[cassieann81]

Hi,

All of a sudden I cannot access internet explorer on my laptop. When it opens no page loads and then it freezes the whole computer and I have to reboot. Once it's locked up I can't even pull up the task manager or anything. I've done all windows updates thinking maybe that would help but it didn't. Malwarebytes did not find anything and I can't run an OTL scan.

Please help - I need access to my favorites for christmas.

Thanks so much for your help!

Cassie

[Advertisements]

Which version of Windows do you have? XP, Vista or Win 7?

Is IE the only browser you have? Do you know what version you have? (6, 7, 8, or 9)

On some versions of Window you can right click on the IE icon on your desktop and tell it to run without add-ons. Sometimes you can right click on the IE icon and select Properties and get the same menu as if you ran IE then did Tools, Internet Options. If that works: Try Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.
IF that doesn't help: go to the Advanced tab and hit the RESET button near the bottom.

You said you were able to do the updates so I guess your network connection is working. Let's see if we can download Opera (another browser):


Start, All Programs, Accessories then Command Prompt. (Win 7 and Vista must Right click on Command Prompt and Run As Admin.)
Bold text is what you type with an Enter after each line. Regular text is the expected response. Text in parentheses are my comments.


ftp ftp.opera.com
Connected to get2.opera.com.
220 (vsFTPd 2.0.7)
User (get2.opera.com:(none)): anonymous
331 Please specify the password.
Password: any
230 Login successful.

ftp> cd pub/opera/win/1151/us
250 Directory successfully changed.

ftp> ls
(That's actually L S. Here you may get a windows prompt that it has blocked the program. Tell it to unblock)
Opera_1151_int_Setup.exe

ftp> binary
200 Switching to Binary mode.

ftp> get Opera_1151_int_Setup.exe
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for Opera_1151_int_Setup.exe (10307952 bytes).

(It will take it some time to download the file. There is no indication that anything is happening but if you go to Task Manager and look at the network traffic you will see that it is working.)

226 File send OK.
ftp: 10307952 bytes received in 119.73Seconds 86.09Kbytes/sec.
ftp> bye
221 Goodbye.

Now is the tricky part. Have to find where it got stored. Do a search of the C:\ for Opera and it should show up.
Usually it stores the file in C:\users\YourLoginName\ (Win 7 or Vista) or in XP at C:\Documents and Settings\YourLoginName\
Right click on it and Open File Location then run the file in XP by doubleclicking. (Win 7 or Vista => right click on the the file and Run As Administrator). It installs very quickly. See if it will go anywhere like to att.com

Does that work? Can you download and run OTL now?

Ron

[RKinner]

Which version of Windows do you have? XP, Vista or Win 7?

Is IE the only browser you have? Do you know what version you have? (6, 7, 8, or 9)

On some versions of Window you can right click on the IE icon on your desktop and tell it to run without add-ons. Sometimes you can right click on the IE icon and select Properties and get the same menu as if you ran IE then did Tools, Internet Options. If that works: Try Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.
IF that doesn't help: go to the Advanced tab and hit the RESET button near the bottom.

You said you were able to do the updates so I guess your network connection is working. Let's see if we can download Opera (another browser):


Start, All Programs, Accessories then Command Prompt. (Win 7 and Vista must Right click on Command Prompt and Run As Admin.)
Bold text is what you type with an Enter after each line. Regular text is the expected response. Text in parentheses are my comments.


ftp ftp.opera.com
Connected to get2.opera.com.
220 (vsFTPd 2.0.7)
User (get2.opera.com:(none)): anonymous
331 Please specify the password.
Password: any
230 Login successful.

ftp> cd pub/opera/win/1151/us
250 Directory successfully changed.

ftp> ls
(That's actually L S. Here you may get a windows prompt that it has blocked the program. Tell it to unblock)
Opera_1151_int_Setup.exe

ftp> binary
200 Switching to Binary mode.

ftp> get Opera_1151_int_Setup.exe
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for Opera_1151_int_Setup.exe (10307952 bytes).

(It will take it some time to download the file. There is no indication that anything is happening but if you go to Task Manager and look at the network traffic you will see that it is working.)

226 File send OK.
ftp: 10307952 bytes received in 119.73Seconds 86.09Kbytes/sec.
ftp> bye
221 Goodbye.

Now is the tricky part. Have to find where it got stored. Do a search of the C:\ for Opera and it should show up.
Usually it stores the file in C:\users\YourLoginName\ (Win 7 or Vista) or in XP at C:\Documents and Settings\YourLoginName\
Right click on it and Open File Location then run the file in XP by doubleclicking. (Win 7 or Vista => right click on the the file and Run As Administrator). It installs very quickly. See if it will go anywhere like to att.com

Does that work? Can you download and run OTL now?

Ron

[cassieann81]

Ron,

Thanks for such a quick reply and my apologies for the lack of info in my initial post. I am running windows 7 starter on a netbook. I had IE8 and when I started having the issues and ran windows update I updated it to IE9 figuring that would help, but it did not.

I could not run IE without add-ons and I could access a properties menu but it is not the same one as the internet options menu.

I have already downloaded OTL but when I attempt to run it it stops responding and does not appear to do anything. Although I just noticed that the task manager shows the CPU usage jumps to over 50% usage after I press the Run Scan button - maybe it's running the scan and I don't know - I will leave it open and see what happens.

[cassieann81]

Apparently I was just a bit impatient....I let it run and up popped the results of the scan and here they are.

OTL logfile created on: 11/4/2011 11:44:02 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Cathryn\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.09 Mb Total Physical Memory | 321.50 Mb Available Physical Memory | 31.73% Memory free
1.99 Gb Paging File | 0.90 Gb Available in Paging File | 45.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.95 Gb Total Space | 91.08 Gb Free Space | 66.99% Space Free | Partition Type: NTFS

Computer Name: CATHRYN-PC | User Name: Cathryn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/03 21:11:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Cathryn\Downloads\OTL.exe
PRC - [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/01 20:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Cathryn\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/24 21:34:06 | 004,546,896 | ---- | M] () -- C:\Program Files\Video Web Camera\VideoWebCamera.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/12 02:24:10 | 001,602,344 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2010/11/12 02:24:08 | 001,812,264 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
PRC - [2010/08/10 05:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2010/08/10 05:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/08/10 05:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2010/06/11 18:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
PRC - [2010/06/11 18:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
PRC - [2010/06/11 18:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
PRC - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/04 20:04:26 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 02:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/12/24 21:34:06 | 004,546,896 | ---- | M] () -- C:\Program Files\Video Web Camera\VideoWebCamera.exe
MOD - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
MOD - [2009/05/20 02:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/10 05:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/11 18:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKsl934d49a0)
DRV - [2011/11/04 17:20:41 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{483F4CF5-9F9D-4E03-A3D2-358635B66489}\MpKsl7ebd9176.sys -- (MpKsl7ebd9176)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/08/24 05:55:52 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/07/15 17:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/06/17 02:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cathryn\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cathryn\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 17:50:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/31 17:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cathryn\AppData\Roaming\Mozilla\Extensions
[2011/10/31 17:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cathryn\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Cathryn\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Cathryn\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Cathryn\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll File not found
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKCU..\Run: [AdobeUpdater6] "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe" File not found
O4 - Startup: C:\Users\Cathryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Cathryn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.17.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55E6DBFC-5DFE-406F-ADB9-F07881E83CA8}: DhcpNameServer = 192.168.1.1 192.168.17.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/03 19:39:50 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/01 22:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/11/01 22:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/11/01 22:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/11/01 15:58:51 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{7090A12A-3CD1-4F27-B08A-2D6909D5B4D5}
[2011/11/01 15:58:35 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{52FEEF13-FF4C-4333-8389-AC7EA5203604}
[2011/11/01 13:08:52 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{405FEB9B-9488-47C4-A0A0-63A5BDDBD782}
[2011/11/01 13:08:33 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{A97208E3-B9FD-4CD2-8245-012318925F83}
[2011/11/01 13:08:01 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{EDC9034A-25C8-458A-8024-1DD344B461A4}
[2011/10/31 21:51:19 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{C99A7849-3529-4CF1-A21E-F39EF6D26788}
[2011/10/31 21:51:06 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{7EBE0D5E-0DD7-4C8A-83DC-C5684F4D7806}
[2011/10/31 21:29:20 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{714E5037-5E6D-420B-B540-FFB495799848}
[2011/10/31 21:29:05 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{291EF3D4-7452-4A3A-BDDF-0589EEACE03A}
[2011/10/31 21:28:13 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{9485EB69-B144-4F0D-974B-F02F47582A0D}
[2011/10/31 21:28:01 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{E7316E49-2405-4ECF-9C34-2C273A13B84E}
[2011/10/31 18:02:53 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{ED143E4A-A7D3-4760-A7AB-3752F88C6841}
[2011/10/31 18:01:14 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{B64786B5-56E7-4A11-AF6F-A7A8EBBCB079}
[2011/10/31 17:51:24 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\Mozilla
[2011/10/31 17:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/10/31 16:38:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/10/31 16:27:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/10/31 16:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/31 16:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/10/31 15:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/31 15:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/22 17:27:16 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{09F6E46A-A46F-4E4E-9975-D92744C2DC40}
[2011/10/22 17:25:46 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{7B421964-BB92-4BBD-BCDC-C0A784D8D9C9}
[2011/10/17 20:52:41 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{5E77FAD7-5480-4C2F-A6BF-95B47FE431E7}
[2011/10/17 20:52:25 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{B86282A2-7C10-4189-8629-027E87C62DB9}
[2011/10/17 20:52:10 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{4F0F19C4-BFD6-465C-8085-4964346F41F5}
[2011/10/17 20:03:50 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{A82FBF50-EDC8-4299-9F23-EC562B56594F}
[2011/10/17 20:03:24 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{8A50A1AF-55BA-4DDB-8C19-886BC751246E}
[2011/10/17 20:03:09 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{8CE8D1A2-5C99-4890-A368-7B1CBF24B50B}
[2011/10/17 19:44:42 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{0F2B877F-FC2E-4C05-B292-DD1E72325AC3}
[2011/10/17 19:38:45 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{BFB8F3A2-3A8F-4138-8F6A-FDE351E454BE}
[2011/10/15 20:40:16 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{02330378-3D09-4E42-AB44-1643B586457A}
[2011/10/15 14:24:11 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{0094E9EE-DD8A-4621-BC8B-A35070886B64}
[2011/10/15 14:22:55 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{8CBB08C0-FB2A-4E4A-B7D0-C5E2922B9A64}
[2011/10/10 15:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\2C308

========== Files - Modified Within 30 Days ==========

[2011/11/04 23:43:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3516002798-1846099953-3120230136-1000UA.job
[2011/11/04 20:24:37 | 000,002,187 | ---- | M] () -- C:\Users\Cathryn\Desktop\404.JPG - Shortcut.lnk
[2011/11/04 19:43:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3516002798-1846099953-3120230136-1000Core.job
[2011/11/04 19:31:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/04 17:16:55 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 17:16:55 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 17:08:57 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/03 19:39:55 | 000,002,336 | ---- | M] () -- C:\Users\Cathryn\Desktop\Google Chrome.lnk
[2011/11/02 15:24:10 | 000,403,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/01 22:19:36 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/11/01 22:19:36 | 000,001,886 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/11/01 13:11:21 | 000,626,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/01 13:11:21 | 000,107,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/31 21:10:12 | 000,001,114 | ---- | M] () -- C:\Users\Cathryn\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/10/31 17:50:54 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/31 17:35:46 | 000,001,418 | ---- | M] () -- C:\Users\Cathryn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/31 16:50:21 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/10/31 16:27:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/31 16:10:07 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/30 20:24:00 | 005,665,095 | ---- | M] () -- C:\Users\Cathryn\Desktop\VIDEO0093.3gp
[2011/10/19 15:57:38 | 000,027,438 | ---- | M] () -- C:\Users\Cathryn\Desktop\tff32269977.jpg

========== Files Created - No Company Name ==========

[2011/11/04 20:24:37 | 000,002,187 | ---- | C] () -- C:\Users\Cathryn\Desktop\404.JPG - Shortcut.lnk
[2011/11/03 19:39:55 | 000,002,336 | ---- | C] () -- C:\Users\Cathryn\Desktop\Google Chrome.lnk
[2011/11/03 19:38:34 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3516002798-1846099953-3120230136-1000UA.job
[2011/11/03 19:38:33 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3516002798-1846099953-3120230136-1000Core.job
[2011/11/01 22:19:36 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/11/01 22:19:36 | 000,001,886 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/10/31 17:50:54 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/31 17:50:53 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/31 17:35:46 | 000,001,424 | ---- | C] () -- C:\Users\Cathryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/31 16:50:21 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/10/31 16:27:27 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/31 16:27:11 | 000,001,904 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/31 16:10:07 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/31 16:10:07 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/30 20:24:00 | 005,665,095 | ---- | C] () -- C:\Users\Cathryn\Desktop\VIDEO0093.3gp
[2011/10/19 15:59:09 | 000,027,438 | ---- | C] () -- C:\Users\Cathryn\Desktop\tff32269977.jpg
[2011/03/24 21:52:50 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/28 08:56:24 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2010/12/28 08:56:24 | 000,039,672 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2010/12/28 08:56:24 | 000,016,406 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE4.DAT
[2010/12/28 08:56:24 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010/12/28 08:56:24 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2010/12/28 08:56:24 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010/12/28 08:56:24 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010/12/28 08:56:24 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010/12/28 08:56:24 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2010/12/28 08:56:24 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010/12/28 08:49:14 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
[2010/12/28 08:13:33 | 000,361,808 | ---- | C] () -- C:\Windows\EMCRI_E.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,403,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,626,278 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,107,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/03/24 21:56:02 | 000,000,000 | ---D | M] -- C:\Users\Cathryn\AppData\Roaming\AVG10
[2011/11/04 17:10:23 | 000,000,000 | ---D | M] -- C:\Users\Cathryn\AppData\Roaming\Dropbox
[2011/03/26 00:22:19 | 000,000,000 | ---D | M] -- C:\Users\Cathryn\AppData\Roaming\MusicNet
[2011/02/26 22:10:27 | 000,000,000 | ---D | M] -- C:\Users\Cathryn\AppData\Roaming\Nolo
[2011/10/31 16:53:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

[RKinner]

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll File not found
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKCU..\Run: [AdobeUpdater6] "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe" File not found
[2011/10/10 15:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\2C308
[2011/03/24 21:56:02 | 000,000,000 | ---D | M] -- C:\Users\Cathryn\AppData\Roaming\AVG10

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

     
:Commands
[RESETHOSTS]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)
select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.

Ron

[cassieann81]

Ok so here goes...

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8094

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/5/2011 9:07:05 PM
mbam-log-2011-11-05 (21-07-05).txt

Scan type: Quick scan
Objects scanned: 166978
Time elapsed: 16 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Combo Fix Logs:

ComboFix 11-11-05.03 - Cathryn 11/05/2011 21:15:10.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.295 [GMT -4:00]
Running from: c:\users\Cathryn\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\alert.png
c:\program files\SelectRebates\SahImages\check.png
c:\program files\SelectRebates\SahImages\close.png
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesH.dat
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\AddtoList.bmp
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp
c:\program files\SelectRebates\Toolbar\sahtb-go.bmp
c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp
c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VideoWebCamera.exe.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))
.
.
2011-11-06 01:29 . 2011-11-06 01:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-06 00:48 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-06 00:48 . 2011-11-06 00:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-06 00:37 . 2011-11-06 00:37 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CEEF1453-A5B9-4766-AD24-9D04600E3ED6}\MpKsl76c19410.sys
2011-11-06 00:37 . 2011-11-06 00:37 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CEEF1453-A5B9-4766-AD24-9D04600E3ED6}\offreg.dll
2011-11-06 00:33 . 2011-11-06 00:33 -------- d-----w- C:\found.000
2011-11-06 00:24 . 2011-11-06 00:24 -------- d-----w- C:\_OTL
2011-11-05 23:40 . 2011-11-05 23:40 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CEEF1453-A5B9-4766-AD24-9D04600E3ED6}\MpKslfd303e30.sys
2011-11-05 23:39 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CEEF1453-A5B9-4766-AD24-9D04600E3ED6}\mpengine.dll
2011-11-05 00:04 . 2011-11-05 00:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 23:48 . 2011-10-18 06:28 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-31 21:51 . 2011-10-31 21:51 -------- d-----w- c:\users\Cathryn\AppData\Local\Mozilla
2011-10-31 20:38 . 2011-10-31 20:39 -------- d-----w- c:\windows\system32\SPReview
2011-10-31 20:30 . 2011-10-04 21:22 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15395C4F-4183-4966-A41D-8472A1340CF9}\gapaengine.dll
2011-10-31 20:27 . 2011-10-31 20:27 -------- d-----w- c:\windows\system32\EventProviders
2011-10-31 20:27 . 2011-10-31 20:27 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-31 20:09 . 2011-10-31 20:10 -------- d-----w- c:\program files\Common Files\Adobe
2011-10-31 19:57 . 2011-10-31 19:57 -------- d-----w- c:\program files\Common Files\Java
2011-10-31 19:55 . 2011-10-31 19:55 -------- d-----w- c:\program files\Java
2011-10-28 14:11 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9ACD65FE-F04D-48F8-AC9A-4B3A493D64B0}\mpengine.dll
2011-10-13 14:37 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 14:37 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 14:37 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 14:37 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 14:37 . 2010-11-20 12:16 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 14:37 . 2010-11-20 12:16 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 14:37 . 2010-11-20 12:16 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-10-13 14:37 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-05 15:18 . 2011-04-21 18:15 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-10-31 21:03 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-10-31 19:56 . 2011-08-10 23:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 06:53 . 2011-10-31 21:50 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Cathryn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Cathryn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Cathryn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-08-10 975952]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2010-11-12 1812264]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 715296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Cathryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Cathryn\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl15983103;MpKsl15983103;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23F27E42-A399-4DE0-A62B-2357855A59AD}\MpKsl15983103.sys [x]
R1 MpKsl30c9092b;MpKsl30c9092b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23F27E42-A399-4DE0-A62B-2357855A59AD}\MpKsl30c9092b.sys [x]
R1 MpKsl32350de7;MpKsl32350de7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23F27E42-A399-4DE0-A62B-2357855A59AD}\MpKsl32350de7.sys [x]
R1 MpKsl52f3b161;MpKsl52f3b161;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23F27E42-A399-4DE0-A62B-2357855A59AD}\MpKsl52f3b161.sys [x]
R1 MpKsl9cc8048a;MpKsl9cc8048a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{100D9019-E7B6-4EBA-B35E-C08174B56945}\MpKsl9cc8048a.sys [x]
R1 MpKslc3ba71b6;MpKslc3ba71b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{100D9019-E7B6-4EBA-B35E-C08174B56945}\MpKslc3ba71b6.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82768]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S1 MpKsl76c19410;MpKsl76c19410;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CEEF1453-A5B9-4766-AD24-9D04600E3ED6}\MpKsl76c19410.sys [2011-11-06 28752]
S1 MpKslfd303e30;MpKslfd303e30;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CEEF1453-A5B9-4766-AD24-9D04600E3ED6}\MpKslfd303e30.sys [2011-11-05 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 735776]
S2 GREGService;GREGService;c:\program files\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-29 243232]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 116008]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-08-24 68208]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL76C19410
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3516002798-1846099953-3120230136-1000Core.job
- c:\users\Cathryn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 23:38]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3516002798-1846099953-3120230136-1000UA.job
- c:\users\Cathryn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 23:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.bing.com/?pc=MAGW
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.17.1
FF - ProfilePath - c:\users\Cathryn\AppData\Roaming\Mozilla\Firefox\Profiles\m45hbzn6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-05 21:38:14
ComboFix-quarantined-files.txt 2011-11-06 01:38
.
Pre-Run: 97,502,027,776 bytes free
Post-Run: 97,239,363,584 bytes free
.
- - End Of File - - FFDBDE1980CD0AA7143856BEA2720433

TDDS Logs:

21:44:47.0764 3456 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
21:44:48.0032 3456 ============================================================
21:44:48.0033 3456 Current date / time: 2011/11/05 21:44:48.0032
21:44:48.0033 3456 SystemInfo:
21:44:48.0033 3456
21:44:48.0034 3456 OS Version: 6.1.7601 ServicePack: 1.0
21:44:48.0034 3456 Product type: Workstation
21:44:48.0034 3456 ComputerName: CATHRYN-PC
21:44:48.0035 3456 UserName: Cathryn
21:44:48.0035 3456 Windows directory: C:\Windows
21:44:48.0035 3456 System windows directory: C:\Windows
21:44:48.0035 3456 Processor architecture: Intel x86
21:44:48.0035 3456 Number of processors: 2
21:44:48.0035 3456 Page size: 0x1000
21:44:48.0035 3456 Boot type: Normal boot
21:44:48.0035 3456 ============================================================
21:44:48.0804 3456 Initialize success
21:45:12.0276 2908 ============================================================
21:45:12.0276 2908 Scan started
21:45:12.0276 2908 Mode: Manual;
21:45:12.0277 2908 ============================================================
21:45:13.0301 2908 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:45:13.0308 2908 1394ohci - ok
21:45:13.0425 2908 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:45:13.0435 2908 ACPI - ok
21:45:13.0494 2908 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:45:13.0497 2908 AcpiPmi - ok
21:45:13.0638 2908 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:45:13.0658 2908 adp94xx - ok
21:45:13.0710 2908 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:45:13.0719 2908 adpahci - ok
21:45:13.0750 2908 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:45:13.0757 2908 adpu320 - ok
21:45:13.0888 2908 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:45:13.0909 2908 AFD - ok
21:45:13.0961 2908 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:45:13.0966 2908 agp440 - ok
21:45:14.0027 2908 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:45:14.0032 2908 aic78xx - ok
21:45:14.0099 2908 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:45:14.0102 2908 aliide - ok
21:45:14.0144 2908 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:45:14.0149 2908 amdagp - ok
21:45:14.0194 2908 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:45:14.0198 2908 amdide - ok
21:45:14.0239 2908 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:45:14.0243 2908 AmdK8 - ok
21:45:14.0269 2908 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:45:14.0274 2908 AmdPPM - ok
21:45:14.0338 2908 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:45:14.0342 2908 amdsata - ok
21:45:14.0394 2908 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:45:14.0400 2908 amdsbs - ok
21:45:14.0434 2908 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:45:14.0438 2908 amdxata - ok
21:45:14.0504 2908 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:45:14.0509 2908 AppID - ok
21:45:14.0597 2908 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:45:14.0601 2908 arc - ok
21:45:14.0627 2908 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:45:14.0632 2908 arcsas - ok
21:45:14.0668 2908 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:45:14.0672 2908 AsyncMac - ok
21:45:14.0737 2908 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:45:14.0741 2908 atapi - ok
21:45:14.0853 2908 athr (c35af075c15827d74b5c9702cbcb175b) C:\Windows\system32\DRIVERS\athr.sys
21:45:14.0911 2908 athr - ok
21:45:15.0045 2908 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:45:15.0066 2908 b06bdrv - ok
21:45:15.0124 2908 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:45:15.0131 2908 b57nd60x - ok
21:45:15.0204 2908 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:45:15.0207 2908 Beep - ok
21:45:15.0290 2908 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:45:15.0293 2908 blbdrive - ok
21:45:15.0349 2908 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:45:15.0353 2908 bowser - ok
21:45:15.0392 2908 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:45:15.0395 2908 BrFiltLo - ok
21:45:15.0422 2908 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:45:15.0425 2908 BrFiltUp - ok
21:45:15.0484 2908 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:45:15.0492 2908 Brserid - ok
21:45:15.0517 2908 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:45:15.0522 2908 BrSerWdm - ok
21:45:15.0549 2908 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:45:15.0553 2908 BrUsbMdm - ok
21:45:15.0582 2908 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:45:15.0586 2908 BrUsbSer - ok
21:45:15.0614 2908 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:45:15.0619 2908 BTHMODEM - ok
21:45:15.0835 2908 catchme - ok
21:45:15.0956 2908 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:45:15.0961 2908 cdfs - ok
21:45:16.0049 2908 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:45:16.0055 2908 cdrom - ok
21:45:16.0107 2908 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:45:16.0112 2908 circlass - ok
21:45:16.0170 2908 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:45:16.0178 2908 CLFS - ok
21:45:16.0243 2908 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:45:16.0247 2908 CmBatt - ok
21:45:16.0302 2908 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:45:16.0308 2908 cmdide - ok
21:45:16.0373 2908 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
21:45:16.0393 2908 CNG - ok
21:45:16.0438 2908 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:45:16.0441 2908 Compbatt - ok
21:45:16.0498 2908 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:45:16.0503 2908 CompositeBus - ok
21:45:16.0554 2908 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:45:16.0558 2908 crcdisk - ok
21:45:16.0664 2908 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:45:16.0668 2908 DfsC - ok
21:45:16.0717 2908 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:45:16.0721 2908 discache - ok
21:45:16.0771 2908 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:45:16.0775 2908 Disk - ok
21:45:16.0842 2908 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:45:16.0845 2908 drmkaud - ok
21:45:16.0954 2908 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:45:16.0991 2908 DXGKrnl - ok
21:45:17.0135 2908 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:45:17.0255 2908 ebdrv - ok
21:45:17.0344 2908 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:45:17.0363 2908 elxstor - ok
21:45:17.0440 2908 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:45:17.0444 2908 ErrDev - ok
21:45:17.0529 2908 ETD (f8f330e056e3f9237ed885024d44bc52) C:\Windows\system32\DRIVERS\ETD.sys
21:45:17.0536 2908 ETD - ok
21:45:17.0602 2908 EUCR (4fab8dfaf156e048ad514eabd268ab3a) C:\Windows\system32\DRIVERS\EUCR6SK.SYS
21:45:17.0606 2908 EUCR - ok
21:45:17.0678 2908 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:45:17.0683 2908 exfat - ok
21:45:17.0736 2908 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:45:17.0741 2908 fastfat - ok
21:45:17.0779 2908 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:45:17.0783 2908 fdc - ok
21:45:17.0845 2908 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:45:17.0849 2908 FileInfo - ok
21:45:17.0887 2908 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:45:17.0891 2908 Filetrace - ok
21:45:17.0928 2908 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:45:17.0931 2908 flpydisk - ok
21:45:17.0973 2908 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:45:17.0979 2908 FltMgr - ok
21:45:18.0027 2908 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:45:18.0032 2908 FsDepends - ok
21:45:18.0071 2908 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:45:18.0075 2908 Fs_Rec - ok
21:45:18.0156 2908 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:45:18.0162 2908 fvevol - ok
21:45:18.0225 2908 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:45:18.0228 2908 gagp30kx - ok
21:45:18.0352 2908 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:45:18.0355 2908 hcw85cir - ok
21:45:18.0421 2908 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:45:18.0429 2908 HdAudAddService - ok
21:45:18.0489 2908 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:45:18.0495 2908 HDAudBus - ok
21:45:18.0543 2908 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:45:18.0546 2908 HidBatt - ok
21:45:18.0573 2908 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:45:18.0578 2908 HidBth - ok
21:45:18.0606 2908 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:45:18.0610 2908 HidIr - ok
21:45:18.0668 2908 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
21:45:18.0672 2908 HidUsb - ok
21:45:18.0731 2908 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:45:18.0736 2908 HpSAMD - ok
21:45:18.0812 2908 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:45:18.0832 2908 HTTP - ok
21:45:18.0877 2908 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:45:18.0880 2908 hwpolicy - ok
21:45:18.0976 2908 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:45:18.0980 2908 i8042prt - ok
21:45:19.0058 2908 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
21:45:19.0064 2908 iaStor - ok
21:45:19.0132 2908 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:45:19.0153 2908 iaStorV - ok
21:45:19.0371 2908 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:45:19.0519 2908 igfx - ok
21:45:19.0587 2908 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:45:19.0590 2908 iirsp - ok
21:45:19.0766 2908 IntcAzAudAddService (cfa2d161b146425a3356da92ae59a6f6) C:\Windows\system32\drivers\RTKVHDA.sys
21:45:19.0876 2908 IntcAzAudAddService - ok
21:45:19.0941 2908 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:45:19.0946 2908 intelide - ok
21:45:19.0991 2908 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:45:19.0995 2908 intelppm - ok
21:45:20.0040 2908 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:45:20.0043 2908 IpFilterDriver - ok
21:45:20.0121 2908 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:45:20.0128 2908 IPMIDRV - ok
21:45:20.0170 2908 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:45:20.0175 2908 IPNAT - ok
21:45:20.0216 2908 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:45:20.0220 2908 IRENUM - ok
21:45:20.0278 2908 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:45:20.0282 2908 isapnp - ok
21:45:20.0348 2908 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:45:20.0355 2908 iScsiPrt - ok
21:45:20.0421 2908 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:45:20.0426 2908 kbdclass - ok
21:45:20.0496 2908 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:45:20.0500 2908 kbdhid - ok
21:45:20.0560 2908 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
21:45:20.0564 2908 KSecDD - ok
21:45:20.0627 2908 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
21:45:20.0635 2908 KSecPkg - ok
21:45:20.0701 2908 L1C (1a91eaad2d73758140b3b7b6ad736573) C:\Windows\system32\DRIVERS\L1C62x86.sys
21:45:20.0705 2908 L1C - ok
21:45:20.0800 2908 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:45:20.0807 2908 lltdio - ok
21:45:20.0892 2908 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:45:20.0896 2908 LSI_FC - ok
21:45:20.0924 2908 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:45:20.0930 2908 LSI_SAS - ok
21:45:20.0959 2908 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:45:20.0964 2908 LSI_SAS2 - ok
21:45:20.0994 2908 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:45:21.0000 2908 LSI_SCSI - ok
21:45:21.0046 2908 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:45:21.0051 2908 luafv - ok
21:45:21.0091 2908 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:45:21.0095 2908 megasas - ok
21:45:21.0132 2908 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:45:21.0140 2908 MegaSR - ok
21:45:21.0192 2908 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:45:21.0196 2908 Modem - ok
21:45:21.0237 2908 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:45:21.0241 2908 monitor - ok
21:45:21.0307 2908 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:45:21.0310 2908 mouclass - ok
21:45:21.0347 2908 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:45:21.0351 2908 mouhid - ok
21:45:21.0421 2908 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:45:21.0425 2908 mountmgr - ok
21:45:21.0509 2908 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
21:45:21.0514 2908 MpFilter - ok
21:45:21.0577 2908 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:45:21.0582 2908 mpio - ok
21:45:21.0682 2908 MpKsl15983103 - ok
21:45:21.0745 2908 MpKsl30c9092b - ok
21:45:21.0787 2908 MpKsl32350de7 - ok
21:45:21.0814 2908 MpKsl52f3b161 - ok
21:45:21.0915 2908 MpKsl76c19410 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CEEF1453-A5B9-4766-AD24-9D04600E3ED6}\MpKsl76c19410.sys
21:45:21.0917 2908 MpKsl76c19410 - ok
21:45:21.0986 2908 MpKsl9cc8048a - ok
21:45:22.0019 2908 MpKslc3ba71b6 - ok
21:45:22.0097 2908 MpKslfd303e30 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CEEF1453-A5B9-4766-AD24-9D04600E3ED6}\MpKslfd303e30.sys
21:45:22.0102 2908 MpKslfd303e30 - ok
21:45:22.0235 2908 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:45:22.0239 2908 MpNWMon - ok
21:45:22.0334 2908 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:45:22.0340 2908 mpsdrv - ok
21:45:22.0413 2908 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:45:22.0418 2908 MRxDAV - ok
21:45:22.0487 2908 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:45:22.0495 2908 mrxsmb - ok
21:45:22.0545 2908 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:45:22.0553 2908 mrxsmb10 - ok
21:45:22.0600 2908 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:45:22.0604 2908 mrxsmb20 - ok
21:45:22.0656 2908 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:45:22.0659 2908 msahci - ok
21:45:22.0714 2908 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:45:22.0719 2908 msdsm - ok
21:45:22.0807 2908 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:45:22.0811 2908 Msfs - ok
21:45:22.0841 2908 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:45:22.0845 2908 mshidkmdf - ok
21:45:22.0907 2908 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:45:22.0910 2908 msisadrv - ok
21:45:22.0976 2908 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:45:22.0980 2908 MSKSSRV - ok
21:45:23.0052 2908 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:45:23.0055 2908 MSPCLOCK - ok
21:45:23.0082 2908 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:45:23.0086 2908 MSPQM - ok
21:45:23.0125 2908 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:45:23.0133 2908 MsRPC - ok
21:45:23.0195 2908 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:45:23.0198 2908 mssmbios - ok
21:45:23.0226 2908 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:45:23.0230 2908 MSTEE - ok
21:45:23.0259 2908 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:45:23.0263 2908 MTConfig - ok
21:45:23.0304 2908 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:45:23.0308 2908 Mup - ok
21:45:23.0374 2908 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:45:23.0383 2908 NativeWifiP - ok
21:45:23.0461 2908 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:45:23.0493 2908 NDIS - ok
21:45:23.0538 2908 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:45:23.0542 2908 NdisCap - ok
21:45:23.0587 2908 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:45:23.0590 2908 NdisTapi - ok
21:45:23.0654 2908 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:45:23.0658 2908 Ndisuio - ok
21:45:23.0717 2908 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:45:23.0724 2908 NdisWan - ok
21:45:23.0785 2908 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:45:23.0790 2908 NDProxy - ok
21:45:23.0847 2908 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:45:23.0851 2908 NetBIOS - ok
21:45:23.0918 2908 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:45:23.0925 2908 NetBT - ok
21:45:24.0027 2908 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:45:24.0031 2908 nfrd960 - ok
21:45:24.0111 2908 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:45:24.0116 2908 NisDrv - ok
21:45:24.0184 2908 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:45:24.0189 2908 Npfs - ok
21:45:24.0232 2908 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:45:24.0235 2908 nsiproxy - ok
21:45:24.0332 2908 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:45:24.0378 2908 Ntfs - ok
21:45:24.0424 2908 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:45:24.0427 2908 Null - ok
21:45:24.0500 2908 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:45:24.0507 2908 nvraid - ok
21:45:24.0572 2908 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:45:24.0578 2908 nvstor - ok
21:45:24.0646 2908 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:45:24.0651 2908 nv_agp - ok
21:45:24.0721 2908 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:45:24.0726 2908 ohci1394 - ok
21:45:24.0817 2908 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:45:24.0822 2908 Parport - ok
21:45:24.0881 2908 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:45:24.0889 2908 partmgr - ok
21:45:24.0931 2908 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:45:24.0935 2908 Parvdm - ok
21:45:24.0994 2908 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:45:25.0000 2908 pci - ok
21:45:25.0054 2908 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:45:25.0057 2908 pciide - ok
21:45:25.0101 2908 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:45:25.0107 2908 pcmcia - ok
21:45:25.0142 2908 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:45:25.0147 2908 pcw - ok
21:45:25.0202 2908 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:45:25.0225 2908 PEAUTH - ok
21:45:25.0407 2908 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:45:25.0412 2908 PptpMiniport - ok
21:45:25.0449 2908 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:45:25.0453 2908 Processor - ok
21:45:25.0525 2908 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:45:25.0529 2908 Psched - ok
21:45:25.0601 2908 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:45:25.0648 2908 ql2300 - ok
21:45:25.0679 2908 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:45:25.0685 2908 ql40xx - ok
21:45:25.0735 2908 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:45:25.0738 2908 QWAVEdrv - ok
21:45:25.0766 2908 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:45:25.0770 2908 RasAcd - ok
21:45:25.0825 2908 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:45:25.0829 2908 RasAgileVpn - ok
21:45:25.0878 2908 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:45:25.0883 2908 Rasl2tp - ok
21:45:25.0942 2908 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:45:25.0946 2908 RasPppoe - ok
21:45:25.0981 2908 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:45:25.0986 2908 RasSstp - ok
21:45:26.0048 2908 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:45:26.0055 2908 rdbss - ok
21:45:26.0097 2908 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:45:26.0100 2908 rdpbus - ok
21:45:26.0157 2908 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:45:26.0161 2908 RDPCDD - ok
21:45:26.0222 2908 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:45:26.0226 2908 RDPENCDD - ok
21:45:26.0267 2908 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:45:26.0271 2908 RDPREFMP - ok
21:45:26.0333 2908 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
21:45:26.0339 2908 RDPWD - ok
21:45:26.0422 2908 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:45:26.0429 2908 rdyboost - ok
21:45:26.0521 2908 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:45:26.0527 2908 rspndr - ok
21:45:26.0602 2908 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:45:26.0607 2908 sbp2port - ok
21:45:26.0666 2908 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:45:26.0669 2908 scfilter - ok
21:45:26.0738 2908 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:45:26.0741 2908 secdrv - ok
21:45:26.0804 2908 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:45:26.0807 2908 Serenum - ok
21:45:26.0840 2908 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:45:26.0846 2908 Serial - ok
21:45:26.0908 2908 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:45:26.0913 2908 sermouse - ok
21:45:26.0994 2908 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:45:26.0998 2908 sffdisk - ok
21:45:27.0040 2908 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:45:27.0043 2908 sffp_mmc - ok
21:45:27.0086 2908 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:45:27.0089 2908 sffp_sd - ok
21:45:27.0115 2908 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:45:27.0119 2908 sfloppy - ok
21:45:27.0214 2908 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:45:27.0218 2908 sisagp - ok
21:45:27.0268 2908 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:45:27.0273 2908 SiSRaid2 - ok
21:45:27.0300 2908 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:45:27.0306 2908 SiSRaid4 - ok
21:45:27.0349 2908 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:45:27.0354 2908 Smb - ok
21:45:27.0437 2908 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:45:27.0440 2908 spldr - ok
21:45:27.0553 2908 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:45:27.0562 2908 srv - ok
21:45:27.0608 2908 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:45:27.0616 2908 srv2 - ok
21:45:27.0661 2908 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:45:27.0667 2908 srvnet - ok
21:45:27.0741 2908 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:45:27.0744 2908 stexstor - ok
21:45:27.0828 2908 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:45:27.0831 2908 swenum - ok
21:45:27.0995 2908 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
21:45:28.0042 2908 Tcpip - ok
21:45:28.0122 2908 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
21:45:28.0137 2908 TCPIP6 - ok
21:45:28.0201 2908 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:45:28.0205 2908 tcpipreg - ok
21:45:28.0266 2908 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:45:28.0269 2908 TDPIPE - ok
21:45:28.0304 2908 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
21:45:28.0308 2908 TDTCP - ok
21:45:28.0365 2908 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:45:28.0370 2908 tdx - ok
21:45:28.0427 2908 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:45:28.0431 2908 TermDD - ok
21:45:28.0562 2908 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:45:28.0566 2908 tssecsrv - ok
21:45:28.0642 2908 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:45:28.0648 2908 TsUsbFlt - ok
21:45:28.0722 2908 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:45:28.0728 2908 tunnel - ok
21:45:28.0785 2908 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:45:28.0789 2908 uagp35 - ok
21:45:28.0849 2908 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:45:28.0857 2908 udfs - ok
21:45:28.0962 2908 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:45:28.0966 2908 uliagpkx - ok
21:45:29.0042 2908 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:45:29.0048 2908 umbus - ok
21:45:29.0106 2908 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:45:29.0111 2908 UmPass - ok
21:45:29.0172 2908 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:45:29.0178 2908 usbccgp - ok
21:45:29.0240 2908 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:45:29.0247 2908 usbcir - ok
21:45:29.0314 2908 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
21:45:29.0319 2908 usbehci - ok
21:45:29.0374 2908 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:45:29.0382 2908 usbhub - ok
21:45:29.0428 2908 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:45:29.0433 2908 usbohci - ok
21:45:29.0468 2908 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:45:29.0472 2908 usbprint - ok
21:45:29.0516 2908 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
21:45:29.0521 2908 USBSTOR - ok
21:45:29.0570 2908 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
21:45:29.0575 2908 usbuhci - ok
21:45:29.0639 2908 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
21:45:29.0646 2908 usbvideo - ok
21:45:29.0744 2908 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:45:29.0751 2908 vdrvroot - ok
21:45:29.0814 2908 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:45:29.0819 2908 vga - ok
21:45:29.0854 2908 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:45:29.0857 2908 VgaSave - ok
21:45:29.0902 2908 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:45:29.0909 2908 vhdmp - ok
21:45:29.0970 2908 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:45:29.0974 2908 viaagp - ok
21:45:30.0021 2908 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:45:30.0025 2908 ViaC7 - ok
21:45:30.0060 2908 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:45:30.0064 2908 viaide - ok
21:45:30.0110 2908 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:45:30.0115 2908 volmgr - ok
21:45:30.0171 2908 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:45:30.0180 2908 volmgrx - ok
21:45:30.0270 2908 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:45:30.0280 2908 volsnap - ok
21:45:30.0350 2908 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:45:30.0357 2908 vsmraid - ok
21:45:30.0402 2908 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:45:30.0406 2908 vwifibus - ok
21:45:30.0460 2908 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:45:30.0464 2908 vwififlt - ok
21:45:30.0520 2908 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:45:30.0525 2908 WacomPen - ok
21:45:30.0593 2908 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:45:30.0599 2908 WANARP - ok
21:45:30.0613 2908 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:45:30.0617 2908 Wanarpv6 - ok
21:45:30.0697 2908 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:45:30.0702 2908 Wd - ok
21:45:30.0748 2908 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:45:30.0768 2908 Wdf01000 - ok
21:45:30.0876 2908 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:45:30.0881 2908 WfpLwf - ok
21:45:30.0916 2908 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:45:30.0919 2908 WIMMount - ok
21:45:31.0088 2908 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:45:31.0092 2908 WmiAcpi - ok
21:45:31.0199 2908 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:45:31.0205 2908 ws2ifsl - ok
21:45:31.0303 2908 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:45:31.0310 2908 WudfPf - ok
21:45:31.0373 2908 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:45:31.0379 2908 WUDFRd - ok
21:45:31.0475 2908 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:45:31.0496 2908 \Device\Harddisk0\DR0 - ok
21:45:31.0506 2908 Boot (0x1200) (c2674744f5b9fbe4a6e9bda9cec46284) \Device\Harddisk0\DR0\Partition0
21:45:31.0511 2908 \Device\Harddisk0\DR0\Partition0 - ok
21:45:31.0529 2908 Boot (0x1200) (83fc66e16a4cc6e0d3a36bc15464db1a) \Device\Harddisk0\DR0\Partition1
21:45:31.0533 2908 \Device\Harddisk0\DR0\Partition1 - ok
21:45:31.0534 2908 ============================================================
21:45:31.0534 2908 Scan finished
21:45:31.0534 2908 ============================================================
21:45:31.0563 2260 Detected object count: 0
21:45:31.0563 2260 Actual detected object count: 0
21:45:39.0426 2600 Deinitialize success

aswMBR Logs - Fix Button WAS NOT enabled.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-05 21:46:27
-----------------------------
21:46:27.305 OS Version: Windows 6.1.7601 Service Pack 1
21:46:27.305 Number of processors: 2 586 0x1C0A
21:46:27.308 ComputerName: CATHRYN-PC UserName: Cathryn
21:46:29.660 Initialize success
21:47:03.910 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:47:03.921 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
21:47:03.955 Disk 0 MBR read successfully
21:47:03.964 Disk 0 MBR scan
21:47:03.975 Disk 0 Windows 7 default MBR code
21:47:03.991 Disk 0 scanning sectors +312578048
21:47:04.086 Disk 0 scanning C:\Windows\system32\drivers
21:47:12.715 Service scanning
21:47:13.464 Service MpKsl76c19410 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CEEF1453-A5B9-4766-AD24-9D04600E3ED6}\MpKsl76c19410.sys **LOCKED** 32
21:47:13.480 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:47:14.275 Modules scanning
21:47:28.783 Disk 0 trace - called modules:
21:47:28.815 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
21:47:28.830 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b12270]
21:47:28.846 3 CLASSPNP.SYS[8698c59e] -> nt!IofCallDriver -> [0x84035b68]
21:47:28.861 5 ACPI.sys[862ac3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84060028]
21:47:28.877 Scan finished successfully
21:47:50.811 Disk 0 MBR has been saved successfully to "C:\Users\Cathryn\Desktop\MBR.dat"
21:47:50.826 The log file has been saved successfully to "C:\Users\Cathryn\Desktop\aswMBR.txt"

and lastly the OTL Logs:


OTL logfile created on: 11/5/2011 9:48:47 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Cathryn\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.09 Mb Total Physical Memory | 240.20 Mb Available Physical Memory | 23.71% Memory free
1.99 Gb Paging File | 1.19 Gb Available in Paging File | 59.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.95 Gb Total Space | 90.61 Gb Free Space | 66.65% Space Free | Partition Type: NTFS

Computer Name: CATHRYN-PC | User Name: Cathryn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/03 21:11:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Cathryn\Downloads\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/08/10 05:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2010/08/10 05:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/08/10 05:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2010/06/11 18:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
PRC - [2010/06/11 18:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
PRC - [2010/06/11 18:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
PRC - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/26 04:10:46 | 000,420,920 | ---- | M] () -- C:\Users\Cathryn\AppData\Local\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll
MOD - [2011/10/26 04:10:45 | 003,702,840 | ---- | M] () -- C:\Users\Cathryn\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
MOD - [2011/10/26 04:09:09 | 000,122,952 | ---- | M] () -- C:\Users\Cathryn\AppData\Local\Google\Chrome\Application\15.0.874.106\avutil-51.dll
MOD - [2011/10/26 04:09:07 | 000,222,280 | ---- | M] () -- C:\Users\Cathryn\AppData\Local\Google\Chrome\Application\15.0.874.106\avformat-53.dll
MOD - [2011/10/26 04:09:06 | 001,745,992 | ---- | M] () -- C:\Users\Cathryn\AppData\Local\Google\Chrome\Application\15.0.874.106\avcodec-53.dll
MOD - [2009/05/20 02:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/10 05:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/11 18:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/05 20:37:21 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CEEF1453-A5B9-4766-AD24-9D04600E3ED6}\MpKsl76c19410.sys -- (MpKsl76c19410)
DRV - [2011/11/05 19:40:08 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CEEF1453-A5B9-4766-AD24-9D04600E3ED6}\MpKslfd303e30.sys -- (MpKslfd303e30)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/08/24 05:55:52 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/07/15 17:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/06/17 02:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cathryn\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cathryn\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 17:50:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/31 17:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cathryn\AppData\Roaming\Mozilla\Extensions
[2011/10/31 17:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cathryn\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Cathryn\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Cathryn\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Cathryn\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/05 21:31:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Cathryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Cathryn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.17.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55E6DBFC-5DFE-406F-ADB9-F07881E83CA8}: DhcpNameServer = 192.168.1.1 192.168.17.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/05 21:46:05 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Cathryn\Desktop\aswMBR.exe
[2011/11/05 21:43:56 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cathryn\Desktop\tdsskiller.exe
[2011/11/05 21:38:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/05 21:12:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/05 21:12:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/05 21:12:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/05 21:12:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/05 21:12:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 21:08:44 | 004,284,686 | R--- | C] (Swearware) -- C:\Users\Cathryn\Desktop\ComboFix.exe
[2011/11/05 20:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/05 20:48:15 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/05 20:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/05 20:33:33 | 000,000,000 | ---D | C] -- C:\found.000
[2011/11/05 20:24:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/04 20:04:30 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/03 19:39:50 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/01 15:58:51 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{7090A12A-3CD1-4F27-B08A-2D6909D5B4D5}
[2011/11/01 15:58:35 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{52FEEF13-FF4C-4333-8389-AC7EA5203604}
[2011/11/01 13:08:52 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{405FEB9B-9488-47C4-A0A0-63A5BDDBD782}
[2011/11/01 13:08:33 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{A97208E3-B9FD-4CD2-8245-012318925F83}
[2011/11/01 13:08:01 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{EDC9034A-25C8-458A-8024-1DD344B461A4}
[2011/10/31 21:51:19 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{C99A7849-3529-4CF1-A21E-F39EF6D26788}
[2011/10/31 21:51:06 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{7EBE0D5E-0DD7-4C8A-83DC-C5684F4D7806}
[2011/10/31 21:29:20 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{714E5037-5E6D-420B-B540-FFB495799848}
[2011/10/31 21:29:05 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{291EF3D4-7452-4A3A-BDDF-0589EEACE03A}
[2011/10/31 21:28:13 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{9485EB69-B144-4F0D-974B-F02F47582A0D}
[2011/10/31 21:28:01 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{E7316E49-2405-4ECF-9C34-2C273A13B84E}
[2011/10/31 18:02:53 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{ED143E4A-A7D3-4760-A7AB-3752F88C6841}
[2011/10/31 18:01:14 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{B64786B5-56E7-4A11-AF6F-A7A8EBBCB079}
[2011/10/31 17:51:24 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\Mozilla
[2011/10/31 17:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/10/31 16:50:24 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/10/31 16:50:23 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/10/31 16:50:23 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/10/31 16:50:23 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/10/31 16:50:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/10/31 16:50:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/31 16:50:23 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/31 16:50:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/31 16:50:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/31 16:50:22 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/31 16:50:22 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/10/31 16:50:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/10/31 16:50:21 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/10/31 16:50:21 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/31 16:50:21 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/10/31 16:50:21 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/31 16:50:21 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/10/31 16:50:21 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/31 16:50:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/31 16:50:21 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/10/31 16:50:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/31 16:50:21 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/31 16:50:21 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/31 16:50:21 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/31 16:50:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/31 16:50:20 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/31 16:50:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/10/31 16:50:20 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/10/31 16:50:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/31 16:50:20 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/10/31 16:50:19 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/31 16:50:19 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/10/31 16:50:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/10/31 16:50:19 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/31 16:50:19 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/10/31 16:50:19 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/10/31 16:50:19 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/10/31 16:38:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/10/31 16:27:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/10/31 16:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/31 16:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/10/31 15:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/31 15:56:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/31 15:56:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/31 15:56:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/31 15:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/22 17:27:16 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{09F6E46A-A46F-4E4E-9975-D92744C2DC40}
[2011/10/22 17:25:46 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{7B421964-BB92-4BBD-BCDC-C0A784D8D9C9}
[2011/10/17 20:52:41 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{5E77FAD7-5480-4C2F-A6BF-95B47FE431E7}
[2011/10/17 20:52:25 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{B86282A2-7C10-4189-8629-027E87C62DB9}
[2011/10/17 20:52:10 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{4F0F19C4-BFD6-465C-8085-4964346F41F5}
[2011/10/17 20:03:50 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{A82FBF50-EDC8-4299-9F23-EC562B56594F}
[2011/10/17 20:03:24 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{8A50A1AF-55BA-4DDB-8C19-886BC751246E}
[2011/10/17 20:03:09 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{8CE8D1A2-5C99-4890-A368-7B1CBF24B50B}
[2011/10/17 19:44:42 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{0F2B877F-FC2E-4C05-B292-DD1E72325AC3}
[2011/10/17 19:38:45 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{BFB8F3A2-3A8F-4138-8F6A-FDE351E454BE}
[2011/10/15 20:40:16 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{02330378-3D09-4E42-AB44-1643B586457A}
[2011/10/15 14:24:11 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{0094E9EE-DD8A-4621-BC8B-A35070886B64}
[2011/10/15 14:22:55 | 000,000,000 | ---D | C] -- C:\Users\Cathryn\AppData\Local\{8CBB08C0-FB2A-4E4A-B7D0-C5E2922B9A64}
[2011/10/13 10:37:25 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/13 10:37:25 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/13 10:37:24 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/10/13 10:37:24 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/13 10:37:24 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/13 10:37:11 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2011/11/05 21:47:50 | 000,000,512 | ---- | M] () -- C:\Users\Cathryn\Desktop\MBR.dat
[2011/11/05 21:46:08 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Cathryn\Desktop\aswMBR.exe
[2011/11/05 21:43:58 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cathryn\Desktop\tdsskiller.exe
[2011/11/05 21:43:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3516002798-1846099953-3120230136-1000UA.job
[2011/11/05 21:31:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/05 21:08:51 | 004,284,686 | R--- | M] (Swearware) -- C:\Users\Cathryn\Desktop\ComboFix.exe
[2011/11/05 20:48:23 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/05 20:44:57 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/05 20:44:57 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/05 20:37:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/05 20:36:57 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/05 20:36:13 | 000,003,480 | ---- | M] () -- C:\bootsqm.dat
[2011/11/05 19:43:07 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3516002798-1846099953-3120230136-1000Core.job
[2011/11/04 20:24:37 | 000,002,187 | ---- | M] () -- C:\Users\Cathryn\Desktop\404.JPG - Shortcut.lnk
[2011/11/04 20:04:30 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/03 19:39:55 | 000,002,336 | ---- | M] () -- C:\Users\Cathryn\Desktop\Google Chrome.lnk
[2011/11/02 15:24:10 | 000,403,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/01 13:11:21 | 000,626,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/01 13:11:21 | 000,107,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/31 21:10:12 | 000,001,114 | ---- | M] () -- C:\Users\Cathryn\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/10/31 17:50:54 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/31 17:35:46 | 000,001,418 | ---- | M] () -- C:\Users\Cathryn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/31 17:03:36 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011/10/31 16:50:24 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/10/31 16:50:23 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/10/31 16:50:23 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/10/31 16:50:23 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/10/31 16:50:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/10/31 16:50:23 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/31 16:50:23 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/31 16:50:23 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/31 16:50:22 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/31 16:50:22 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/31 16:50:22 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/10/31 16:50:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/10/31 16:50:21 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/10/31 16:50:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/31 16:50:21 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/10/31 16:50:21 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/31 16:50:21 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/10/31 16:50:21 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/31 16:50:21 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/31 16:50:21 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/10/31 16:50:21 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/10/31 16:50:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/31 16:50:21 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/31 16:50:21 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/10/31 16:50:21 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/31 16:50:21 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/31 16:50:20 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/31 16:50:20 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/31 16:50:20 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/10/31 16:50:20 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/10/31 16:50:20 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/31 16:50:20 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/10/31 16:50:19 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/31 16:50:19 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/10/31 16:50:19 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/10/31 16:50:19 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/31 16:50:19 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/10/31 16:50:19 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/10/31 16:27:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/31 16:10:07 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/31 15:56:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/10/31 15:56:01 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/31 15:56:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/31 15:56:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/30 20:24:00 | 005,665,095 | ---- | M] () -- C:\Users\Cathryn\Desktop\VIDEO0093.3gp
[2011/10/19 15:57:38 | 000,027,438 | ---- | M] () -- C:\Users\Cathryn\Desktop\tff32269977.jpg

========== Files Created - No Company Name ==========

[2011/11/05 21:47:50 | 000,000,512 | ---- | C] () -- C:\Users\Cathryn\Desktop\MBR.dat
[2011/11/05 21:12:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/05 21:12:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/05 21:12:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/05 21:12:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/05 21:12:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/05 20:48:23 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/05 20:36:13 | 000,003,480 | ---- | C] () -- C:\bootsqm.dat
[2011/11/04 20:24:37 | 000,002,187 | ---- | C] () -- C:\Users\Cathryn\Desktop\404.JPG - Shortcut.lnk
[2011/11/03 19:39:55 | 000,002,336 | ---- | C] () -- C:\Users\Cathryn\Desktop\Google Chrome.lnk
[2011/11/03 19:38:34 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3516002798-1846099953-3120230136-1000UA.job
[2011/11/03 19:38:33 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3516002798-1846099953-3120230136-1000Core.job
[2011/10/31 17:50:54 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/31 17:50:53 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/31 17:35:46 | 000,001,424 | ---- | C] () -- C:\Users\Cathryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/31 16:50:21 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/10/31 16:27:27 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/31 16:27:11 | 000,001,904 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/31 16:10:07 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/31 16:10:07 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/30 20:24:00 | 005,665,095 | ---- | C] () -- C:\Users\Cathryn\Desktop\VIDEO0093.3gp
[2011/10/19 15:59:09 | 000,027,438 | ---- | C] () -- C:\Users\Cathryn\Desktop\tff32269977.jpg
[2011/03/24 21:52:50 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/28 08:56:24 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2010/12/28 08:56:24 | 000,039,672 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2010/12/28 08:56:24 | 000,016,406 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE4.DAT
[2010/12/28 08:56:24 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010/12/28 08:56:24 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2010/12/28 08:56:24 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010/12/28 08:56:24 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010/12/28 08:56:24 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010/12/28 08:56:24 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2010/12/28 08:56:24 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010/12/28 08:49:14 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
[2010/12/28 08:13:33 | 000,361,808 | ---- | C] () -- C:\Windows\EMCRI_E.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,403,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,626,278 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,107,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >


OTL Extras logfile created on: 11/5/2011 9:48:47 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Cathryn\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.09 Mb Total Physical Memory | 240.20 Mb Available Physical Memory | 23.71% Memory free
1.99 Gb Paging File | 1.19 Gb Available in Paging File | 59.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.95 Gb Total Space | 90.61 Gb Free Space | 66.65% Space Free | Partition Type: NTFS

Computer Name: CATHRYN-PC | User Name: Cathryn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Cathryn\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83299633-1261-47A3-84F3-6F02B4B8CDB1}" = Video Web Camera
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BearShare" = BearShare
"Elantech" = ETDWare PS/2-X86 8.0.6.0_WHQL
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"HDMI" = Intel® Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Picasa 3" = Picasa 3
"Quicken WillMaker Plus 2011" = Quicken WillMaker Plus 2011
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2011 8:35:14 PM | Computer Name = Cathryn-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/23/2011 7:58:56 PM | Computer Name = Cathryn-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/24/2011 11:09:10 AM | Computer Name = Cathryn-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/25/2011 9:42:44 AM | Computer Name = Cathryn-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/26/2011 12:53:17 PM | Computer Name = Cathryn-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/26/2011 8:18:36 PM | Computer Name = Cathryn-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/27/2011 1:36:54 PM | Computer Name = Cathryn-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/27/2011 4:13:20 PM | Computer Name = Cathryn-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/28/2011 10:37:31 AM | Computer Name = Cathryn-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/29/2011 10:56:42 AM | Computer Name = Cathryn-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ OSession Events ]
Error - 7/19/2011 12:39:42 PM | Computer Name = Cathryn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/25/2011 9:59:08 AM | Computer Name = Cathryn-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 9/25/2011 5:39:17 PM | Computer Name = Cathryn-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 9/26/2011 10:17:13 AM | Computer Name = Cathryn-PC | Source = DCOM | ID = 10016
Description =

Error - 9/26/2011 10:17:15 AM | Computer Name = Cathryn-PC | Source = DCOM | ID = 10016
Description =

Error - 9/26/2011 10:17:15 AM | Computer Name = Cathryn-PC | Source = DCOM | ID = 10016
Description =

Error - 9/26/2011 11:11:56 AM | Computer Name = Cathryn-PC | Source = DCOM | ID = 10016
Description =

Error - 9/26/2011 11:11:57 AM | Computer Name = Cathryn-PC | Source = DCOM | ID = 10016
Description =

Error - 9/26/2011 11:11:57 AM | Computer Name = Cathryn-PC | Source = DCOM | ID = 10016
Description =

Error - 9/26/2011 5:58:48 PM | Computer Name = Cathryn-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 9/27/2011 8:58:37 AM | Computer Name = Cathryn-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:35:17 AM on ?9/?27/?2011 was unexpected.


< End of report >

[RKinner]

I don't like the looks of your MSSE. It should be deleting its old updates but instead they are stacking up. Let's switch over to Avast to make sure you are clean.

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download

Uninstall Microsoft Security Essentials

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?


See if you can find aswboot.txt in C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt and copy and paste it.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

IF IE is still freezing then:

Get Process Explorer
http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.



Ron

[cassieann81]

I'm glad to see that you are making sense of all this - I don't get it.

The avast boot scan seems to have found 25 things:


11/06/2011 20:02
Scan of all local drives

File C:\Qoobox\Quarantine\C\Program Files\SelectRebates\SelectRebatesApi.exe.vir is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Cathryn\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0B357EEA-EBDE-11E0-AA73-1C7508B9CDC9}.dat|>_5_KjjaqfajN2c0uzgv1l4qy5nfWe Error 42144 {OLE archive is corrupted.}
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#MWSBAR.DLL] is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#MWSOEMON.EXE] is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#MWSOEPLG.DLL] is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#MWSOESTB.DLL] is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3OUTLCN.DLL] is infected by Win32:Mywebsearch-AA [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3SKIN.DLL] is infected by Win32:Mywebsearch-S [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3PLUGIN.DLL] is infected by Win32:Mywebsearch-X [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#NPMYWEBS.DLL] is infected by Win32:Mywebsearch-Q [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3POPSWT.DLL] is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3HTMLMU.DLL] is infected by Win32:FunWeb-B [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3REPROX.DLL] is infected by Win32:FunWeb-B [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3SCRCTR.DLL] is infected by Win32:FunWeb-B [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3SCHMON.EXE] is infected by Win32:FunWeb-B [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3SLSRCH.EXE] is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3SRCHMN.EXE] is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#MWSSRCAS.DLL] is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#F3HKSTUB.DLL] is infected by Win32:Mywebsearch-Q [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3AUXSTB.DLL] is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3DLGHK.DLL] is infected by Win32:Mywebsearch-T [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#MWSMLBTN.DLL] is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#MWSUABTN.DLL] is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe|>[Embedded_R#M3TPINST.DLL] is infected by Win32:Mywebsearch-Z [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe|>mwsSetup.CommonCodebase.exe is infected by Win32:Mywebsearch-R [PUP], Moved to chest
File C:\Users\Cathryn\AppData\LocalLow\FunWebProducts\Installr\Cache\3D2993A8.exe is infected by Win32:Mywebsearch-X [PUP], Moved to chest
Number of searched folders: 22348
Number of tested files: 387846
Number of infected files: 25

After I cleared the logs I did not get the disk check thing on reboot however when I rebooted 1 or 2 days ago I did get it and let it run - so maybe that's why I didn't get it.

When I verified the driver signatures they were all good and did not come back with any unsigned.

VINO Logs:


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 07/11/2011 9:27:31 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 07/11/2011 9:28:22 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/11/2011 2:15:02 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3516002798-1846099953-3120230136-1000:
Process 1644 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3516002798-1846099953-3120230136-1000
Process 1644 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3516002798-1846099953-3120230136-1000
Process 1644 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3516002798-1846099953-3120230136-1000
Process 1644 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3516002798-1846099953-3120230136-1000
Process 1644 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3516002798-1846099953-3120230136-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1644 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3516002798-1846099953-3120230136-1000\Software\Policies\Microsoft\SystemCertificates
Process 1644 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3516002798-1846099953-3120230136-1000\Software\Policies\Microsoft\SystemCertificates
Process 1644 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3516002798-1846099953-3120230136-1000\Software\Policies\Microsoft\SystemCertificates
Process 1644 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3516002798-1846099953-3120230136-1000\Software\Policies\Microsoft\SystemCertificates
Process 1644 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3516002798-1846099953-3120230136-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1644 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3516002798-1846099953-3120230136-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1644 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3516002798-1846099953-3120230136-1000\Software\Microsoft\SystemCertificates\My
Process 1644 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3516002798-1846099953-3120230136-1000\Software\Microsoft\SystemCertificates\CA
Process 1644 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3516002798-1846099953-3120230136-1000\Software\Microsoft\SystemCertificates\trust
Process 1644 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3516002798-1846099953-3120230136-1000\Software\Microsoft\SystemCertificates\Root

I did not check IE yet as I wanted to get these logs posted before I lost them or mixed them up. I will check right now and repost.

[cassieann81]

I just opened up IE and it seemed to work perfectly fine! Woohoo! You are the best - thanks so much! Does everything else look good?

[RKinner]

The only thing I see left is that Windows Live is not ready for windows 7. If you can live without it I would uninstall it. Other than that I think you are OK now. Just some cleanup to do:

We need to cleanup System Restore (if we haven't already):

Copy the following:

:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of any malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron