need help getting my hijack log

View previous topic View next topic Go down

need help getting my hijack log

Post by raymegardner on Wed Feb 10, 2010 3:08 pm

I can not copy or paste my hijack log, I get a error message regarding hijack host file, followed the instructions, still not working, now my computer is running super slow...please help!

raymegardner
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-02-10
OS : Windows Vista

View user profile

Back to top Go down

Re: need help getting my hijack log

Post by Belahzur on Wed Feb 10, 2010 7:28 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

1st half of log

Post by raymegardner on Thu Feb 18, 2010 1:19 pm

Ok, finally gor this to work per you instructions, THANK YOU!!! Here is the log:

OTL logfile created on: 2/18/2010 10:11:36 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Rayme\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.31 Gb Total Space | 153.03 Gb Free Space | 69.46% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.69 Gb Free Space | 56.92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 967.73 Mb Total Space | 961.55 Mb Free Space | 99.36% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAYME-PC
Current User Name: Rayme
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/18 10:04:17 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Rayme\Downloads\OTL.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/12/11 09:08:08 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/11/10 15:39:26 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/05/21 06:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/19 08:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/10 22:28:11 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 05:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2009/02/06 14:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/11/26 08:17:42 | 000,325,504 | ---- | M] () -- C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 15:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/03 05:59:52 | 001,457,256 | ---- | M] (AT&T) -- C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
PRC - [2008/03/21 02:47:42 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/01/24 22:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/18 23:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/18 23:33:40 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/18 23:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/09 13:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/01/01 19:44:38 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/01 19:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008/01/01 19:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/12/02 21:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/11/01 12:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/10/11 06:49:50 | 000,465,136 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
PRC - [2007/08/24 04:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/08/03 22:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/27 13:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/07/24 22:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/07/24 09:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 12:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/07/13 11:14:56 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/06/15 13:52:36 | 000,331,851 | ---- | M] () -- C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
PRC - [2007/05/25 08:39:38 | 000,964,144 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
PRC - [2007/05/25 08:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2007/05/11 03:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2007/05/09 02:52:48 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/05/09 02:52:44 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/05/09 02:52:44 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/09 02:52:44 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/04/28 21:24:30 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/04/27 05:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/04/08 22:48:34 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTSVCCDA.EXE
PRC - [2007/04/03 13:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/03/21 11:33:44 | 001,548,288 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2007/03/21 11:33:44 | 000,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2007/03/21 11:33:42 | 001,724,416 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2007/03/12 01:27:02 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdjcoms.exe
PRC - [2007/03/05 18:40:40 | 000,020,480 | ---- | M] (Lexmark) -- C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
PRC - [2007/01/25 14:59:26 | 000,118,784 | ---- | M] (ArcSoft) -- C:\Program Files\PhotoStudio Expressions\PMMonitor.exe
PRC - [2006/11/27 06:14:52 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
PRC - [2006/11/03 15:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/03 14:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 14:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (SafeList) ==========

MOD - [2010/02/18 10:04:17 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Rayme\Downloads\OTL.exe
MOD - [2009/04/10 22:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2009/04/10 22:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/11 09:08:08 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/19 08:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/08 19:44:18 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9d0587d0b4706) Google Update Service (gupdate1c9d0587d0b4706)
SRV - [2009/05/08 19:43:10 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/03 22:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/08/13 15:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/03/21 02:47:42 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/01/24 22:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/09 13:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2008/01/01 19:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/01 19:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/10/11 06:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/08/24 04:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/07/25 00:16:16 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/07/24 22:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/07/24 09:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 12:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/05/25 08:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/04/28 21:24:30 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/04/08 22:48:34 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\System32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)
SRV - [2007/04/03 13:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/21 11:33:44 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2007/03/12 01:27:02 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdjcoms.exe -- (lxdj_device)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/05/20 10:37:12 | 000,081,920 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver)
SRV - [2004/10/16 05:31:06 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server)


========== Driver Services (SafeList) ==========

DRV - [2008/11/20 11:19:06 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/16 18:03:57 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\PzWDM.sys -- (PzWDM)
DRV - [2008/04/16 14:51:56 | 000,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2008/03/21 10:28:32 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/03/21 10:28:32 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/03/21 10:28:32 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/01 19:44:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/02 21:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/12/02 21:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/10/04 18:24:00 | 007,628,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/23 15:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/07/24 09:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 04:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 06:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 06:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 06:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 06:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/07/04 04:01:42 | 000,178,176 | ---- | M] (Novatel Wireless Inc) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nwadienum.sys -- (NWADI)
DRV - [2007/07/04 04:01:42 | 000,092,288 | ---- | M] (Novatel Wireless Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nwdelser2.sys -- (NWDellPort2)
DRV - [2007/07/04 04:01:42 | 000,092,288 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwdelser.sys -- (NWDellPort)
DRV - [2007/07/04 04:01:42 | 000,092,288 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwdelmdm.sys -- (NWDellModem)
DRV - [2007/05/30 13:50:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/05/10 21:20:12 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/05/09 02:52:42 | 000,157,184 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/04/28 21:24:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/28 21:24:28 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/04/28 21:24:28 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/04/28 21:24:28 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/04/28 21:24:28 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2007/04/25 02:13:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/04/25 00:15:06 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/04/25 00:15:06 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/04/25 00:15:04 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/04/03 13:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/03/21 11:33:46 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/01/31 10:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 11:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/18 16:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/06 17:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 15:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 15:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 23:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/01 22:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/05 13:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/04/12 16:04:39 | 000,049,664 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/04/12 16:04:39 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/04/12 16:04:39 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HPZipr12.sys -- (HPZipr12)

raymegardner
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-02-10
OS : Windows Vista

View user profile

Back to top Go down

Re: need help getting my hijack log

Post by raymegardner on Thu Feb 18, 2010 1:21 pm

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 D3 0B A8 48 8C CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Fast Browser Search\IE\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2010/01/12 10:49:31 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Family Toolbar\mhxpcomi.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Fast Browser Search) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AT&T Dial Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe (AT&T)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FBSearch] C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [lxdjamon] C:\Program Files\Lexmark 1400 Series\lxdjamon.exe (Lexmark)
O4 - HKLM..\Run: [LXDJCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXDJtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [lxdjmon.exe] C:\Program Files\Lexmark 1400 Series\lxdjmon.exe File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [systray] C:\Program Files\Dell\Dell Mobile Broadband\systray.exe ()
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: verisign.com ([digitalid] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} [You must be registered and logged in to see this link.] (CSEQueryObject Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 71.9.127.107
O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Family Toolbar\mhxpcomi.dll ()
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rayme\Pictures\My Art\rayme's 247.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rayme\Pictures\My Art\rayme's 247.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6ebd2778-880d-11de-9e97-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6ebd2778-880d-11de-9e97-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{be321386-3a80-11dd-8b4d-001e4ce50c90}\Shell - "" = AutoRun
O33 - MountPoints2\{be321386-3a80-11dd-8b4d-001e4ce50c90}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/18 00:18:23 | 000,000,000 | ---D | C] -- C:\Users\Rayme\AppData\Local\Yahoo
[2010/02/18 00:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/02/18 00:10:07 | 000,000,000 | ---D | C] -- C:\Users\Rayme\AppData\Roaming\Yahoo!
[2010/02/18 00:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/02/18 00:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/02/10 15:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\FamilySearch
[2010/02/10 11:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/10 10:43:20 | 000,000,000 | ---D | C] -- C:\Users\Rayme\AppData\Roaming\Malwarebytes
[2010/02/10 10:43:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/10 10:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/10 10:43:13 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/10 10:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/10 08:17:18 | 000,000,000 | ---D | C] -- C:\Users\Rayme\.FamilySearchIndexing
[2010/02/10 08:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/02/10 08:14:35 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/02/10 08:14:35 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/02/10 08:14:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/02/10 08:14:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/02/10 03:32:35 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 03:32:35 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 03:32:26 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 03:32:23 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/10 03:32:21 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 03:32:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/01/31 17:09:02 | 000,000,000 | ---D | C] -- C:\Users\Rayme\AppData\Roaming\Apple Computer
[2010/01/31 17:09:02 | 000,000,000 | ---D | C] -- C:\Users\Rayme\AppData\Local\Apple Computer
[2010/01/31 17:08:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/01/31 17:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/22 08:04:33 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/22 08:04:32 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/22 08:04:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/22 08:04:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/22 08:04:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/22 08:04:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/22 08:04:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/22 08:04:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/22 08:04:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/22 08:04:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/22 08:04:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/22 08:04:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/22 08:04:27 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/22 08:04:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/20 13:39:09 | 000,016,496 | ---- | C] (HP) -- C:\Windows\System32\drivers\HPZipr12.sys
[2010/01/20 13:39:03 | 000,049,664 | ---- | C] (HP) -- C:\Windows\System32\drivers\HPZid412.sys
[2010/01/20 13:37:46 | 000,038,400 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpz3l054.dll
[2010/01/20 13:36:00 | 000,282,624 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\HPZc3212.dll
[2010/01/20 13:36:00 | 000,021,568 | ---- | C] (HP) -- C:\Windows\System32\drivers\HPZius12.sys
[2010/01/19 12:27:51 | 000,000,000 | R--D | C] -- C:\Users\Rayme\Documents\Scanned Documents
[2010/01/19 12:27:50 | 000,000,000 | ---D | C] -- C:\Users\Rayme\Documents\Fax
[2009/12/03 08:11:04 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdjinpa.dll
[2009/12/03 08:11:04 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdjiesc.dll
[2009/12/03 08:11:04 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxdjhcp.dll
[2009/12/03 08:11:03 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxdjserv.dll
[2009/12/03 08:11:03 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxdjusb1.dll
[2009/12/03 08:11:02 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdjpmui.dll
[2009/12/03 08:11:02 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdjprox.dll
[2009/12/03 08:11:02 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdjpplc.dll
[2009/12/03 08:11:01 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdjlmpm.dll
[2009/12/03 08:10:59 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxdjhbn3.dll
[2009/12/03 08:10:58 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxdjcomm.dll
[2009/12/03 08:10:57 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdjcomc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/18 10:12:54 | 010,223,616 | -HS- | M] () -- C:\Users\Rayme\ntuser.dat
[2010/02/18 10:10:21 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D3FC23C6-4D03-406F-A4E1-2B7E5C3DAE07}.job
[2010/02/18 10:07:52 | 000,019,842 | ---- | M] () -- C:\Users\Rayme\Documents\Prework.docx
[2010/02/18 09:50:32 | 000,002,517 | ---- | M] () -- C:\Users\Rayme\Desktop\HiJackThis.lnk
[2010/02/18 09:32:13 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/18 09:17:53 | 000,034,323 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/02/18 09:17:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/02/18 09:16:15 | 000,027,335 | ---- | M] () -- C:\Users\Rayme\AppData\Roaming\nvModes.001
[2010/02/18 09:14:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/18 09:14:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/18 09:14:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/18 09:14:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/18 09:14:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/18 09:14:25 | 2143,375,360 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/18 00:41:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/02/18 00:41:12 | 000,524,288 | -HS- | M] () -- C:\Users\Rayme\ntuser.dat{23666538-61ea-11de-90fb-001d09c4c910}.TMContainer00000000000000000001.regtrans-ms
[2010/02/18 00:41:12 | 000,065,536 | -HS- | M] () -- C:\Users\Rayme\ntuser.dat{23666538-61ea-11de-90fb-001d09c4c910}.TM.blf
[2010/02/18 00:40:58 | 002,097,265 | -H-- | M] () -- C:\Users\Rayme\AppData\Local\IconCache.db
[2010/02/18 00:10:25 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{d0a63fbf-1c63-11df-8f84-a9c8aca932eb}.TMContainer00000000000000000002.regtrans-ms
[2010/02/18 00:10:25 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{d0a63fbf-1c63-11df-8f84-a9c8aca932eb}.TMContainer00000000000000000001.regtrans-ms
[2010/02/18 00:10:25 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2010/02/18 00:10:25 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{d0a63fbf-1c63-11df-8f84-a9c8aca932eb}.TM.blf
[2010/02/18 00:09:52 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/02/17 09:40:11 | 000,019,236 | ---- | M] () -- C:\Users\Rayme\Documents\FAFSA on the Web Submission Confirmation.docx
[2010/02/16 17:37:03 | 000,126,976 | ---- | M] () -- C:\Users\Rayme\Documents\Genealogy Gardner.paf
[2010/02/16 17:37:02 | 000,010,443 | ---- | M] () -- C:\Users\Rayme\Documents\Genealogy Gardner.zip
[2010/02/16 17:19:18 | 000,010,240 | ---- | M] () -- C:\Users\Rayme\Documents\Robert Lee Gardner 1880 census.docx
[2010/02/16 16:22:15 | 000,289,479 | ---- | M] () -- C:\Users\Rayme\Documents\4163658_3019 Guver Gardner Douglas
[2010/02/16 16:19:32 | 000,000,053 | -H-- | M] () -- C:\Users\Rayme\Documents\.picasa.ini
[2010/02/16 15:57:59 | 000,286,351 | ---- | M] () -- C:\Users\Rayme\Documents\4166820_3431death sue b gardner
[2010/02/16 15:55:19 | 000,010,121 | ---- | M] () -- C:\Users\Rayme\Documents\Sue Bogard Gardner 1920 Census.docx
[2010/02/14 10:06:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null
[2010/02/11 16:32:50 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/02/10 15:19:34 | 000,001,797 | ---- | M] () -- C:\Users\Public\Desktop\PAF 5.lnk
[2010/02/10 12:41:15 | 000,001,906 | ---- | M] () -- C:\Users\Rayme\Desktop\FamilySearch Indexing.lnk
[2010/02/10 10:43:18 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/10 09:39:36 | 000,014,848 | ---- | M] () -- C:\Users\Rayme\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/10 08:14:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/02/10 08:14:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/02/10 08:14:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/02/10 08:14:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/02/09 16:41:22 | 000,019,116 | ---- | M] () -- C:\Users\Rayme\Documents\fasfapin.docx
[2010/02/09 16:31:40 | 000,062,189 | ---- | M] () -- C:\Users\Rayme\Documents\fasfa.docx
[2010/02/09 09:36:03 | 000,000,236 | ---- | M] () -- C:\Users\Rayme\jobq.dat
[2010/02/08 16:57:14 | 000,051,517 | ---- | M] () -- C:\Users\Rayme\Documents\TaxReturn2009.pdf
[2010/02/06 19:37:57 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/03 18:00:19 | 000,023,552 | ---- | M] () -- C:\Users\Rayme\Documents\Denksportaufgabe(%202)%20(2)(2)(1).xlsx
[2010/02/01 08:23:12 | 000,102,593 | ---- | M] () -- C:\Users\Rayme\Documents\worksearchlog.pdf
[2010/01/28 14:04:36 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/28 14:04:36 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/28 14:04:36 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/28 12:20:55 | 000,292,724 | ---- | M] () -- C:\Users\Rayme\Documents\Rayme R SHORT RESUME 2.pdf
[2010/01/27 13:50:10 | 000,038,028 | ---- | M] () -- C:\Users\Rayme\Documents\royce.docx
[2010/01/20 13:34:17 | 000,027,335 | ---- | M] () -- C:\Users\Rayme\AppData\Roaming\nvModes.dat
[2010/01/20 11:12:07 | 000,071,168 | ---- | M] () -- C:\Users\Rayme\Documents\Income and Asset Questionairewith instructions[1].doc
[2010/01/20 10:58:23 | 000,010,536 | ---- | M] () -- C:\Users\Rayme\Documents\Questions.docx
[2010/01/19 12:21:03 | 000,016,837 | ---- | M] () -- C:\Users\Rayme\Documents\Rayme R3.docx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/18 10:07:51 | 000,019,842 | ---- | C] () -- C:\Users\Rayme\Documents\Prework.docx
[2010/02/18 00:10:25 | 000,524,288 | -HS- | C] () -- C:\ntuser.dat{d0a63fbf-1c63-11df-8f84-a9c8aca932eb}.TMContainer00000000000000000002.regtrans-ms
[2010/02/18 00:10:25 | 000,524,288 | -HS- | C] () -- C:\ntuser.dat{d0a63fbf-1c63-11df-8f84-a9c8aca932eb}.TMContainer00000000000000000001.regtrans-ms
[2010/02/18 00:10:25 | 000,262,144 | ---- | C] () -- C:\ntuser.dat
[2010/02/18 00:10:25 | 000,065,536 | -HS- | C] () -- C:\ntuser.dat{d0a63fbf-1c63-11df-8f84-a9c8aca932eb}.TM.blf
[2010/02/18 00:09:52 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/02/17 09:40:10 | 000,019,236 | ---- | C] () -- C:\Users\Rayme\Documents\FAFSA on the Web Submission Confirmation.docx
[2010/02/16 17:19:18 | 000,010,240 | ---- | C] () -- C:\Users\Rayme\Documents\Robert Lee Gardner 1880 census.docx
[2010/02/16 16:22:15 | 000,289,479 | ---- | C] () -- C:\Users\Rayme\Documents\4163658_3019 Guver Gardner Douglas
[2010/02/16 16:19:32 | 000,000,053 | -H-- | C] () -- C:\Users\Rayme\Documents\.picasa.ini
[2010/02/16 15:57:59 | 000,286,351 | ---- | C] () -- C:\Users\Rayme\Documents\4166820_3431death sue b gardner
[2010/02/16 15:55:18 | 000,010,121 | ---- | C] () -- C:\Users\Rayme\Documents\Sue Bogard Gardner 1920 Census.docx
[2010/02/12 07:19:10 | 2143,375,360 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/10 15:30:28 | 000,010,443 | ---- | C] () -- C:\Users\Rayme\Documents\Genealogy Gardner.zip
[2010/02/10 15:22:36 | 000,126,976 | ---- | C] () -- C:\Users\Rayme\Documents\Genealogy Gardner.paf
[2010/02/10 15:19:34 | 000,001,797 | ---- | C] () -- C:\Users\Public\Desktop\PAF 5.lnk
[2010/02/10 12:41:15 | 000,001,906 | ---- | C] () -- C:\Users\Rayme\Desktop\FamilySearch Indexing.lnk
[2010/02/10 11:14:43 | 000,002,517 | ---- | C] () -- C:\Users\Rayme\Desktop\HiJackThis.lnk
[2010/02/10 10:43:18 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/09 16:41:21 | 000,019,116 | ---- | C] () -- C:\Users\Rayme\Documents\fasfapin.docx
[2010/02/09 16:31:39 | 000,062,189 | ---- | C] () -- C:\Users\Rayme\Documents\fasfa.docx
[2010/02/08 16:57:14 | 000,051,517 | ---- | C] () -- C:\Users\Rayme\Documents\TaxReturn2009.pdf
[2010/02/06 19:37:57 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/03 18:00:18 | 000,023,552 | ---- | C] () -- C:\Users\Rayme\Documents\Denksportaufgabe(%202)%20(2)(2)(1).xlsx
[2010/02/01 08:23:12 | 000,102,593 | ---- | C] () -- C:\Users\Rayme\Documents\worksearchlog.pdf
[2010/01/31 15:52:28 | 000,000,236 | ---- | C] () -- C:\Users\Rayme\jobq.dat
[2010/01/28 12:20:53 | 000,292,724 | ---- | C] () -- C:\Users\Rayme\Documents\Rayme R SHORT RESUME 2.pdf
[2010/01/27 13:50:09 | 000,038,028 | ---- | C] () -- C:\Users\Rayme\Documents\royce.docx
[2010/01/20 13:37:53 | 000,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll
[2010/01/20 13:20:29 | 000,000,331 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/01/20 11:12:06 | 000,071,168 | ---- | C] () -- C:\Users\Rayme\Documents\Income and Asset Questionairewith instructions[1].doc
[2010/01/20 10:58:22 | 000,010,536 | ---- | C] () -- C:\Users\Rayme\Documents\Questions.docx
[2010/01/19 12:21:02 | 000,016,837 | ---- | C] () -- C:\Users\Rayme\Documents\Rayme R3.docx
[2010/01/08 11:32:44 | 000,000,287 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2010/01/08 11:31:29 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2009/12/03 08:15:20 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdjcoin.dll
[2009/12/03 08:11:24 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdjrwrd.ini
[2009/12/03 08:11:04 | 000,286,720 | ---- | C] () -- C:\Windows\System32\lxdjinst.dll
[2009/12/03 08:10:59 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdjgrd.dll
[2009/09/26 00:38:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/12 13:06:17 | 000,000,001 | ---- | C] () -- C:\Windows\System32\PTLCDBAS.INI
[2009/07/12 13:06:17 | 000,000,001 | ---- | C] () -- C:\Windows\System32\INIVALUE.INI
[2009/03/28 09:09:30 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/03/28 09:04:55 | 000,000,078 | ---- | C] () -- C:\Windows\EPSNX200.ini
[2009/03/14 11:18:40 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/04/25 04:06:06 | 000,007,592 | ---- | C] () -- C:\Users\Rayme\AppData\Local\d3d9caps.dat
[2008/04/01 21:16:42 | 000,000,452 | ---- | C] () -- C:\Users\Rayme\AppData\Roaming\wklnhst.dat
[2008/03/29 11:46:51 | 000,027,335 | ---- | C] () -- C:\Users\Rayme\AppData\Roaming\nvModes.001
[2008/03/29 11:36:30 | 000,027,335 | ---- | C] () -- C:\Users\Rayme\AppData\Roaming\nvModes.dat
[2008/03/29 11:10:56 | 000,014,848 | ---- | C] () -- C:\Users\Rayme\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/21 10:28:55 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/21 02:58:50 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/21 02:54:50 | 000,000,859 | ---- | C] () -- C:\Windows\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/03/21 02:48:24 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/03/21 02:48:24 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/03/21 02:48:24 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008/03/21 02:44:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/04/03 13:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/11/03 14:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/18 06:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdjvs.dll
[2006/03/28 09:10:42 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2001/11/14 09:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2008/07/11 13:27:30 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\Image Zone Express
[2009/07/12 15:15:18 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\Individual Software
[2009/03/28 09:21:17 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\Leadertech
[2009/12/03 08:16:23 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\Lexmark Imaging Studio
[2009/03/21 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\LimeWire
[2010/01/16 11:16:18 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\MyHeritage
[2008/04/18 13:29:03 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\PhotoStudio Expressions
[2008/06/20 18:51:50 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\Printer Info Cache
[2009/08/13 05:32:42 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\Sierra Wireless
[2008/04/04 21:46:08 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\Template
[2010/01/08 11:31:28 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2008/03/29 19:27:06 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\tmp
[2009/06/24 01:10:27 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\WeatherBug
[2009/12/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/10/31 20:59:59 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/02/18 00:41:21 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/18 10:10:21 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D3FC23C6-4D03-406F-A4E1-2B7E5C3DAE07}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A7A4D14E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:62E2D794
< End of report >


Last edited by raymegardner on Thu Feb 18, 2010 1:27 pm; edited 1 time in total (Reason for editing : doubl copied and pasted)

raymegardner
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-02-10
OS : Windows Vista

View user profile

Back to top Go down

Re: need help getting my hijack log

Post by raymegardner on Thu Feb 18, 2010 1:22 pm

Part II:

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 D3 0B A8 48 8C CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Fast Browser Search\IE\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2010/01/12 10:49:31 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Family Toolbar\mhxpcomi.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Fast Browser Search) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AT&T Dial Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe (AT&T)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FBSearch] C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [lxdjamon] C:\Program Files\Lexmark 1400 Series\lxdjamon.exe (Lexmark)
O4 - HKLM..\Run: [LXDJCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXDJtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [lxdjmon.exe] C:\Program Files\Lexmark 1400 Series\lxdjmon.exe File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [systray] C:\Program Files\Dell\Dell Mobile Broadband\systray.exe ()
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: verisign.com ([digitalid] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} [You must be registered and logged in to see this link.] (CSEQueryObject Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 71.9.127.107
O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Family Toolbar\mhxpcomi.dll ()
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rayme\Pictures\My Art\rayme's 247.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rayme\Pictures\My Art\rayme's 247.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6ebd2778-880d-11de-9e97-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6ebd2778-880d-11de-9e97-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{be321386-3a80-11dd-8b4d-001e4ce50c90}\Shell - "" = AutoRun
O33 - MountPoints2\{be321386-3a80-11dd-8b4d-001e4ce50c90}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/18 00:18:23 | 000,000,000 | ---D | C] -- C:\Users\Rayme\AppData\Local\Yahoo
[2010/02/18 00:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/02/18 00:10:07 | 000,000,000 | ---D | C] -- C:\Users\Rayme\AppData\Roaming\Yahoo!
[2010/02/18 00:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/02/18 00:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/02/10 15:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\FamilySearch
[2010/02/10 11:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/10 10:43:20 | 000,000,000 | ---D | C] -- C:\Users\Rayme\AppData\Roaming\Malwarebytes
[2010/02/10 10:43:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/10 10:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/10 10:43:13 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/10 10:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/10 08:17:18 | 000,000,000 | ---D | C] -- C:\Users\Rayme\.FamilySearchIndexing
[2010/02/10 08:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/02/10 08:14:35 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/02/10 08:14:35 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/02/10 08:14:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/02/10 08:14:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/02/10 03:32:35 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 03:32:35 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 03:32:26 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 03:32:23 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/10 03:32:21 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 03:32:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/01/31 17:09:02 | 000,000,000 | ---D | C] -- C:\Users\Rayme\AppData\Roaming\Apple Computer
[2010/01/31 17:09:02 | 000,000,000 | ---D | C] -- C:\Users\Rayme\AppData\Local\Apple Computer
[2010/01/31 17:08:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/01/31 17:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/22 08:04:33 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/22 08:04:32 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/22 08:04:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/22 08:04:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/22 08:04:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/22 08:04:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/22 08:04:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/22 08:04:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/22 08:04:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/22 08:04:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/22 08:04:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/22 08:04:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/22 08:04:27 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/22 08:04:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/20 13:39:09 | 000,016,496 | ---- | C] (HP) -- C:\Windows\System32\drivers\HPZipr12.sys
[2010/01/20 13:39:03 | 000,049,664 | ---- | C] (HP) -- C:\Windows\System32\drivers\HPZid412.sys
[2010/01/20 13:37:46 | 000,038,400 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpz3l054.dll
[2010/01/20 13:36:00 | 000,282,624 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\HPZc3212.dll
[2010/01/20 13:36:00 | 000,021,568 | ---- | C] (HP) -- C:\Windows\System32\drivers\HPZius12.sys
[2010/01/19 12:27:51 | 000,000,000 | R--D | C] -- C:\Users\Rayme\Documents\Scanned Documents
[2010/01/19 12:27:50 | 000,000,000 | ---D | C] -- C:\Users\Rayme\Documents\Fax
[2009/12/03 08:11:04 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdjinpa.dll
[2009/12/03 08:11:04 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdjiesc.dll
[2009/12/03 08:11:04 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxdjhcp.dll
[2009/12/03 08:11:03 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxdjserv.dll
[2009/12/03 08:11:03 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxdjusb1.dll
[2009/12/03 08:11:02 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdjpmui.dll
[2009/12/03 08:11:02 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdjprox.dll
[2009/12/03 08:11:02 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdjpplc.dll
[2009/12/03 08:11:01 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdjlmpm.dll
[2009/12/03 08:10:59 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxdjhbn3.dll
[2009/12/03 08:10:58 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxdjcomm.dll
[2009/12/03 08:10:57 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdjcomc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/18 10:12:54 | 010,223,616 | -HS- | M] () -- C:\Users\Rayme\ntuser.dat
[2010/02/18 10:10:21 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D3FC23C6-4D03-406F-A4E1-2B7E5C3DAE07}.job
[2010/02/18 10:07:52 | 000,019,842 | ---- | M] () -- C:\Users\Rayme\Documents\Prework.docx
[2010/02/18 09:50:32 | 000,002,517 | ---- | M] () -- C:\Users\Rayme\Desktop\HiJackThis.lnk
[2010/02/18 09:32:13 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/18 09:17:53 | 000,034,323 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/02/18 09:17:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/02/18 09:16:15 | 000,027,335 | ---- | M] () -- C:\Users\Rayme\AppData\Roaming\nvModes.001
[2010/02/18 09:14:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/18 09:14:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/18 09:14:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/18 09:14:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/18 09:14:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/18 09:14:25 | 2143,375,360 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/18 00:41:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/02/18 00:41:12 | 000,524,288 | -HS- | M] () -- C:\Users\Rayme\ntuser.dat{23666538-61ea-11de-90fb-001d09c4c910}.TMContainer00000000000000000001.regtrans-ms
[2010/02/18 00:41:12 | 000,065,536 | -HS- | M] () -- C:\Users\Rayme\ntuser.dat{23666538-61ea-11de-90fb-001d09c4c910}.TM.blf
[2010/02/18 00:40:58 | 002,097,265 | -H-- | M] () -- C:\Users\Rayme\AppData\Local\IconCache.db
[2010/02/18 00:10:25 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{d0a63fbf-1c63-11df-8f84-a9c8aca932eb}.TMContainer00000000000000000002.regtrans-ms
[2010/02/18 00:10:25 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{d0a63fbf-1c63-11df-8f84-a9c8aca932eb}.TMContainer00000000000000000001.regtrans-ms
[2010/02/18 00:10:25 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2010/02/18 00:10:25 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{d0a63fbf-1c63-11df-8f84-a9c8aca932eb}.TM.blf
[2010/02/18 00:09:52 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/02/17 09:40:11 | 000,019,236 | ---- | M] () -- C:\Users\Rayme\Documents\FAFSA on the Web Submission Confirmation.docx
[2010/02/16 17:37:03 | 000,126,976 | ---- | M] () -- C:\Users\Rayme\Documents\Genealogy Gardner.paf
[2010/02/16 17:37:02 | 000,010,443 | ---- | M] () -- C:\Users\Rayme\Documents\Genealogy Gardner.zip
[2010/02/16 17:19:18 | 000,010,240 | ---- | M] () -- C:\Users\Rayme\Documents\Robert Lee Gardner 1880 census.docx
[2010/02/16 16:22:15 | 000,289,479 | ---- | M] () -- C:\Users\Rayme\Documents\4163658_3019 Guver Gardner Douglas
[2010/02/16 16:19:32 | 000,000,053 | -H-- | M] () -- C:\Users\Rayme\Documents\.picasa.ini
[2010/02/16 15:57:59 | 000,286,351 | ---- | M] () -- C:\Users\Rayme\Documents\4166820_3431death sue b gardner
[2010/02/16 15:55:19 | 000,010,121 | ---- | M] () -- C:\Users\Rayme\Documents\Sue Bogard Gardner 1920 Census.docx
[2010/02/14 10:06:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null
[2010/02/11 16:32:50 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/02/10 15:19:34 | 000,001,797 | ---- | M] () -- C:\Users\Public\Desktop\PAF 5.lnk
[2010/02/10 12:41:15 | 000,001,906 | ---- | M] () -- C:\Users\Rayme\Desktop\FamilySearch Indexing.lnk
[2010/02/10 10:43:18 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/10 09:39:36 | 000,014,848 | ---- | M] () -- C:\Users\Rayme\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/10 08:14:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/02/10 08:14:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/02/10 08:14:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/02/10 08:14:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/02/09 16:41:22 | 000,019,116 | ---- | M] () -- C:\Users\Rayme\Documents\fasfapin.docx
[2010/02/09 16:31:40 | 000,062,189 | ---- | M] () -- C:\Users\Rayme\Documents\fasfa.docx
[2010/02/09 09:36:03 | 000,000,236 | ---- | M] () -- C:\Users\Rayme\jobq.dat
[2010/02/08 16:57:14 | 000,051,517 | ---- | M] () -- C:\Users\Rayme\Documents\TaxReturn2009.pdf
[2010/02/06 19:37:57 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/03 18:00:19 | 000,023,552 | ---- | M] () -- C:\Users\Rayme\Documents\Denksportaufgabe(%202)%20(2)(2)(1).xlsx
[2010/02/01 08:23:12 | 000,102,593 | ---- | M] () -- C:\Users\Rayme\Documents\worksearchlog.pdf
[2010/01/28 14:04:36 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/28 14:04:36 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/28 14:04:36 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/28 12:20:55 | 000,292,724 | ---- | M] () -- C:\Users\Rayme\Documents\Rayme R SHORT RESUME 2.pdf
[2010/01/27 13:50:10 | 000,038,028 | ---- | M] () -- C:\Users\Rayme\Documents\royce.docx
[2010/01/20 13:34:17 | 000,027,335 | ---- | M] () -- C:\Users\Rayme\AppData\Roaming\nvModes.dat
[2010/01/20 11:12:07 | 000,071,168 | ---- | M] () -- C:\Users\Rayme\Documents\Income and Asset Questionairewith instructions[1].doc
[2010/01/20 10:58:23 | 000,010,536 | ---- | M] () -- C:\Users\Rayme\Documents\Questions.docx
[2010/01/19 12:21:03 | 000,016,837 | ---- | M] () -- C:\Users\Rayme\Documents\Rayme R3.docx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/18 10:07:51 | 000,019,842 | ---- | C] () -- C:\Users\Rayme\Documents\Prework.docx
[2010/02/18 00:10:25 | 000,524,288 | -HS- | C] () -- C:\ntuser.dat{d0a63fbf-1c63-11df-8f84-a9c8aca932eb}.TMContainer00000000000000000002.regtrans-ms
[2010/02/18 00:10:25 | 000,524,288 | -HS- | C] () -- C:\ntuser.dat{d0a63fbf-1c63-11df-8f84-a9c8aca932eb}.TMContainer00000000000000000001.regtrans-ms
[2010/02/18 00:10:25 | 000,262,144 | ---- | C] () -- C:\ntuser.dat
[2010/02/18 00:10:25 | 000,065,536 | -HS- | C] () -- C:\ntuser.dat{d0a63fbf-1c63-11df-8f84-a9c8aca932eb}.TM.blf
[2010/02/18 00:09:52 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/02/17 09:40:10 | 000,019,236 | ---- | C] () -- C:\Users\Rayme\Documents\FAFSA on the Web Submission Confirmation.docx
[2010/02/16 17:19:18 | 000,010,240 | ---- | C] () -- C:\Users\Rayme\Documents\Robert Lee Gardner 1880 census.docx
[2010/02/16 16:22:15 | 000,289,479 | ---- | C] () -- C:\Users\Rayme\Documents\4163658_3019 Guver Gardner Douglas
[2010/02/16 16:19:32 | 000,000,053 | -H-- | C] () -- C:\Users\Rayme\Documents\.picasa.ini
[2010/02/16 15:57:59 | 000,286,351 | ---- | C] () -- C:\Users\Rayme\Documents\4166820_3431death sue b gardner
[2010/02/16 15:55:18 | 000,010,121 | ---- | C] () -- C:\Users\Rayme\Documents\Sue Bogard Gardner 1920 Census.docx
[2010/02/12 07:19:10 | 2143,375,360 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/10 15:30:28 | 000,010,443 | ---- | C] () -- C:\Users\Rayme\Documents\Genealogy Gardner.zip
[2010/02/10 15:22:36 | 000,126,976 | ---- | C] () -- C:\Users\Rayme\Documents\Genealogy Gardner.paf
[2010/02/10 15:19:34 | 000,001,797 | ---- | C] () -- C:\Users\Public\Desktop\PAF 5.lnk
[2010/02/10 12:41:15 | 000,001,906 | ---- | C] () -- C:\Users\Rayme\Desktop\FamilySearch Indexing.lnk
[2010/02/10 11:14:43 | 000,002,517 | ---- | C] () -- C:\Users\Rayme\Desktop\HiJackThis.lnk
[2010/02/10 10:43:18 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/09 16:41:21 | 000,019,116 | ---- | C] () -- C:\Users\Rayme\Documents\fasfapin.docx
[2010/02/09 16:31:39 | 000,062,189 | ---- | C] () -- C:\Users\Rayme\Documents\fasfa.docx
[2010/02/08 16:57:14 | 000,051,517 | ---- | C] () -- C:\Users\Rayme\Documents\TaxReturn2009.pdf
[2010/02/06 19:37:57 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/03 18:00:18 | 000,023,552 | ---- | C] () -- C:\Users\Rayme\Documents\Denksportaufgabe(%202)%20(2)(2)(1).xlsx
[2010/02/01 08:23:12 | 000,102,593 | ---- | C] () -- C:\Users\Rayme\Documents\worksearchlog.pdf
[2010/01/31 15:52:28 | 000,000,236 | ---- | C] () -- C:\Users\Rayme\jobq.dat
[2010/01/28 12:20:53 | 000,292,724 | ---- | C] () -- C:\Users\Rayme\Documents\Rayme R SHORT RESUME 2.pdf
[2010/01/27 13:50:09 | 000,038,028 | ---- | C] () -- C:\Users\Rayme\Documents\royce.docx
[2010/01/20 13:37:53 | 000,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll
[2010/01/20 13:20:29 | 000,000,331 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/01/20 11:12:06 | 000,071,168 | ---- | C] () -- C:\Users\Rayme\Documents\Income and Asset Questionairewith instructions[1].doc
[2010/01/20 10:58:22 | 000,010,536 | ---- | C] () -- C:\Users\Rayme\Documents\Questions.docx
[2010/01/19 12:21:02 | 000,016,837 | ---- | C] () -- C:\Users\Rayme\Documents\Rayme R3.docx
[2010/01/08 11:32:44 | 000,000,287 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2010/01/08 11:31:29 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2009/12/03 08:15:20 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdjcoin.dll
[2009/12/03 08:11:24 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdjrwrd.ini
[2009/12/03 08:11:04 | 000,286,720 | ---- | C] () -- C:\Windows\System32\lxdjinst.dll
[2009/12/03 08:10:59 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdjgrd.dll
[2009/09/26 00:38:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/12 13:06:17 | 000,000,001 | ---- | C] () -- C:\Windows\System32\PTLCDBAS.INI
[2009/07/12 13:06:17 | 000,000,001 | ---- | C] () -- C:\Windows\System32\INIVALUE.INI
[2009/03/28 09:09:30 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/03/28 09:04:55 | 000,000,078 | ---- | C] () -- C:\Windows\EPSNX200.ini
[2009/03/14 11:18:40 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/04/25 04:06:06 | 000,007,592 | ---- | C] () -- C:\Users\Rayme\AppData\Local\d3d9caps.dat
[2008/04/01 21:16:42 | 000,000,452 | ---- | C] () -- C:\Users\Rayme\AppData\Roaming\wklnhst.dat
[2008/03/29 11:46:51 | 000,027,335 | ---- | C] () -- C:\Users\Rayme\AppData\Roaming\nvModes.001
[2008/03/29 11:36:30 | 000,027,335 | ---- | C] () -- C:\Users\Rayme\AppData\Roaming\nvModes.dat
[2008/03/29 11:10:56 | 000,014,848 | ---- | C] () -- C:\Users\Rayme\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/21 10:28:55 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/21 02:58:50 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/21 02:54:50 | 000,000,859 | ---- | C] () -- C:\Windows\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/03/21 02:48:24 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/03/21 02:48:24 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/03/21 02:48:24 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008/03/21 02:44:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/04/03 13:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/11/03 14:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/18 06:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdjvs.dll
[2006/03/28 09:10:42 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2001/11/14 09:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2008/07/11 13:27:30 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\Image Zone Express
[2009/07/12 15:15:18 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\Individual Software
[2009/03/28 09:21:17 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\Leadertech
[2009/12/03 08:16:23 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\Lexmark Imaging Studio
[2009/03/21 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\LimeWire
[2010/01/16 11:16:18 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\MyHeritage
[2008/04/18 13:29:03 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\PhotoStudio Expressions
[2008/06/20 18:51:50 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\Printer Info Cache
[2009/08/13 05:32:42 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\Sierra Wireless
[2008/04/04 21:46:08 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\Template
[2010/01/08 11:31:28 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2008/03/29 19:27:06 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\tmp
[2009/06/24 01:10:27 | 000,000,000 | ---D | M] -- C:\Users\Rayme\AppData\Roaming\WeatherBug
[2009/12/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/10/31 20:59:59 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/02/18 00:41:21 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/18 10:10:21 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D3FC23C6-4D03-406F-A4E1-2B7E5C3DAE07}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A7A4D14E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:62E2D794
< End of report >

raymegardner
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-02-10
OS : Windows Vista

View user profile

Back to top Go down

Re: need help getting my hijack log

Post by raymegardner on Thu Feb 18, 2010 1:30 pm

here is the Extras.Txt Log you asked for...your the greatest by the WAY!

OTL Extras logfile created on: 2/18/2010 10:08:02 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Rayme\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.31 Gb Total Space | 153.02 Gb Free Space | 69.46% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.69 Gb Free Space | 56.92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 967.73 Mb Total Space | 961.55 Mb Free Space | 99.36% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAYME-PC
Current User Name: Rayme
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C3D084E-66AC-48E4-B8ED-E14A2DFCBBC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0F860A96-02B4-4485-B8A7-0E9AE63AD785}" = rport=139 | protocol=6 | dir=out | app=system |
"{109D21A2-2E78-4F0F-B2AC-FAF188964C50}" = rport=137 | protocol=17 | dir=out | app=system |
"{157B9E0E-105B-4D56-B315-5628E1BBE874}" = lport=10426 | protocol=17 | dir=in | name=singleclick icc |
"{15EE35FD-AF2B-4640-94F8-6CC0D2352CA0}" = lport=139 | protocol=6 | dir=in | app=system |
"{1617B074-D79F-4734-9B4F-4C48E5D48B31}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{170A169D-9AE9-45BF-A160-252569515B9A}" = lport=137 | protocol=17 | dir=in | app=system |
"{20E1EFF5-E773-4BC8-9843-3168F47B17BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{2B2E3ABA-DA5E-40B9-BFE5-69A27792A174}" = lport=138 | protocol=17 | dir=in | name=netbios datagram service |
"{36D520C8-0440-471B-8A1D-DBAAF4BCC7A0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F4F5FE0-7169-42EF-A5AB-FD5683BD17CF}" = lport=445 | protocol=6 | dir=in | name=microsoft directory services |
"{42898FD0-9531-47B8-B2A1-D32D642AD780}" = rport=445 | protocol=6 | dir=out | app=system |
"{42AB932A-35BF-46B1-BCF0-6FC224909298}" = lport=138 | protocol=17 | dir=in | app=system |
"{44D857C3-D570-47A5-889F-509268667ECF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47EA35DE-90C9-40FD-A914-E07B839B01AA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{58C18304-8410-423C-A032-87C5B2F9E4D7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{596136B2-DDBF-41A5-850F-4FD62D8A727A}" = lport=137 | protocol=17 | dir=in | name=netbios name service |
"{5A9CD684-6B2B-4F16-8459-25742E195087}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{991FBA80-8CB3-41CB-B0AB-FEEE2B0DB570}" = lport=445 | protocol=6 | dir=in | app=system |
"{A52B93F6-F4D7-4150-B3C2-DBB003F16B12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AEC18C1F-4599-49E6-A8F6-B1FE54888E2C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B25F9A05-2E5F-4DF3-BF2A-FE1B8E9DDC1C}" = lport=10421 | protocol=17 | dir=in | name=singleclick discovery protocol |
"{C698B188-374A-40A4-95FE-12FD55817D33}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CACA8F6B-7AF3-4B46-B3BC-38E88CA0CF45}" = lport=139 | protocol=6 | dir=in | name=netbios file/printer sharing |
"{CB5B1C2F-492D-4DD9-9F61-8545C2012118}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{E17296DB-C7B5-4EBB-98E9-93ACDD564F99}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E40006FF-92FB-43FF-9EED-C5DDA3C72CB8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F377C7EA-C84D-4C6E-88FF-819007765CC3}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006A91E1-7DC1-4425-814D-5AAEC0A2802F}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{0E0CA9CD-FE7E-407F-A04F-57EC575C7B7F}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{1C7CE936-5E76-4F14-AAF9-6C1685A93505}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjtime.exe |
"{1DF5EDA2-0F13-422B-B82A-B9F812A41E98}" = protocol=17 | dir=in | app=c:\program files\lexmark 1400 series\app4r.exe |
"{204D49A5-0528-4D14-ADE1-0A501981F0A9}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{25EA4DF3-C26A-4DA9-8155-AB19C2A6E11B}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{283AC482-B6AE-4E87-B51C-CA5D317B300D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{29245761-F5E1-446D-B9D1-03FAF59FE1BD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2A59DA80-D804-4991-BDF9-5AFCFEC040F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2C4C7037-443A-4A6D-BCC5-2B429E325AB0}" = protocol=6 | dir=in | app=c:\program files\dogpile toolbar\toolbarupdate.exe |
"{2F9474DA-38DA-4FB0-B213-8C111982143B}" = protocol=17 | dir=in | app=c:\program files\dogpile toolbar\toolbarupdate.exe |
"{349942B8-B668-4CCF-A211-3F28CDC05A57}" = protocol=6 | dir=out | app=system |
"{3598A165-C1E9-405B-92C2-83BC2CDFA859}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjpswx.exe |
"{373D9313-8F64-41C0-BE3E-B69B277CC522}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{4131EAC0-8943-469E-81B1-BBE17F080B6E}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{4189D95B-67DA-4EFA-BE41-60F811E4781E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjtime.exe |
"{41ADD290-9710-4504-8BBA-A9B36B1D1102}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B99213E-B8DC-458A-9B95-54A1A3E4DF40}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{4C78E39A-C4BC-4DDB-AA70-518C87782876}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjjswx.exe |
"{4D488405-D1D6-497D-836C-CCA0FD79AFDF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjpswx.exe |
"{4E45C785-90AF-4508-9526-1294B75A4894}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58C2AC01-D345-44BC-B3B6-901722F6EC0A}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{59AD4C89-BA15-4D92-BF6E-1064CAD84258}" = protocol=6 | dir=in | app=c:\program files\dogpile toolbar\troubleshooter.exe |
"{62625E7B-370F-47DA-97B8-3CD9D58E850A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{691F0F4C-BF6F-42FC-B51E-D71029B1E8B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{758D855A-C513-4350-97C7-7F1CD6983CBE}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{7657A07B-E9AD-4E04-8A30-8B43E158707F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjtime.exe |
"{76D80039-8436-4BD5-9253-F2A949FA2C3C}" = protocol=17 | dir=in | app=c:\program files\dogpile toolbar\troubleshooter.exe |
"{79545EC3-CB7D-436F-9F0C-0185889C0E07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7AAC0D12-1BD8-42A0-A8F3-7D226F6C5045}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjpswx.exe |
"{84C5C0B1-CC9A-42F5-AD1E-BB16B1CA5890}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8570E287-A907-4559-B06B-A16930C9AF12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B9CF83C-3FA2-4A41-B689-5746A0577195}" = protocol=17 | dir=in | app=c:\program files\lexmark 1400 series\lxdjamon.exe |
"{927EA828-C5B5-4B8F-922B-6EF608E14675}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{987A9A54-D6FD-498B-B5E6-5B1D87D74F88}" = protocol=6 | dir=in | app=c:\users\rayme\appdata\local\temp\lxdj\wireless\english\lxdjwpss.exe |
"{9E9472C6-74F5-4454-BDBE-C40C7A9E94E3}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjjswx.exe |
"{A185BEAE-3FC2-4E49-8495-1538965F3CF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A33E451A-2E8D-47DB-844F-5FF803D6C7CA}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{ABD5F730-7A41-40DE-82B3-62A739185738}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B0EF4BFC-E5DC-419F-B440-303C2FAAE4C1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B8936B93-DE50-4EFE-A2ED-6AE6B53EF187}" = protocol=17 | dir=in | app=c:\users\rayme\appdata\local\temp\lxdj\wireless\english\lxdjwpss.exe |
"{BA3AECFB-AE94-4798-8FF5-435724A124C5}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{BD165728-6BE2-462E-8638-0A01DB7E140B}" = protocol=6 | dir=in | app=c:\program files\dell network assistant\ezi_hnm2.exe |
"{BE58FB2D-B895-465C-84C7-DAA0E4947F4A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjpswx.exe |
"{C32EB74C-34D2-4DF5-9C58-302499CF0D77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA6BCBD5-A729-447D-8C82-65BBADB38A1D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjjswx.exe |
"{D28144A3-AD40-4CEF-AA26-47DA884EA203}" = protocol=17 | dir=in | app=c:\program files\dell network assistant\ezi_hnm2.exe |
"{D78C2B36-D8A4-4FDD-8EEE-DEA2DB030637}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{D7B3EA94-406D-4B04-B366-4B77B1DD7B1A}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{DCBC1532-ABE1-4C30-9333-AACBBC65B183}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjjswx.exe |
"{E261C787-CC8E-4EE5-AC88-A6141BCF2BE2}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjtime.exe |
"{E40CE824-2623-4F8E-BA31-1C8880D4C69C}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{E46D8EA7-D4B4-4694-841B-FEB3ADC81E61}" = protocol=6 | dir=in | app=c:\program files\lexmark 1400 series\lxdjamon.exe |
"{E76ECD12-D89D-4411-8F86-BFFE0C12F105}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{EA60157F-3DA4-4452-9F33-DFC5998D42F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F27CEC48-46FF-470D-80EC-9F38A7D31487}" = protocol=6 | dir=in | app=c:\program files\lexmark 1400 series\app4r.exe |
"TCP Query User{675667EE-186F-4A04-9915-264A90416AA9}C:\program files\lexmark 1400 series\lxdjamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 1400 series\lxdjamon.exe |
"TCP Query User{7D01A51F-2B1B-45B1-A665-A07D9E961368}C:\program files\dell network assistant\ezi_hnm2.exe" = protocol=6 | dir=in | app=c:\program files\dell network assistant\ezi_hnm2.exe |
"TCP Query User{95A1DDC9-AE84-46FA-8B68-880584EF9736}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{C172D320-76E3-453D-860D-0AFD36E8009B}C:\program files\lexmark 1400 series\app4r.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 1400 series\app4r.exe |
"UDP Query User{342E18DC-623D-48F1-8D1D-1BBC818212F8}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{793C542A-8A19-4FFE-9F47-B3BBB89E8528}C:\program files\dell network assistant\ezi_hnm2.exe" = protocol=17 | dir=in | app=c:\program files\dell network assistant\ezi_hnm2.exe |
"UDP Query User{DA7ADF27-DF41-4CAC-964F-8CD99B3B864C}C:\program files\lexmark 1400 series\app4r.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 1400 series\app4r.exe |
"UDP Query User{FE0B37D2-1CDB-4797-8B1E-A6A39A202621}C:\program files\lexmark 1400 series\lxdjamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 1400 series\lxdjamon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1D1977A9-2FDC-4E83-BE82-3478256342D4}" = AT&T Dial Connection Manager
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63CFD835-FF50-4F8B-91CD-5662A8C640F8}" = Photo Transport
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJSTDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJSTDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTDR_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJSTDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C78E63CF-EB82-4AB4-A0A6-A7DB3FE9CD46}" = Dell Mobile Broadband Card Utility
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DAD36D74-C78A-4753-84DB-13FBB4FEA65C}" = PhotoStudio Expressions
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"EPSON Scanner" = EPSON Scan
"EPSON Stylus NX200 Series" = EPSON Stylus NX200 Series Printer Uninstall
"Family Toolbar" = Family Toolbar
"Family Tree Builder" = MyHeritage Family Tree Builder
"Fast Browser SearchP" = Fast Browser Search Protection
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Landscape Design and Construction" = Landscape Design and Construction
"Lexmark 1400 Series" = Lexmark 1400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Viewer" = Photo Viewer 2.4
"Picasa 3" = Picasa 3
"PRJSTDR" = Microsoft Office Project Standard 2007
"Silent Package Run-Time Sample" = EPSON NX200 User's Guide
"STANDARDR" = Microsoft Office Standard 2007
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"Total 3D Home, Landscape, and Deck" = Total 3D Home, Landscape, and Deck
"WeatherBug" = WeatherBug
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FamilySearch Indexing" = FamilySearch Indexing
"Move Media Player" = Move Media Player
"Uninstall FamilySearch Indexing" = Uninstall FamilySearch Indexing

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/11/2010 2:22:40 AM | Computer Name = Rayme-PC | Source = Application Error | ID = 1000
Description = Faulting application MyHeritage.exe, version 4.0.0.916, time stamp
0x4aeea42f, faulting module MyHeritage.exe, version 4.0.0.916, time stamp 0x4aeea42f,
exception code 0xc0000005, fault offset 0x002fd5a8, process id 0x1bac, application
start time 0x01caaaccd2186f87.

Error - 2/11/2010 2:45:15 AM | Computer Name = Rayme-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18882 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 19e8 Start Time: 01caaae55ebdc267 Termination Time: 0

Error - 2/11/2010 10:26:25 PM | Computer Name = Rayme-PC | Source = Perflib | ID = 1010
Description =

Error - 2/11/2010 10:26:26 PM | Computer Name = Rayme-PC | Source = Perflib | ID = 1008
Description =

Error - 2/12/2010 1:23:32 AM | Computer Name = Rayme-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\QuickTime\QuickTimePlayer.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/12/2010 1:23:35 AM | Computer Name = Rayme-PC | Source = EventSystem | ID = 4609
Description =

Error - 2/12/2010 11:19:53 AM | Computer Name = Rayme-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\QuickTime\QuickTimePlayer.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/12/2010 3:19:18 PM | Computer Name = Rayme-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module SHELL32.dll, version 6.0.6002.18005, time stamp 0x49e037ec,
exception code 0xc0000005, fault offset 0x00091d8b, process id 0x1250, application
start time 0x01caabf737c65039.

Error - 2/12/2010 3:19:21 PM | Computer Name = Rayme-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x000675ff, process id 0x1250, application
start time 0x01caabf737c65039.

Error - 2/12/2010 6:17:04 PM | Computer Name = Rayme-PC | Source = Application Hang | ID = 1002
Description = The program Picasa3.exe version 3.6.95.25 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 155c Start Time: 01caac3109f35f03 Termination Time: 5

[ Broadcom Wireless LAN Events ]
Error - 1/17/2010 7:29:45 PM | Computer Name = Rayme-PC | Source = WLAN-Tray | ID = 0
Description = 15:29:45, Sun, Jan 17, 10 Error - Unable to gain access to user store


Error - 1/18/2010 1:04:01 PM | Computer Name = RAYME-PC | Source = WLAN-Tray | ID = 0
Description = 09:04:01, Mon, Jan 18, 10 Error - Unable to gain access to user store


Error - 1/19/2010 3:21:36 AM | Computer Name = RAYME-PC | Source = WLAN-Tray | ID = 0
Description = 23:21:36, Mon, Jan 18, 10 Error - Unable to gain access to user store


Error - 1/21/2010 4:35:19 PM | Computer Name = Rayme-PC | Source = WLAN-Tray | ID = 0
Description = 12:35:19, Thu, Jan 21, 10 Error - Unable to gain access to user store


Error - 1/22/2010 11:47:33 AM | Computer Name = RAYME-PC | Source = WLAN-Tray | ID = 0
Description = 07:47:32, Fri, Jan 22, 10 Error - Unable to gain access to user store


Error - 1/26/2010 10:29:07 PM | Computer Name = Rayme-PC | Source = WLAN-Tray | ID = 0
Description = 18:29:07, Tue, Jan 26, 10 Error - Unable to gain access to user store


Error - 2/10/2010 3:52:49 PM | Computer Name = RAYME-PC | Source = WLAN-Tray | ID = 0
Description = 11:52:49, Wed, Feb 10, 10 Error - Unable to gain access to user store


Error - 2/12/2010 11:19:22 AM | Computer Name = Rayme-PC | Source = WLAN-Tray | ID = 0
Description = 07:19:22, Fri, Feb 12, 10 Error - Unable to gain access to user store


Error - 2/15/2010 7:37:11 PM | Computer Name = Rayme-PC | Source = WLAN-Tray | ID = 0
Description = 15:37:11, Mon, Feb 15, 10 Error - Unable to gain access to user store


Error - 2/17/2010 11:05:38 PM | Computer Name = Rayme-PC | Source = WLAN-Tray | ID = 0
Description = 19:05:38, Wed, Feb 17, 10 Error - Unable to gain access to user store


[ System Events ]
Error - 10/30/2008 7:17:47 PM | Computer Name = Rayme-PC | Source = netbt | ID = 4321
Description = The name "MRSBEE :0" could not be registered on the interface
with IP address 192.168.1.101. The computer with the IP address 192.168.1.46 did
not allow the name to be claimed by this computer.

Error - 10/30/2008 7:41:35 PM | Computer Name = Rayme-PC | Source = netbt | ID = 4321
Description = The name "MRSBEE :0" could not be registered on the interface
with IP address 192.168.1.101. The computer with the IP address 192.168.1.46 did
not allow the name to be claimed by this computer.

Error - 10/30/2008 8:05:23 PM | Computer Name = Rayme-PC | Source = netbt | ID = 4321
Description = The name "MRSBEE :0" could not be registered on the interface
with IP address 192.168.1.101. The computer with the IP address 192.168.1.46 did
not allow the name to be claimed by this computer.

Error - 11/3/2008 8:48:25 PM | Computer Name = Rayme-PC | Source = HTTP | ID = 15016
Description =

Error - 11/3/2008 8:52:51 PM | Computer Name = Rayme-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 76.30.178.122 for the Network Card with network
address 001D09C4C910 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 11/3/2008 8:53:39 PM | Computer Name = Rayme-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.10
on the Network Card with network address 001D09C4C910.

Error - 11/5/2008 6:57:22 AM | Computer Name = Rayme-PC | Source = HTTP | ID = 15016
Description =

Error - 11/5/2008 6:58:25 AM | Computer Name = Rayme-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001F3A56F1A0. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 11/5/2008 7:08:46 AM | Computer Name = Rayme-PC | Source = bowser | ID = 8003
Description =

Error - 11/6/2008 10:03:29 PM | Computer Name = Rayme-PC | Source = HTTP | ID = 15016
Description =


< End of report >

raymegardner
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-02-10
OS : Windows Vista

View user profile

Back to top Go down

Re: need help getting my hijack log

Post by Belahzur on Thu Feb 18, 2010 2:48 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
    O3 - HKLM\..\Toolbar: (Fast Browser Search) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [FBSearch] C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe ()

    :files
    C:\Program Files\Fast Browser Search


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: need help getting my hijack log

Post by raymegardner on Thu Feb 18, 2010 4:32 pm

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ deleted successfully.
File C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
File C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FBSearch deleted successfully.
C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe moved successfully.
========== FILES ==========
C:\Program Files\Fast Browser Search\IE folder moved successfully.
C:\Program Files\Fast Browser Search folder moved successfully.

OTL by OldTimer - Version 3.1.28.0 log created on 02182010_133036

raymegardner
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-02-10
OS : Windows Vista

View user profile

Back to top Go down

Re: need help getting my hijack log

Post by Belahzur on Thu Feb 18, 2010 5:13 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum