\aswMBR.exe
[2011/11/20 21:13:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/20 21:07:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/20 21:07:58 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\temp
[2011/11/20 20:20:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/20 20:20:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/20 20:20:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/20 20:19:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/20 20:19:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/20 20:18:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/20 16:56:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rebecca Marheine\Desktop\dds.scr
[2011/11/20 14:29:35 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\Malwarebytes
[2011/11/20 14:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/20 14:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/20 14:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/20 12:53:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/13 18:03:00 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2011/11/13 15:51:04 | 000,000,000 | ---D | C] -- C:\mfe
[2011/11/13 15:35:00 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/11/13 14:59:56 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\Documents\VRTOOLS
[2011/11/13 14:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2011/11/13 14:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2011/11/13 13:12:38 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\Citrix
[2011/11/13 13:12:13 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\Deployment
[2011/11/13 13:12:13 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\Apps
[2011/11/13 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\SpeedyPC Software
[2011/11/13 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\DriverCure
[2011/11/13 12:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2011/11/11 13:48:23 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\New Folder (1)
[2011/11/11 13:47:54 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\New Folder
[2011/11/06 08:04:33 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\PC Cleaners
[2011/11/06 08:04:26 | 005,359,888 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/11/06 08:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2011/11/06 07:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AML Products
[2011/11/05 11:40:21 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\Xenocode
[2011/10/30 12:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ascentive
[2011/10/28 12:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2011/10/28 12:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\verizontb
[2011/10/28 12:11:45 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\DigiData
[2011/10/28 12:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Online Backup and Sharing
[2011/10/28 12:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DigiData
[2011/10/28 12:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon Online Backup
[2011/10/28 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Local\SupportSoft
[2011/10/28 12:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VERIZONDM
[2011/10/28 12:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2011/10/28 12:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SupportSoft
[2011/10/28 12:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon
[2011/10/28 11:47:44 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\AppData\Roaming\TechWizard
[2011/10/27 20:24:20 | 000,000,000 | ---D | C] -- C:\Users\Rebecca Marheine\PIMVLibraries
[2011/10/22 22:47:22 | 000,000,000 | ---D | C] -- C:\found.000

========== Files - Modified Within 30 Days ==========

[2011/11/21 19:33:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rebecca Marheine\Desktop\OTL.exe
[2011/11/21 19:29:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/21 19:29:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 19:29:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 19:29:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/21 19:29:07 | 4255,502,336 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/21 19:22:15 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/21 19:14:17 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2DC3A224-5A67-4900-B0EC-793D91740733}.job
[2011/11/21 19:06:49 | 000,006,756 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Local\d3d9caps.dat
[2011/11/21 17:35:17 | 431,117,067 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/20 22:12:31 | 000,000,512 | ---- | M] () -- C:\Users\Rebecca Marheine\Documents\MBR.dat
[2011/11/20 22:08:41 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Roaming\wklnhst.dat
[2011/11/20 22:05:04 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Rebecca Marheine\aswMBR.exe
[2011/11/20 21:12:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/20 19:58:14 | 000,000,512 | ---- | M] () -- C:\Users\Rebecca Marheine\MBR.dat
[2011/11/20 16:57:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rebecca Marheine\Desktop\dds.scr
[2011/11/20 16:10:48 | 000,302,592 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\zvc7670y.exe
[2011/11/20 14:29:23 | 000,000,974 | ---- | M] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/20 14:29:23 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/20 12:48:32 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Local\{34284B71-9489-46E6-83DE-EFBDFDC7B0DE}
[2011/11/20 12:36:53 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Local\{985C741A-D6C3-46D9-9E8D-8868269C08DB}
[2011/11/19 12:10:29 | 000,002,585 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2011/11/16 21:04:20 | 000,002,737 | ---- | M] () -- C:\Users\Public\Desktop\Verizon Online Backup.lnk
[2011/11/14 18:30:00 | 000,000,260 | ---- | M] () -- C:\Windows\SysWow64\cmdVBS.vbs
[2011/11/14 18:30:00 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\MSIevent.bat
[2011/11/08 07:38:53 | 000,648,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 07:38:53 | 000,119,758 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/08 07:38:53 | 000,004,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/06 08:03:59 | 005,359,888 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/10/28 12:16:58 | 000,000,000 | ---- | M] () -- C:\Users\Rebecca Marheine\AppData\Local\{F3F08FBF-79F0-47EA-A339-41A0904CDE06}
[2011/10/28 12:14:41 | 000,001,737 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\Click for Verizon Wi-Fi Setup.lnk
[2011/10/28 12:14:39 | 000,002,069 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\Verizon Message Center.lnk
[2011/10/28 12:14:39 | 000,001,949 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\My Verizon.lnk
[2011/10/28 11:50:08 | 000,001,931 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\FiOS Information.lnk
[2011/10/28 11:50:07 | 000,001,960 | ---- | M] () -- C:\Users\Rebecca Marheine\Desktop\Install Verizon Media Manager.lnk

========== Files Created - No Company Name ==========

[2011/11/21 19:11:26 | 4255,502,336 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/20 22:08:41 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Roaming\wklnhst.dat
[2011/11/20 21:59:32 | 000,000,512 | ---- | C] () -- C:\Users\Rebecca Marheine\MBR.dat
[2011/11/20 20:20:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/20 20:20:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/20 20:20:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/20 20:20:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/20 20:20:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/20 19:58:14 | 000,000,512 | ---- | C] () -- C:\Users\Rebecca Marheine\Documents\MBR.dat
[2011/11/20 16:04:48 | 000,302,592 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\zvc7670y.exe
[2011/11/20 14:29:23 | 000,000,974 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/20 14:29:23 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/20 14:29:17 | 000,025,416 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/20 12:51:52 | 431,117,067 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/20 12:48:32 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\{34284B71-9489-46E6-83DE-EFBDFDC7B0DE}
[2011/11/20 12:36:53 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\{985C741A-D6C3-46D9-9E8D-8868269C08DB}
[2011/11/20 00:43:32 | 000,000,414 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{2DC3A224-5A67-4900-B0EC-793D91740733}.job
[2011/11/13 15:00:12 | 000,000,958 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/11/13 15:00:12 | 000,000,935 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/13 15:00:12 | 000,000,930 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/13 15:00:12 | 000,000,258 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/11/13 15:00:12 | 000,000,240 | ---- | C] () -- C:\Users\Rebecca Marheine\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/11/13 15:00:10 | 000,002,737 | ---- | C] () -- C:\Users\Public\Desktop\Verizon Online Backup.lnk
[2011/11/13 15:00:10 | 000,002,585 | ---- | C] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2011/11/13 15:00:10 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/13 15:00:10 | 000,001,718 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/13 15:00:10 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
[2011/11/13 15:00:10 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/11/13 14:57:30 | 003,908,082 | ---- | C] () -- C:\Users\Rebecca Marheine\Documents\VRTOOLS.zip
[2011/11/13 14:45:15 | 000,293,776 | ---- | C] () -- C:\Users\Rebecca Marheine\Documents\autoruns.zip
[2011/10/28 12:16:58 | 000,000,000 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\{F3F08FBF-79F0-47EA-A339-41A0904CDE06}
[2011/10/28 12:14:41 | 000,001,737 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\Click for Verizon Wi-Fi Setup.lnk
[2011/10/28 12:14:39 | 000,002,069 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\Verizon Message Center.lnk
[2011/10/28 12:14:39 | 000,001,949 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\My Verizon.lnk
[2011/10/28 12:12:50 | 000,000,260 | ---- | C] () -- C:\Windows\SysWow64\cmdVBS.vbs
[2011/10/28 12:12:50 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\MSIevent.bat
[2011/10/28 12:11:51 | 023,896,576 | ---- | C] () -- C:\Windows\VzInHomeAgentInstaller.msi
[2011/10/28 12:05:31 | 009,782,784 | ---- | C] () -- C:\Windows\VerizonDM.msi
[2011/10/28 11:50:08 | 000,001,931 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\FiOS Information.lnk
[2011/10/28 11:50:07 | 000,001,960 | ---- | C] () -- C:\Users\Rebecca Marheine\Desktop\Install Verizon Media Manager.lnk
[2009/12/09 18:57:23 | 000,003,584 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/15 12:10:39 | 000,006,756 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Local\d3d9caps.dat
[2009/06/08 14:38:33 | 001,058,871 | ---- | C] () -- C:\Users\Rebecca Marheine\AppData\Roaming\UserTile.png
[2009/06/03 16:37:52 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/05/08 08:24:24 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/05/08 08:24:24 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/05/08 08:24:24 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/05/08 08:16:38 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/05/08 08:16:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/05/08 06:02:21 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/10/28 12:11:45 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\DigiData
[2011/11/13 12:22:07 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\DriverCure
[2011/11/06 08:04:33 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\PC Cleaners
[2009/10/26 16:30:54 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\Smith Micro
[2011/11/13 12:22:07 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\SpeedyPC Software
[2011/10/28 12:01:31 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\TechWizard
[2011/11/20 22:08:42 | 000,000,000 | ---D | M] -- C:\Users\Rebecca Marheine\AppData\Roaming\Template
[2011/11/21 19:28:27 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/21 19:14:17 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2DC3A224-5A67-4900-B0EC-793D91740733}.job

 

[Broni]

The log is incomplete.
Please repost it.