Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser Redirects and I Can't Update Malwarebytes

Started by maisonvivante , Aug 05 2010 07:31 PM

  • This topic is locked This topic is locked

#1
maisonvivante
Posted 05 August 2010 - 07:31 PM

maisonvivante

    Member

  • Member
  • PipPip
  • 10 posts
Hello--

I tried; I really did, but I can't get through the guide. I know we're not supposed to post until we do all those steps, but things aren't working for me.

My browser is getting redirected, mostly in yahoo and google searches. And facebook, imdb, yahoo, etc. aren't being found lots of times. So there is something going on.

I did everything up to installing malwarebytes update, but I wasn't able to. I get that "MBAM Error Updating" message.

So I ran the quick scan and no malware was found.

I went on to the next step, but when I try to open the gmer file, I get a message that says "The system cannot find the file specified."

So I gave up and am posting here, hoping someone will take pity on me for my ignorance. I'm pretty good at following step-by-step instructions, but not this time, unfortunately.
  • 0

Advertisements

#2
Rorschach112
Posted 06 August 2010 - 07:07 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#3
maisonvivante
Posted 06 August 2010 - 07:30 AM

maisonvivante

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I'm sorry, I should have been more clear.

The very first thing I did was follow all the instructions that were just posted for getting rid of google redirects.

The TDSS killer found nothing wrong, but the redirect problem persists.

After that, I tried to do the Spyware Removal Guide, and got hung up on trying to update Malwarebytes and open that GMER program.

(I just ran a fresh scan and am posting the file)

2010/08/06 06:45:23.0094 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/06 06:45:23.0094 ================================================================================
2010/08/06 06:45:23.0094 SystemInfo:
2010/08/06 06:45:23.0094
2010/08/06 06:45:23.0094 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/06 06:45:23.0094 Product type: Workstation
2010/08/06 06:45:23.0094 ComputerName: NATALIE-PC
2010/08/06 06:45:23.0094 UserName: natalie
2010/08/06 06:45:23.0094 Windows directory: C:\Windows
2010/08/06 06:45:23.0094 System windows directory: C:\Windows
2010/08/06 06:45:23.0094 Running under WOW64
2010/08/06 06:45:23.0095 Processor architecture: Intel x64
2010/08/06 06:45:23.0095 Number of processors: 8
2010/08/06 06:45:23.0095 Page size: 0x1000
2010/08/06 06:45:23.0095 Boot type: Normal boot
2010/08/06 06:45:23.0095 ================================================================================
2010/08/06 06:45:23.0095 Utility is running under WOW64, functionality is limited.
2010/08/06 06:45:23.0326 Initialize success
2010/08/06 06:45:24.0822 ================================================================================
2010/08/06 06:45:24.0822 Scan started
2010/08/06 06:45:24.0822 Mode: Manual;
2010/08/06 06:45:24.0822 ================================================================================
2010/08/06 06:45:24.0994 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/06 06:45:25.0036 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/08/06 06:45:25.0083 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/08/06 06:45:25.0126 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/06 06:45:25.0185 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/08/06 06:45:25.0214 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/08/06 06:45:25.0299 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/08/06 06:45:25.0332 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/08/06 06:45:25.0386 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/08/06 06:45:25.0434 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/08/06 06:45:25.0460 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/06 06:45:25.0484 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/08/06 06:45:25.0510 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/08/06 06:45:25.0533 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/06 06:45:25.0564 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/08/06 06:45:25.0611 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/08/06 06:45:25.0671 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/08/06 06:45:25.0691 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/08/06 06:45:25.0770 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/06 06:45:25.0812 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/08/06 06:45:25.0871 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
2010/08/06 06:45:25.0936 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2010/08/06 06:45:26.0060 atikmdag (37456be85384e4cc38dc899f07f88c45) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/08/06 06:45:26.0199 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/08/06 06:45:26.0244 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/08/06 06:45:26.0302 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/08/06 06:45:26.0401 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/06 06:45:26.0450 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/06 06:45:26.0492 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/06 06:45:26.0515 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/06 06:45:26.0560 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/08/06 06:45:26.0586 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/06 06:45:26.0610 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/06 06:45:26.0630 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/06 06:45:26.0663 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/06 06:45:26.0723 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/06 06:45:26.0765 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/06 06:45:26.0834 cfwids (3b8a124d87ee9d229d1f07f518da9a4c) C:\Windows\system32\drivers\cfwids.sys
2010/08/06 06:45:26.0859 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/08/06 06:45:26.0900 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/08/06 06:45:26.0972 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/06 06:45:27.0001 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/08/06 06:45:27.0042 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/08/06 06:45:27.0079 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/06 06:45:27.0116 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/06 06:45:27.0158 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/06 06:45:27.0268 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/08/06 06:45:27.0323 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/08/06 06:45:27.0366 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/08/06 06:45:27.0490 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/08/06 06:45:27.0554 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/06 06:45:27.0665 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/08/06 06:45:27.0771 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/08/06 06:45:27.0797 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/08/06 06:45:27.0869 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/08/06 06:45:27.0897 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/08/06 06:45:27.0935 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/06 06:45:28.0003 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/08/06 06:45:28.0046 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/08/06 06:45:28.0085 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/06 06:45:28.0114 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/08/06 06:45:28.0182 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/08/06 06:45:28.0222 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/06 06:45:28.0301 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/06 06:45:28.0332 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/06 06:45:28.0401 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/08/06 06:45:28.0432 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/06 06:45:28.0472 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2010/08/06 06:45:28.0497 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/06 06:45:28.0523 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/06 06:45:28.0548 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/08/06 06:45:28.0605 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/06 06:45:28.0694 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/06 06:45:28.0737 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/08/06 06:45:28.0772 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/08/06 06:45:28.0796 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/06 06:45:28.0845 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
2010/08/06 06:45:28.0930 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/06 06:45:28.0975 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/08/06 06:45:29.0074 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys
2010/08/06 06:45:29.0111 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
2010/08/06 06:45:29.0152 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/06 06:45:29.0184 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/06 06:45:29.0253 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/06 06:45:29.0297 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/06 06:45:29.0325 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/08/06 06:45:29.0361 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/08/06 06:45:29.0384 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/08/06 06:45:29.0420 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/06 06:45:29.0472 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
2010/08/06 06:45:29.0505 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/06 06:45:29.0540 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/06 06:45:29.0589 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/06 06:45:29.0635 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/08/06 06:45:29.0675 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/08/06 06:45:29.0783 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/06 06:45:29.0872 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/06 06:45:29.0900 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/06 06:45:29.0925 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/06 06:45:29.0953 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/06 06:45:29.0983 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/08/06 06:45:30.0172 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/08/06 06:45:30.0199 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/06 06:45:30.0244 mfeapfk (0d8a2ccd9fb7a18114ffa13bb681f362) C:\Windows\system32\drivers\mfeapfk.sys
2010/08/06 06:45:30.0278 mfeavfk (58e891f01db2b41ef1a1296fe63ed74c) C:\Windows\system32\drivers\mfeavfk.sys
2010/08/06 06:45:30.0397 mfefirek (74c4bf6c59a8a900c25ee892d3771f73) C:\Windows\system32\drivers\mfefirek.sys
2010/08/06 06:45:30.0456 mfehidk (bcd060ddc1ea7d2f84e75d17c8e2c88c) C:\Windows\system32\drivers\mfehidk.sys
2010/08/06 06:45:30.0492 mfenlfk (27f5b2b6261d018cbce0f2250d812be5) C:\Windows\system32\DRIVERS\mfenlfk.sys
2010/08/06 06:45:30.0528 mferkdet (537d31cf8d41222be5bfa56a5ec35ceb) C:\Windows\system32\drivers\mferkdet.sys
2010/08/06 06:45:30.0589 mfewfpk (5c07cb165074c6114616d8473cdd0938) C:\Windows\system32\drivers\mfewfpk.sys
2010/08/06 06:45:30.0636 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/08/06 06:45:30.0667 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/06 06:45:30.0729 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/06 06:45:30.0772 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/06 06:45:30.0800 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/08/06 06:45:30.0828 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/08/06 06:45:30.0879 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/06 06:45:30.0925 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/08/06 06:45:30.0972 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/06 06:45:31.0012 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/06 06:45:31.0048 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/06 06:45:31.0092 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
2010/08/06 06:45:31.0129 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/08/06 06:45:31.0189 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/08/06 06:45:31.0233 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/08/06 06:45:31.0269 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/06 06:45:31.0364 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/06 06:45:31.0389 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/06 06:45:31.0414 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/08/06 06:45:31.0450 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/08/06 06:45:31.0495 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/06 06:45:31.0523 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/08/06 06:45:31.0547 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/06 06:45:31.0592 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/08/06 06:45:31.0668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/06 06:45:31.0711 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/08/06 06:45:31.0750 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/06 06:45:31.0795 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/06 06:45:31.0827 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/06 06:45:31.0865 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/06 06:45:31.0898 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/08/06 06:45:31.0941 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/06 06:45:31.0980 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/06 06:45:32.0093 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/06 06:45:32.0142 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/08/06 06:45:32.0194 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/06 06:45:32.0263 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/08/06 06:45:32.0307 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/08/06 06:45:32.0352 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/08/06 06:45:32.0380 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/08/06 06:45:32.0413 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/06 06:45:32.0478 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/06 06:45:32.0591 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/08/06 06:45:32.0635 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/08/06 06:45:32.0694 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/08/06 06:45:32.0742 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/08/06 06:45:32.0776 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/06 06:45:32.0810 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/08/06 06:45:32.0853 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/08/06 06:45:33.0055 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/06 06:45:33.0078 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/08/06 06:45:33.0159 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/06 06:45:33.0206 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/08/06 06:45:33.0270 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/08/06 06:45:33.0304 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/06 06:45:33.0354 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/06 06:45:33.0392 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/06 06:45:33.0421 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/06 06:45:33.0480 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/06 06:45:33.0532 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/06 06:45:33.0577 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/06 06:45:33.0613 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/06 06:45:33.0651 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/06 06:45:33.0689 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/06 06:45:33.0739 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/06 06:45:33.0798 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/08/06 06:45:33.0828 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/08/06 06:45:33.0868 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/08/06 06:45:34.0074 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/06 06:45:34.0153 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/06 06:45:34.0212 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/08/06 06:45:34.0323 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/08/06 06:45:34.0414 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/06 06:45:34.0443 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/08/06 06:45:34.0466 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/08/06 06:45:34.0556 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/06 06:45:34.0577 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/06 06:45:34.0604 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/06 06:45:34.0631 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/06 06:45:34.0702 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/06 06:45:34.0738 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/06 06:45:34.0764 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/08/06 06:45:34.0826 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/08/06 06:45:34.0957 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys
2010/08/06 06:45:35.0002 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/06 06:45:35.0044 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/06 06:45:35.0123 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/08/06 06:45:35.0189 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/06 06:45:35.0349 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2010/08/06 06:45:35.0415 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/06 06:45:35.0484 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/06 06:45:35.0537 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/08/06 06:45:35.0570 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/08/06 06:45:35.0609 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/06 06:45:35.0649 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/06 06:45:35.0806 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/06 06:45:35.0843 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/06 06:45:35.0886 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/08/06 06:45:35.0929 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/06 06:45:35.0992 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/06 06:45:36.0026 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/06 06:45:36.0063 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/06 06:45:36.0120 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/06 06:45:36.0156 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/08/06 06:45:36.0206 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/06 06:45:36.0244 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/06 06:45:36.0283 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/06 06:45:36.0319 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/06 06:45:36.0365 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/06 06:45:36.0408 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/06 06:45:36.0496 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/06 06:45:36.0549 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/06 06:45:36.0586 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/08/06 06:45:36.0619 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/06 06:45:36.0686 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/08/06 06:45:36.0719 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/08/06 06:45:36.0773 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/08/06 06:45:36.0806 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/08/06 06:45:36.0847 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/06 06:45:36.0916 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/08/06 06:45:36.0962 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/08/06 06:45:37.0025 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/08/06 06:45:37.0067 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/06 06:45:37.0090 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/06 06:45:37.0215 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/08/06 06:45:37.0261 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/06 06:45:37.0411 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/06 06:45:37.0456 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/08/06 06:45:37.0618 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/06 06:45:37.0741 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/06 06:45:37.0862 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
2010/08/06 06:45:37.0907 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/06 06:45:38.0013 ================================================================================
2010/08/06 06:45:38.0013 Scan finished
2010/08/06 06:45:38.0013 ================================================================================

Edited by maisonvivante, 06 August 2010 - 07:47 AM.

  • 0

#4
Rorschach112
Posted 06 August 2010 - 08:04 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
no worries


Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#5
maisonvivante
Posted 06 August 2010 - 08:26 AM

maisonvivante

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi, I have Windows 7, and the message I get when I try to open ComboFix is, "Incompatible OS. ComboFix only works for workstations with Windows 2000 and XP.
  • 0

#6
Rorschach112
Posted 06 August 2010 - 08:30 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.*
    %systemroot%\*. /mp /s
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.exe
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Update\*.*
    CREATERESTOREPOINT
    %PROGRAMFILES%\*.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    set /c


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

  • 0

#7
maisonvivante
Posted 06 August 2010 - 08:42 AM

maisonvivante

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The Extras file didn't open, nor does it seem to be saved with the other file and program. So here is only the OTL logfile. If there is somewhere else I need to look for the Extras file in, please let me know.

OTL logfile created on: 8/6/2010 7:33:03 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\natalie\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 81.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.92 Gb Total Space | 655.70 Gb Free Space | 95.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 111.79 Gb Total Space | 59.02 Gb Free Space | 52.80% Space Free | Partition Type: NTFS

Computer Name: NATALIE-PC
Current User Name: natalie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/06 07:31:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\natalie\Downloads\OTL.exe
PRC - [2010/07/27 11:35:26 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/07/22 15:02:16 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\natalie\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/10/02 11:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 11:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/06/24 18:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/20 12:56:28 | 000,031,232 | ---- | M] (NirSoft) -- C:\32788R22FWJFW\NirCmd.cfxxe
PRC - [2009/01/14 15:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/09 16:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
PRC - [2008/12/09 16:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2008/05/15 15:26:02 | 000,095,536 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe


========== Modules (SafeList) ==========

MOD - [2010/08/06 07:31:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\natalie\Downloads\OTL.exe
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/31 18:32:58 | 000,244,840 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/05/31 18:32:58 | 000,199,032 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/05/31 18:32:58 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/04/15 07:45:10 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/03/10 08:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 08:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 08:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 08:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 08:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 08:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/12/10 15:15:04 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/07/02 03:52:59 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/02 03:42:13 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/10/02 11:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/06/26 09:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/14 15:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/09 16:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 16:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\RxFilter.sys -- (RxFilter)
DRV:64bit: - [2010/05/31 18:32:58 | 000,528,616 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/05/31 18:32:58 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/05/31 18:32:58 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/05/31 18:32:58 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/05/31 18:32:58 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/05/31 18:32:58 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/05/31 18:32:58 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/05/31 18:32:58 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/12/10 17:40:28 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/10/02 13:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/30 23:34:00 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/26 08:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/06 05:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 16:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV - [2009/06/26 08:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/27 11:35:52 | 000,000,000 | ---D | M]

[2010/07/26 13:31:52 | 000,000,000 | ---D | M] -- C:\Users\natalie\AppData\Roaming\Mozilla\Firefox\extensions
[2010/07/26 13:31:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\natalie\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2010/08/06 06:11:29 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100725225701.dll (McAfee, Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100725225701.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\system32\EptMon64.DLL File not found
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\THXCfg64.DLL File not found
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Users\natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.40 213.109.75.90 1.1.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfevtp - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {96C11A15-E1CE-5B38-454B-9D1F3B87DA9B} - Browser Customizations
ActiveX: {A047D090-6F9F-E552-B1EB-0126F53F57AA} - Offline Browsing Pack
ActiveX: {A807C845-034B-025E-152A-4A76FA2C6258} - Themes Setup
ActiveX: {C7B8A612-84A3-8F76-ACC0-97DB3148F222} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/06 07:23:26 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/06 06:14:59 | 000,000,000 | ---D | C] -- C:\Users\natalie\Desktop\GooredFix Backups
[2010/08/06 06:11:28 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/08/05 18:06:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/05 18:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/05 18:02:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/05 18:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/05 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Roaming\Malwarebytes
[2010/08/05 17:04:24 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/05 17:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/04 15:07:42 | 001,196,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\natalie\Desktop\TDSSKiller.exe
[2010/08/04 09:37:20 | 000,000,000 | ---D | C] -- C:\Users\natalie\.gimp-2.2
[2010/08/04 09:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMPshop
[2010/07/29 10:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2010/07/27 16:19:51 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Local\OLYMPUS
[2010/07/27 16:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/07/27 16:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/07/27 16:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OLYMPUS
[2010/07/27 11:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/07/27 11:35:28 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/07/27 11:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010/07/27 11:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/07/27 11:35:25 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Roaming\Real
[2010/07/27 11:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/07/27 01:20:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/07/27 01:20:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/07/27 01:02:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/07/26 19:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/07/26 19:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/07/26 19:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/07/26 19:25:24 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Local\Adobe
[2010/07/26 17:36:19 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Local\Google
[2010/07/26 17:36:04 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Local\Deployment
[2010/07/26 17:36:04 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Local\Apps
[2010/07/26 13:40:35 | 000,000,000 | ---D | C] -- C:\Users\natalie\Documents\Azureus Downloads
[2010/07/26 13:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2010/07/26 13:33:47 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Roaming\Azureus
[2010/07/26 13:31:52 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Roaming\Mozilla
[2010/07/26 13:31:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskBarDis
[2010/07/26 13:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/07/26 12:50:57 | 010,558,400 | ---- | C] (Vuze Inc.) -- C:\Users\natalie\Desktop\Vuze_4.2.0.2_windows.exe
[2010/07/26 05:53:38 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Roaming\Macromedia
[2010/07/26 05:53:38 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Roaming\Adobe
[2010/07/25 20:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/07/25 20:57:01 | 000,009,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2010/07/25 20:56:55 | 000,528,616 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2010/07/25 20:56:55 | 000,440,688 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2010/07/25 20:56:55 | 000,279,752 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2010/07/25 20:56:55 | 000,189,880 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2010/07/25 20:56:55 | 000,121,504 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
[2010/07/25 20:56:55 | 000,093,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2010/07/25 20:56:55 | 000,075,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
[2010/07/25 20:56:55 | 000,062,416 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2010/07/25 17:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/07/25 17:27:09 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Local\Diagnostics
[2010/07/25 17:21:56 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Roaming\CyberLink
[2010/07/25 17:05:58 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Roaming\Dell
[2010/07/25 17:05:51 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Local\Stardock_Corporation
[2010/07/25 17:05:44 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Roaming\ATI
[2010/07/25 17:05:44 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Local\ATI
[2010/07/25 17:05:40 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Roaming\Intel Corporation
[2010/07/25 17:05:36 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Local\SupportSoft
[2010/07/25 17:05:23 | 000,000,000 | R--D | C] -- C:\Users\natalie\Searches
[2010/07/25 17:05:23 | 000,000,000 | -H-D | C] -- C:\Users\natalie\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/07/25 17:05:14 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Roaming\Identities
[2010/07/25 17:05:12 | 000,000,000 | R--D | C] -- C:\Users\natalie\Contacts
[2010/07/25 17:05:11 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Local\VirtualStore
[2010/07/25 17:02:35 | 000,000,000 | --SD | C] -- C:\Users\natalie\AppData\Roaming\Microsoft
[2010/07/25 17:02:35 | 000,000,000 | R--D | C] -- C:\Users\natalie\Music
[2010/07/25 17:02:35 | 000,000,000 | R--D | C] -- C:\Users\natalie\Links
[2010/07/25 17:02:35 | 000,000,000 | R--D | C] -- C:\Users\natalie\Favorites
[2010/07/25 17:02:35 | 000,000,000 | R--D | C] -- C:\Users\natalie\Downloads
[2010/07/25 17:02:35 | 000,000,000 | R--D | C] -- C:\Users\natalie\My Documents
[2010/07/25 17:02:35 | 000,000,000 | R--D | C] -- C:\Users\natalie\Desktop
[2010/07/25 17:02:35 | 000,000,000 | -HSD | C] -- C:\Users\natalie\AppData\Local\Temporary Internet Files
[2010/07/25 17:02:35 | 000,000,000 | -HSD | C] -- C:\Users\natalie\Templates
[2010/07/25 17:02:35 | 000,000,000 | -HSD | C] -- C:\Users\natalie\Start Menu
[2010/07/25 17:02:35 | 000,000,000 | -HSD | C] -- C:\Users\natalie\SendTo
[2010/07/25 17:02:35 | 000,000,000 | -HSD | C] -- C:\Users\natalie\Recent
[2010/07/25 17:02:35 | 000,000,000 | -HSD | C] -- C:\Users\natalie\PrintHood
[2010/07/25 17:02:35 | 000,000,000 | -HSD | C] -- C:\Users\natalie\NetHood
[2010/07/25 17:02:35 | 000,000,000 | -HSD | C] -- C:\Users\natalie\Documents\My Videos
[2010/07/25 17:02:35 | 000,000,000 | -HSD | C] -- C:\Users\natalie\Documents\My Pictures
[2010/07/25 17:02:35 | 000,000,000 | -HSD | C] -- C:\Users\natalie\Documents\My Music
[2010/07/25 17:02:35 | 000,000,000 | -HSD | C] -- C:\Users\natalie\My Documents
[2010/07/25 17:02:35 | 000,000,000 | -HSD | C] -- C:\Users\natalie\Local Settings
[2010/07/25 17:02:35 | 000,000,000 | -HSD | C] -- C:\Users\natalie\AppData\Local\History
[2010/07/25 17:02:35 | 000,000,000 | -HSD | C] -- C:\Users\natalie\Cookies
[2010/07/25 17:02:35 | 000,000,000 | -HSD | C] -- C:\Users\natalie\Application Data
[2010/07/25 17:02:35 | 000,000,000 | -HSD | C] -- C:\Users\natalie\AppData\Local\Application Data
[2010/07/25 17:02:35 | 000,000,000 | -H-D | C] -- C:\Users\natalie\AppData
[2010/07/25 17:02:35 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Local\Temp
[2010/07/25 17:02:35 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Local\Microsoft
[2010/07/25 17:02:35 | 000,000,000 | ---D | C] -- C:\Users\natalie\AppData\Roaming\Media Center Programs
[2010/07/25 17:02:34 | 000,000,000 | R--D | C] -- C:\Users\natalie\Videos
[2010/07/25 17:02:34 | 000,000,000 | R--D | C] -- C:\Users\natalie\Saved Games
[2010/07/25 17:02:34 | 000,000,000 | R--D | C] -- C:\Users\natalie\Pictures
[2010/07/25 15:57:29 | 000,000,000 | ---D | C] -- C:\Users\natalie\Documents\natalie documents
[2010/07/02 06:23:15 | 000,274,432 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010/07/02 06:23:15 | 000,121,872 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys
[2010/07/02 06:23:14 | 000,421,376 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2010/07/02 06:23:14 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010/07/02 06:23:14 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010/07/02 06:23:12 | 000,448,000 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010/07/02 06:23:12 | 000,202,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010/07/02 06:23:12 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2010/07/02 06:23:12 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010/07/02 06:23:11 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010/07/02 06:22:57 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/07/02 06:22:57 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/07/02 06:22:57 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/07/02 06:22:57 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/07/02 06:22:56 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/07/02 06:22:56 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/07/02 06:22:56 | 000,309,760 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/07/02 06:22:56 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/07/02 06:22:56 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/07/02 06:22:56 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/07/02 06:22:56 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/07/02 06:22:56 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/07/02 06:22:31 | 001,478,144 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2010/07/02 06:21:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem
[2010/07/02 06:21:18 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/07/02 06:21:18 | 000,000,000 | ---D | C] -- C:\Drivers
[2010/07/02 06:14:43 | 000,000,000 | ---D | C] -- C:\dell
[2010/07/02 05:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/07/02 05:33:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/07/02 05:32:35 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/07/02 05:32:23 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/07/02 04:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/07/02 03:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/07/02 03:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/07/02 03:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/07/02 03:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2010/07/02 03:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2010/07/02 03:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2010/07/02 03:53:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}
[2010/07/02 03:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/07/02 03:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2010/07/02 03:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2010/07/02 03:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/07/02 03:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/07/02 03:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
[2010/07/02 03:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/07/02 03:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2010/07/02 03:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2010/07/02 03:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SureThing Shared
[2010/07/02 03:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/07/02 03:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/07/02 03:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2010/07/02 03:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/07/02 03:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio
[2010/07/02 03:49:57 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/07/02 03:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/07/02 03:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/07/02 03:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/07/02 03:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/07/02 03:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/07/02 03:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/07/02 03:46:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/07/02 03:46:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/07/02 03:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/07/02 03:45:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/02 03:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/07/02 03:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2010/07/02 03:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2010/07/02 03:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2010/07/02 03:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2010/07/02 03:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft
[2010/07/02 03:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Support Center
[2010/07/02 03:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2010/07/02 03:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/07/02 03:42:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/07/02 03:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/07/02 03:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010/07/02 03:40:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/07/02 03:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Multimedia Card Reader(9106)
[2010/07/02 03:39:47 | 000,000,000 | ---D | C] -- C:\Intel
[2010/07/02 03:39:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/07/02 03:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/07/02 03:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/07/02 03:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/02 03:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/07/02 03:38:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/07/02 03:37:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/07/02 03:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Inc
[2010/07/02 03:37:21 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

========== Files - Modified Within 90 Days ==========

[2010/08/06 07:34:18 | 001,572,864 | -HS- | M] () -- C:\Users\natalie\NTUSER.DAT
[2010/08/06 06:41:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1050821485-3544646205-1795249244-1000UA.job
[2010/08/06 06:20:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/06 06:20:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/06 06:18:31 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\natalie\Desktop\TDSSKiller.exe
[2010/08/06 06:17:05 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/06 06:17:05 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/06 06:17:05 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/06 06:12:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/06 06:12:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/06 06:12:44 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/06 06:12:02 | 001,067,971 | -H-- | M] () -- C:\Users\natalie\AppData\Local\IconCache.db
[2010/08/06 06:11:29 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/08/06 06:01:43 | 000,000,055 | ---- | M] () -- C:\Users\natalie\Desktop\3.jpg.url
[2010/08/05 19:41:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1050821485-3544646205-1795249244-1000Core.job
[2010/08/05 18:16:35 | 000,293,376 | ---- | M] () -- C:\Users\natalie\Desktop\gmer.exe
[2010/08/05 18:06:28 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/05 18:02:19 | 000,000,930 | ---- | M] () -- C:\Users\natalie\Desktop\NTREGOPT.lnk
[2010/08/05 18:02:19 | 000,000,911 | ---- | M] () -- C:\Users\natalie\Desktop\ERUNT.lnk
[2010/08/04 09:47:38 | 000,000,000 | ---- | M] () -- C:\Users\natalie\.gtk-bookmarks
[2010/08/04 09:38:10 | 000,641,060 | ---- | M] () -- C:\Users\natalie\.fonts.cache-1
[2010/08/03 10:40:25 | 000,017,392 | ---- | M] () -- C:\Users\natalie\Documents\Questionnaire_India.pdf
[2010/08/02 07:41:35 | 000,000,172 | ---- | M] () -- C:\Users\natalie\Desktop\Upload date.url
[2010/07/29 08:53:45 | 000,261,854 | ---- | M] () -- C:\Users\natalie\Desktop\ticket confirmation.xps
[2010/07/28 12:44:08 | 000,054,243 | ---- | M] () -- C:\Users\natalie\Desktop\Replacement Cost.pdf
[2010/07/27 16:19:03 | 000,002,447 | ---- | M] () -- C:\Users\natalie\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/07/27 16:19:03 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/07/27 16:18:34 | 000,001,125 | ---- | M] () -- C:\Users\natalie\Desktop\OLYMPUS Master 2.lnk
[2010/07/27 11:35:52 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/07/27 11:35:28 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/07/27 01:21:27 | 000,356,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/26 19:26:13 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/26 17:38:42 | 000,002,332 | ---- | M] () -- C:\Users\natalie\Desktop\Google Chrome.lnk
[2010/07/26 17:35:41 | 000,064,512 | ---- | M] () -- C:\Users\natalie\Desktop\check_request_for_Summer_7.11.10.doc
[2010/07/26 13:39:52 | 000,000,708 | ---- | M] () -- C:\Users\natalie\Desktop\Downloads - Shortcut.lnk
[2010/07/26 13:39:31 | 000,000,724 | ---- | M] () -- C:\Users\natalie\Desktop\Azureus Downloads - Shortcut.lnk
[2010/07/26 13:33:31 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/07/26 13:33:31 | 000,001,854 | ---- | M] () -- C:\Users\natalie\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/07/26 13:30:17 | 000,001,093 | ---- | M] () -- C:\Users\natalie\Documents - Shortcut.lnk
[2010/07/26 12:50:57 | 010,558,400 | ---- | M] (Vuze Inc.) -- C:\Users\natalie\Desktop\Vuze_4.2.0.2_windows.exe
[2010/07/25 20:48:47 | 000,524,288 | -HS- | M] () -- C:\Users\natalie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/25 20:48:47 | 000,524,288 | -HS- | M] () -- C:\Users\natalie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/25 20:48:47 | 000,065,536 | -HS- | M] () -- C:\Users\natalie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/25 17:27:00 | 000,000,194 | ---- | M] () -- C:\Users\natalie\Desktop\New Rich Text Document.rtf
[2010/07/25 17:16:20 | 000,001,443 | ---- | M] () -- C:\Users\natalie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/25 17:05:52 | 000,001,984 | ---- | M] () -- C:\Users\natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/07/25 17:02:44 | 000,090,224 | ---- | M] () -- C:\Users\natalie\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/25 17:02:35 | 000,000,020 | -HS- | M] () -- C:\Users\natalie\ntuser.ini
[2010/07/25 17:02:04 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/07/25 17:02:04 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/07/02 06:28:38 | 000,005,350 | RH-- | M] () -- C:\dell.sdr
[2010/07/02 06:22:29 | 000,005,350 | ---- | M] () -- C:\Windows\SysWow64\drivers\1028_Dell_STU_8100.mrk
[2010/07/02 06:22:29 | 000,005,350 | ---- | M] () -- C:\Windows\SysNative\drivers\1028_Dell_STU_8100.mrk
[2010/07/02 05:33:50 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/07/02 05:33:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/02 04:02:28 | 000,793,688 | ---- | M] () -- C:\Windows\SysNative\chklogo6.wtl
[2010/07/02 03:53:34 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/05/31 18:32:58 | 000,528,616 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2010/05/31 18:32:58 | 000,440,688 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2010/05/31 18:32:58 | 000,279,752 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2010/05/31 18:32:58 | 000,189,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2010/05/31 18:32:58 | 000,121,504 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
[2010/05/31 18:32:58 | 000,093,840 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2010/05/31 18:32:58 | 000,075,288 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
[2010/05/31 18:32:58 | 000,062,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2010/05/31 18:32:58 | 000,009,984 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys

========== Files Created - No Company Name ==========

[2010/08/06 06:01:43 | 000,000,055 | ---- | C] () -- C:\Users\natalie\Desktop\3.jpg.url
[2010/08/05 18:06:28 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/05 18:02:19 | 000,000,930 | ---- | C] () -- C:\Users\natalie\Desktop\NTREGOPT.lnk
[2010/08/05 18:02:19 | 000,000,911 | ---- | C] () -- C:\Users\natalie\Desktop\ERUNT.lnk
[2010/08/04 09:39:33 | 000,000,000 | ---- | C] () -- C:\Users\natalie\.gtk-bookmarks
[2010/08/04 09:38:10 | 000,641,060 | ---- | C] () -- C:\Users\natalie\.fonts.cache-1
[2010/08/03 10:40:25 | 000,017,392 | ---- | C] () -- C:\Users\natalie\Documents\Questionnaire_India.pdf
[2010/08/02 07:41:35 | 000,000,172 | ---- | C] () -- C:\Users\natalie\Desktop\Upload date.url
[2010/07/29 08:53:44 | 000,261,854 | ---- | C] () -- C:\Users\natalie\Desktop\ticket confirmation.xps
[2010/07/28 12:44:08 | 000,054,243 | ---- | C] () -- C:\Users\natalie\Desktop\Replacement Cost.pdf
[2010/07/27 16:19:03 | 000,002,447 | ---- | C] () -- C:\Users\natalie\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/07/27 16:19:03 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/07/27 16:18:34 | 000,001,125 | ---- | C] () -- C:\Users\natalie\Desktop\OLYMPUS Master 2.lnk
[2010/07/27 11:35:52 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/07/26 19:26:13 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/26 17:38:42 | 000,002,332 | ---- | C] () -- C:\Users\natalie\Desktop\Google Chrome.lnk
[2010/07/26 17:36:20 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1050821485-3544646205-1795249244-1000UA.job
[2010/07/26 17:36:20 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1050821485-3544646205-1795249244-1000Core.job
[2010/07/26 17:35:41 | 000,064,512 | ---- | C] () -- C:\Users\natalie\Desktop\check_request_for_Summer_7.11.10.doc
[2010/07/26 13:39:52 | 000,000,708 | ---- | C] () -- C:\Users\natalie\Desktop\Downloads - Shortcut.lnk
[2010/07/26 13:39:31 | 000,000,724 | ---- | C] () -- C:\Users\natalie\Desktop\Azureus Downloads - Shortcut.lnk
[2010/07/26 13:31:40 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/07/26 13:31:40 | 000,001,854 | ---- | C] () -- C:\Users\natalie\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/07/26 13:30:17 | 000,001,093 | ---- | C] () -- C:\Users\natalie\Documents - Shortcut.lnk
[2010/07/25 17:26:44 | 000,000,194 | ---- | C] () -- C:\Users\natalie\Desktop\New Rich Text Document.rtf
[2010/07/25 17:16:20 | 000,001,443 | ---- | C] () -- C:\Users\natalie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/25 17:05:52 | 000,001,984 | ---- | C] () -- C:\Users\natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/07/25 17:02:35 | 000,524,288 | -HS- | C] () -- C:\Users\natalie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/25 17:02:35 | 000,524,288 | -HS- | C] () -- C:\Users\natalie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/25 17:02:35 | 000,262,144 | -HS- | C] () -- C:\Users\natalie\ntuser.dat.LOG1
[2010/07/25 17:02:35 | 000,065,536 | -HS- | C] () -- C:\Users\natalie\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/25 17:02:35 | 000,000,290 | ---- | C] () -- C:\Users\natalie\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/07/25 17:02:35 | 000,000,272 | ---- | C] () -- C:\Users\natalie\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/25 17:02:35 | 000,000,020 | -HS- | C] () -- C:\Users\natalie\ntuser.ini
[2010/07/25 17:02:35 | 000,000,000 | -HS- | C] () -- C:\Users\natalie\ntuser.dat.LOG2
[2010/07/25 17:02:34 | 001,572,864 | -HS- | C] () -- C:\Users\natalie\NTUSER.DAT
[2010/07/02 06:28:38 | 000,005,350 | RH-- | C] () -- C:\dell.sdr
[2010/07/02 06:23:15 | 000,402,016 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/07/02 06:23:14 | 000,402,016 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/07/02 06:23:13 | 000,332,288 | ---- | C] () -- C:\Windows\SysNative\ATIODE.exe
[2010/07/02 06:23:13 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\ATIODCLI.exe
[2010/07/02 06:23:13 | 000,019,017 | ---- | C] () -- C:\Windows\atiogl.xml
[2010/07/02 06:23:12 | 000,196,565 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2010/07/02 06:22:29 | 000,005,350 | ---- | C] () -- C:\Windows\SysWow64\drivers\1028_Dell_STU_8100.mrk
[2010/07/02 06:22:29 | 000,005,350 | ---- | C] () -- C:\Windows\SysNative\drivers\1028_Dell_STU_8100.mrk
[2010/07/02 05:33:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/07/02 05:33:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/02 05:32:23 | 2115,301,375 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/02 04:02:27 | 000,793,688 | ---- | C] () -- C:\Windows\SysNative\chklogo6.wtl
[2010/07/02 03:53:34 | 000,230,912 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2010/07/02 03:53:34 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/07/02 03:53:34 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2010/07/02 03:53:34 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/07/02 03:53:34 | 000,006,507 | ---- | C] () -- C:\Windows\SysNative\THXCfg64.ini
[2010/07/02 03:53:34 | 000,005,262 | ---- | C] () -- C:\Windows\SysNative\MCEptMon.ini
[2010/07/02 03:53:34 | 000,005,262 | ---- | C] () -- C:\Windows\SysNative\MBEptMon.ini
[2010/07/02 03:53:34 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/07/02 03:53:34 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/07/02 03:53:34 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/07/02 03:53:34 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/06 06:11:05 | 000,000,000 | ---D | M] -- C:\Users\natalie\AppData\Roaming\Azureus
[2009/07/13 22:08:49 | 000,004,154 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/07/02 06:28:38 | 000,005,350 | RH-- | M] () -- C:\dell.sdr
[2010/08/06 06:12:44 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/06 06:12:49 | 4252,057,599 | -HS- | M] () -- C:\pagefile.sys
[2010/08/06 06:23:00 | 000,059,686 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_06.08.2010_06.21.16_log.txt
[2010/08/06 06:46:09 | 000,059,686 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_06.08.2010_06.45.23_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.exe >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 10:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\*. >
[2010/07/26 19:26:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/07/26 13:31:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AskBarDis
[2010/07/02 03:41:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2010/07/02 03:42:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Citrix
[2010/07/27 11:35:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/07/02 03:53:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2010/07/02 03:43:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2010/07/02 03:43:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Support Center
[2010/08/05 18:02:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ERUNT
[2010/08/04 09:53:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIMPshop
[2010/07/02 03:53:26 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/07/02 03:40:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2010/07/27 11:35:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/07/02 03:38:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/08/05 18:06:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/26 05:48:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee
[2010/07/27 01:21:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee.com
[2010/07/02 03:46:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/07/29 10:49:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/07/02 03:48:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/07/02 03:47:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/07/02 03:48:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/07/02 03:41:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/07/29 10:49:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2010/07/27 01:02:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/07/02 03:40:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Multimedia Card Reader(9106)
[2010/07/27 16:18:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OLYMPUS
[2010/07/27 16:19:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2010/07/27 11:35:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/07/02 03:52:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
[2010/07/02 03:50:00 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2009/07/13 21:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/07/26 13:33:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze
[2009/07/13 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/07/02 03:48:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/07/02 03:46:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/07/27 01:20:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/07/02 06:27:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/13 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/13 22:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/13 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< set /c >
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\natalie\AppData\Roaming
CLASSPATH=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=NATALIE-PC
ComSpec=C:\Windows\system32\cmd.exe
EMC_AUTOPLAY=c:\Program Files (x86)\Common Files\Roxio Shared\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\natalie
LOCALAPPDATA=C:\Users\natalie\AppData\Local
LOGONSERVER=\\NATALIE-PC
NUMBER_OF_PROCESSORS=8
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1e05
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
RoxioCentral=c:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\natalie\AppData\Local\Temp
TMP=C:\Users\natalie\AppData\Local\Temp
USERDOMAIN=natalie-PC
USERNAME=natalie
USERPROFILE=C:\Users\natalie
windir=C:\Windows
< End of report >
  • 0

#8
Rorschach112
Posted 06 August 2010 - 09:42 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2010/07/26 13:31:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\natalie\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/08/06 06:23:00 | 000,059,686 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_06.08.2010_06.21.16_log.txt
[2010/08/06 06:46:09 | 000,059,686 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_06.08.2010_06.45.23_log.txt

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#9
maisonvivante
Posted 06 August 2010 - 10:09 AM

maisonvivante

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I followed all the steps up to the Update Malwarebytes part--and I still can't update. I get an error message when I try to.

So I just scanned without the update and no malicious items were detected.

I tried to go to the Kaspersky website but it says that my computer does not meet the requirements for it.

Here's the logfile from Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/6/2010 9:00:39 AM
mbam-log-2010-08-06 (09-00-39).txt

Scan type: Quick scan
Objects scanned: 116649
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
Rorschach112
Posted 06 August 2010 - 10:14 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
do this

* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

Advertisements

#11
maisonvivante
Posted 06 August 2010 - 11:20 AM

maisonvivante

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
  • 0

#12
Rorschach112
Posted 06 August 2010 - 01:03 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hows it running
  • 0

#13
maisonvivante
Posted 06 August 2010 - 01:07 PM

maisonvivante

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Same as before, I'm sorry to say.
  • 0

#14
Rorschach112
Posted 07 August 2010 - 05:46 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
update mcafee run a full scan, post that log here
  • 0

#15
maisonvivante
Posted 10 August 2010 - 10:52 AM

maisonvivante

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Can you tell me where to find the log file on McAfee? It doesn't seem to be in any of the McAfee folders on the C drive, and I can't find an option to generate a log file anywhere on the menus. And no log file opens in notepad.

By the way, I've fun a full scan a couple of times now and nothing is found. It seems like this google/yahoo redirect thing is virtually untraceable. I still can't update malwarebytes either, so I suspect that's the virus stopping me.

update mcafee run a full scan, post that log here


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP