I was out of town for three days and just saw your post. Sorry for the delay but I should be able to follow the instructions from your initial thread today. Thanks for getting back to me.
I was out of town for three days and just saw your post. Sorry for the delay but I should be able to follow the instructions from your initial thread today. Thanks for getting back to me.
Hi,
Member of UNITE and ASAP
OK, I copied the files from the earlier post to a CD and put them on the desktop of the infected computer. When I clicked on GMER the options on the right hand side of the page were gray'ed out and not selected? I tried it in both regular mode and safe mode with no luck.
Hi Steveo4571,
You may have gotten a corrupt download. Did you antivirus progam give a warning when you downloaded GMER? It may also been corrupted when you transfered it to the CD.
If you still have GMER on the clean computer you downloaded it to, you may want to try running it on that computer. Don't do the scan just open the program and see if it will do the first brief little scan or if the boxes are grayed out. If they are you will need to get a new copy.
While you are trying that please run the OTL scan. We may be able to see enough to get the infected computer back online. It's much easier to deal directly with the infected computer.
Thanks
Member of UNITE and ASAP
I checked the GMER on the disk and the computer I downloaded it to and it looked fine. When I tried it again on my infected machine it still grayed out the options at the right hand side of the page. Bummer.
I was able to run the OTL program and here is the output from the scans.
OTL
OTL logfile created on: 9/8/2010 3:50:40 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Steve\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.71 Gb Total Space | 258.08 Gb Free Space | 57.26% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.60 Gb Free Space | 30.64% Space Free | Partition Type: NTFS
Drive E: | 0.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MELDRUM-STUDIO
Current User Name: Steve
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\SOS\SOSNF\sosnflsv.exe (Solid Oak Software)
PRC - C:\Program Files (x86)\SOS\SOSNF\sosnfusv.exe (Solid Oak Software)
PRC - C:\Program Files (x86)\SOS\SOSNF\sosnffsv.exe (Solid Oak Software)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
PRC - c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - c:\Program Files (x86)\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - c:\Program Files (x86)\McAfee\MSC\mcupdui.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe (Dell Inc.)
PRC - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
========== Modules (SafeList) ==========
MOD - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\msi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\sfc_os.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\sfc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\msiltcfg.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (lxea_device) -- C:\Windows\SysNative\lxeacoms.exe ( )
SRV:64bit: - (lxeaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SOSNFLSV) -- C:\Program Files (x86)\SOS\SOSNF\sosnflsv.exe (Solid Oak Software)
SRV - (sosnfusv) -- C:\Program Files (x86)\SOS\SOSNF\sosnfusv.exe (Solid Oak Software)
SRV - (SOSNFFSV) -- C:\Program Files (x86)\SOS\SOSNF\sosnffsv.exe (Solid Oak Software)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (mcmscsvc) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (lxea_device) -- C:\Windows\SysWow64\lxeacoms.exe ( )
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (sosnf64) -- C:\Windows\SysNative\drivers\sosnf64.sys (NetFilterSDK.com)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys (McAfee, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (Packet) -- C:\WINDOWS\SysWOW64\drivers\packet.sys (SingleClick Systems)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ww2.cox.com/myconnection/arizona/home.cox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activ...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 14:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{1a83b1fd-98ce-11de-a9b2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1a83b1fd-98ce-11de-a9b2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo - vfwwdm32.dll (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010/09/07 16:42:03 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/09/01 10:13:24 | 000,242,176 | ---- | C] (Security Suites Corporation) -- C:\Users\Steve\AppData\Local\syssvc.exe
[2010/08/29 08:09:03 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\sryipycgi
[2010/08/13 04:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/13 04:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/12 13:27:05 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/12 13:27:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/12 13:26:40 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/12 13:26:37 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/12 13:26:24 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/12 13:26:22 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/12 13:26:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/12 13:26:22 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/12 13:26:21 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/12 13:26:21 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/12 13:26:21 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/12 13:26:21 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/12 13:26:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/12 13:26:21 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/12 13:26:21 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/12 13:26:21 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/12 13:26:20 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/12 13:26:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/12 13:26:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/12 13:26:20 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/12 13:26:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/12 13:26:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/12 13:26:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/12 13:26:20 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/12 13:26:20 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/12 13:26:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/12 13:26:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/01/19 18:26:58 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Steve\AppData\Roaming\DataSafeDotNet.exe
[2009/12/06 16:04:11 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2009/12/06 16:04:11 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2009/12/06 16:04:11 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2009/12/06 16:04:10 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2009/12/06 16:04:10 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2009/12/06 16:04:10 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2009/12/06 16:04:10 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2009/12/06 16:04:10 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2009/12/06 16:04:10 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/09/08 15:53:00 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2E5CE89E-2BF1-40A8-926B-4F496328B539}.job
[2010/09/08 15:53:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0B32DC5F-32A3-40BC-B76A-3728F5A1E558}.job
[2010/09/08 15:50:18 | 002,097,152 | -HS- | M] () -- C:\Users\Steve\ntuser.dat
[2010/09/08 15:48:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 15:48:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 15:48:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/08 15:36:59 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/08 15:36:37 | 000,018,179 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/09/08 15:36:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/07 16:47:10 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2010/09/07 16:46:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/07 16:46:35 | 2110,971,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/07 16:45:10 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000002.regtrans-ms
[2010/09/07 16:45:10 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000001.regtrans-ms
[2010/09/07 16:45:10 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TM.blf
[2010/09/07 07:12:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/09/07 07:11:28 | 000,293,376 | ---- | M] () -- C:\Users\Steve\Desktop\3uo48hx0.exe
[2010/09/01 10:13:26 | 000,242,176 | ---- | M] (Security Suites Corporation) -- C:\Users\Steve\AppData\Local\syssvc.exe
[2010/08/29 20:50:25 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{078f975f-a676-11de-8dcf-0021705e1149}.TMContainer00000000000000000001.regtrans-ms
[2010/08/29 20:50:25 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{078f975f-a676-11de-8dcf-0021705e1149}.TM.blf
[2010/08/29 15:09:55 | 000,023,552 | ---- | M] () -- C:\Users\Steve\Desktop\U-14 Girls Fall 2010.xls
[2010/08/29 08:08:41 | 000,096,256 | ---- | M] () -- C:\Users\Steve\Desktop\0.005620001379621042.exe
[2010/08/25 16:12:33 | 000,024,064 | ---- | M] () -- C:\Users\Steve\Desktop\U-14 Boys Fall 2010.xls
[2010/08/23 07:30:11 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/23 07:30:11 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/23 07:30:11 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/21 15:58:02 | 000,192,000 | ---- | M] () -- C:\Users\Steve\Desktop\fall league matt.ppt
[2010/08/13 05:04:27 | 000,302,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/13 04:57:16 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/08/13 04:57:16 | 000,001,866 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/13 04:53:25 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/07 16:46:35 | 2110,971,904 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/07 16:41:56 | 000,293,376 | ---- | C] () -- C:\Users\Steve\Desktop\3uo48hx0.exe
[2010/09/07 16:40:47 | 000,524,288 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000002.regtrans-ms
[2010/09/07 16:40:47 | 000,524,288 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000001.regtrans-ms
[2010/09/07 16:40:47 | 000,065,536 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TM.blf
[2010/08/29 08:08:40 | 000,096,256 | ---- | C] () -- C:\Users\Steve\Desktop\0.005620001379621042.exe
[2010/08/23 16:09:30 | 000,024,064 | ---- | C] () -- C:\Users\Steve\Desktop\U-14 Boys Fall 2010.xls
[2010/08/23 16:08:59 | 000,023,552 | ---- | C] () -- C:\Users\Steve\Desktop\U-14 Girls Fall 2010.xls
[2010/08/21 15:58:01 | 000,192,000 | ---- | C] () -- C:\Users\Steve\Desktop\fall league matt.ppt
[2010/08/13 04:53:25 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/20 17:01:41 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/12/11 18:36:59 | 000,000,680 | ---- | C] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
[2009/12/06 17:02:20 | 000,087,148 | ---- | C] () -- C:\ProgramData\lxeaJSW.log
[2009/12/06 17:02:04 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2009/12/06 16:56:50 | 000,173,995 | ---- | C] () -- C:\ProgramData\lxea.log
[2009/12/06 16:09:00 | 000,726,633 | ---- | C] () -- C:\ProgramData\lxeascan.log
[2009/12/06 16:04:12 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2009/12/06 16:04:11 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2009/12/06 16:04:11 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2009/12/06 16:04:11 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2009/12/06 16:04:11 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2009/12/06 16:04:11 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2009/12/06 16:04:10 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2009/12/06 16:04:10 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2009/12/06 16:04:10 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2009/12/06 16:00:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2009/12/06 16:00:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2009/12/06 16:00:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2009/12/06 16:00:35 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2009/12/06 16:00:35 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2009/12/03 07:21:42 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 07:19:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/20 22:39:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/20 18:26:51 | 000,015,360 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
========== LOP Check ==========
[2010/05/31 08:50:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GARMIN
[2009/09/26 22:58:15 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WildTangent
[2010/09/07 16:47:10 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\RtlNICDiagVistaStart.job
[2010/08/29 20:50:34 | 000,032,580 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010/09/08 15:58:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0B32DC5F-32A3-40BC-B76A-3728F5A1E558}.job
[2010/09/08 15:58:00 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2E5CE89E-2BF1-40A8-926B-4F496328B539}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/09/03 22:06:52 | 000,005,498 | RH-- | M] () -- C:\dell.sdr
[2010/09/07 16:46:35 | 2110,971,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/07 16:46:33 | 2424,713,216 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/11/02 08:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/12/11 21:39:25 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 14:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\user32.dll /md5 >
[2009/04/10 23:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\WINDOWS\SysWOW64\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 19:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\WINDOWS\SysWOW64\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 02:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\WINDOWS\SysWOW64\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >
EXTRAS.TXT
OTL Extras logfile created on: 9/8/2010 3:50:40 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Steve\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.71 Gb Total Space | 258.08 Gb Free Space | 57.26% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.60 Gb Free Space | 30.64% Space Free | Partition Type: NTFS
Drive E: | 0.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MELDRUM-STUDIO
Current User Name: Steve
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 52 D6 B7 AC 3B 7B CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10E1313C-9A5A-46A2-9C91-2FFD212BB991}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{14BD780B-A6D9-4D4E-AC72-7C6A8782AC83}" = lport=137 | protocol=17 | dir=in | app=system |
"{57BF5756-4470-4EC3-8961-AF3DD3EA11C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5FBF84DF-48B1-45F8-902B-6978E7472476}" = lport=138 | protocol=17 | dir=in | app=system |
"{67541881-6916-4F8D-8772-949B09A08110}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7C2EC6D6-720E-4058-8E3E-0C465FCC8445}" = rport=445 | protocol=6 | dir=out | app=system |
"{8C776FF4-76DE-45A5-AB0A-277780038AD5}" = lport=445 | protocol=6 | dir=in | app=system |
"{95EBA9E1-C47A-4FB4-A607-601069EA02B9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A9CF666F-8CCA-43D4-A7C9-33652F0C5D7C}" = lport=139 | protocol=6 | dir=in | app=system |
"{CD7D16AA-932A-4D57-A7B8-0D39C7E1687B}" = rport=137 | protocol=17 | dir=out | app=system |
"{EA196AB1-51D9-4239-83F5-1D463F12E8E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{FE147F4E-7302-45B7-9C51-BCB6EE7A8540}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E506D7-84B3-4587-94F2-BAEC7B15F4CC}" = protocol=6 | dir=in | app=c:\windows\system32\lxeacoms.exe |
"{1368F49D-ED4A-415E-8610-B9217813C0F4}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1379F1F7-6A18-4BAC-9F28-B9255976CF91}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{1B92086C-DAB4-43A6-8AC2-599A10456D13}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1BAC7A3B-743C-4291-A4F6-F955972F10F7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{1BF76E0C-49C3-4E13-B8C2-AE393A1455E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1CCD0D59-817F-4B0F-AB9A-FC5B4776B906}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{1E139BB6-9026-4A50-9D9A-464094D60316}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1F6C1844-A2A3-4435-A134-B28BDF6EC807}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{1FBEBEB6-5669-4E47-B2A5-5B8E4830202C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{204EC86A-DFB6-4915-8667-94A6DC6B3F4A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{22092DA7-DDA3-4A4D-9113-B9BEC2339321}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{36E3CEB0-A8D6-4D50-B9C2-9C3238B43921}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{456CB9E5-BCF6-4F54-B9FF-66D27B225361}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{478FD92F-CE4A-4249-994C-25D4D450AA37}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4F021DAE-7600-4854-86CD-528D53319C22}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{52008BB4-E1FA-44AF-8C10-697FCF96CFD9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5876CBED-F4E9-4D94-B96E-FE69A27562B9}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{5C5B647F-739E-42E5-80E6-FC51AAE5BA0C}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{770737A9-B921-4FCB-963D-99949BDFCCE8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{7A51CC22-B083-47C3-875C-B472963317C0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{831CA45F-C0E4-4218-974F-E4ACD8D0D21F}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{869AAA88-61BA-4FA6-9DA3-B066C4AC8500}" = protocol=17 | dir=in | app=c:\windows\system32\lxeacoms.exe |
"{9DD6B3BB-311D-4A6B-A25B-A71FD5D1CAEF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A3916B5F-CE25-4BA6-8511-E6FFA14C1316}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A8677778-7117-4CB6-B551-087629EE825E}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{ACF971CE-A95E-456B-8B0E-3DE90DD8D734}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{C0A6EADA-F6F0-4EDF-AED5-8C672955472F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C4F78966-C929-4964-A1ED-C1E8509080C2}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{DC4AA50C-F0FF-4BCE-B421-E04EF5CE2CDC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DEBE69A8-939A-40EF-B2C8-98C4EF8540F0}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{EF287A7C-A5FD-4710-8EC1-D72CE74A10A0}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{FDD6DA5E-F357-4045-9FAA-6E95F0D29DE9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{55E76113-3899-4A63-A308-71A9BD3491EE}" = MobileMe Control Panel
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2D6CC267-A37C-467A-92F0-CD8BAB01D1FE}" = Teacher Content for Learning Essentials
"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4BF1D2E7-F003-4AD9-9820-525126BA9038}" = Gotcha!
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{903A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
"{90530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC2FA8DF-25B8-49AC-AEA7-6F4489CC04F7}" = bodybugg Software
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Aleks 3.11" = Aleks 3.11
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"GameSpy Arcade" = GameSpy Arcade
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{DC2FA8DF-25B8-49AC-AEA7-6F4489CC04F7}" = bodybugg Software
"MSC" = McAfee SecurityCenter
"RealArcade" = RealArcade
"SelectRebatesUninstall" = ShopAtHome SelectRebates
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT081703" = Delicious 2 Deluxe
"WT083294" = Tropical Farm
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
"zumadeluxe" = Zuma Deluxe
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/25/2010 12:56:35 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3650
Error - 8/25/2010 12:56:36 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 8/25/2010 12:56:36 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4649
Error - 8/25/2010 12:56:36 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4649
Error - 8/25/2010 12:56:37 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 8/25/2010 12:56:37 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5647
Error - 8/25/2010 12:56:37 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5647
Error - 8/25/2010 12:56:38 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 8/25/2010 12:56:38 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6661
Error - 8/25/2010 12:56:38 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6661
[ Media Center Events ]
Error - 2/10/2010 8:23:03 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 2/14/2010 8:32:39 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 2/16/2010 12:46:04 AM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 2/21/2010 8:43:31 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 2/26/2010 8:37:12 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 3/20/2010 11:04:19 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 4/20/2010 9:34:20 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/17/2010 8:28:42 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/28/2010 3:27:11 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 9/7/2010 7:41:04 PM | Computer Name = Meldrum-Studio | Source = DCOM | ID = 10005
Description =
Error - 9/7/2010 7:41:04 PM | Computer Name = Meldrum-Studio | Source = DCOM | ID = 10005
Description =
Error - 9/7/2010 7:41:04 PM | Computer Name = Meldrum-Studio | Source = DCOM | ID = 10005
Description =
Error - 9/7/2010 7:41:04 PM | Computer Name = Meldrum-Studio | Source = Service Control Manager | ID = 7001
Description =
Error - 9/7/2010 7:41:04 PM | Computer Name = Meldrum-Studio | Source = Service Control Manager | ID = 7001
Description =
Error - 9/7/2010 7:41:37 PM | Computer Name = Meldrum-Studio | Source = Service Control Manager | ID = 7001
Description =
Error - 9/7/2010 7:41:38 PM | Computer Name = Meldrum-Studio | Source = DCOM | ID = 10005
Description =
Error - 9/7/2010 7:41:38 PM | Computer Name = Meldrum-Studio | Source = Service Control Manager | ID = 7001
Description =
Error - 9/7/2010 7:43:41 PM | Computer Name = Meldrum-Studio | Source = DCOM | ID = 10005
Description =
Error - 9/7/2010 8:23:21 PM | Computer Name = Meldrum-Studio | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Hi Steveo4571,
It's a 64bit system so that would explain the GMER problem.
Next, Right click on OTL.exe and chose Run as Administrator to run it
- Under the Custom Scans/Fixes box at the bottom, paste in the following
- Do Not copy the word CODE
- please note the fix starts with the :
Then click the Run Fix button at the topCode::Services :OTL IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome) O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome) O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 2010/09/01 10:13:24 | 000,242,176 | ---- | C] (Security Suites Corporation) -- C:\Users\Steve\AppData\Local\syssvc.exe [2010/08/29 08:09:03 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\sryipycgi :Files ipconfig /flushdns /c :Commands [emptytemp] [Reboot]
Please post the OTL fix log in your next reply.
- Let the program run unhindered
- Please save the resulting log to be posted in your next reply.
Try to access the internet with the infected machine. If you are able to access the internet please down load these 2 tools and post the logs.
Please download MBRCheck.exe to your desktop.
- Be sure to disable your security programs
- Right click on the file and select "Run as Adminstrator" to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
- A window will open on your desktop
- if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
- If nothing unusual is found just press Enter
- A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
- Please post the contents of that file.
Next
Download and save to your desktop Malwarebytes Anti-Malware
Right Click mbam-setup.exe and select "Run as Adminstrator" to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Next
- Right click on OTL.exe and select "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output
- UNCheck the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window, OTL.Txt, no Extras.Txtthis time.
Please post back withAre you on line now?
- OTL fix log
- MBRCheck log
- MBAM log
- new OTL.txt
How's the computer?
Thanks
Member of UNITE and ASAP