Inactive [A] Internet Explorer being redirected

ccchester · Sep 17, 2012

My Internet Explorer has been being redirected for over a week. I thought I had fixed the problem, but it popped up again the other day. When I ran MalwareBytes it said it didn't find any threats but when I went to the quarantine section there were 25 all created on 9/12/12. Among the names listed were Trojan.Vundo, PUP.MyWebSearch, PUP.Funmoods Rogue.AntiVirus, and Adware.Minibug. I think these are the same things that I removed the first time I ran the program several days ago.

Here are my logs. Thanks in advance for your help.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.15.05
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Cynthia :: CYNTHIA-PC [administrator]
9/17/2012 11:11:47 AM
mbam-log-2012-09-17 (11-11-47).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186042
Time elapsed: 5 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-17 17:33:06
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0
Running: gmer.exe; Driver: C:\Users\Cynthia\AppData\Local\Temp\fxliafow.sys

---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Cynthia at 17:34:20 on 2012-09-17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1134 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Cynthia\AppData\Roaming\Spotify\spotify.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/?_bc=1
uSearch Page =
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
mSearchAssistant =
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [imscr] "c:\windows\system32\rundll32.exe" "c:\users\cynthia\appdata\roaming\imscr.dll",get_gAMA_fixed
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Spotify] "c:\users\cynthia\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [EKAIO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\cynthia\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
Trusted Zone: mlxchange.com\mfr
Trusted Zone: yahoo.com\cm.my
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{0A283A52-1221-4105-ABD3-9F51AEF85DAC} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 214664]
R1 MpKsl7fac1549;MpKsl7fac1549;c:\programdata\microsoft\microsoft antimalware\definition updates\{5c42ac65-eac4-47f5-ac76-f8e2cbfb4b68}\MpKsl7fac1549.sys [2012-9-17 29904]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-11 21504]
R3 RTL8187;Trust USB WiFi Adapter;c:\windows\system32\drivers\rtl8187.sys [2007-2-14 288256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-1 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-1 136176]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-16 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-16 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-16 40552]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-8-31 13024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
scrfile="%1" /S "%3"
.
=============== Created Last 30 ================
.
2012-09-17 21:32:51 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5c42ac65-eac4-47f5-ac76-f8e2cbfb4b68}\MpKsl7fac1549.sys
2012-09-16 21:36:28 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5c42ac65-eac4-47f5-ac76-f8e2cbfb4b68}\mpengine.dll
2012-09-16 15:44:01 -------- d-----w- c:\users\cynthia\appdata\local\Spotify
2012-09-16 15:42:32 -------- d-----w- c:\users\cynthia\appdata\roaming\Spotify
2012-09-16 15:41:57 -------- d-----w- c:\users\cynthia\appdata\local\Deployment
2012-09-16 15:41:57 -------- d-----w- c:\users\cynthia\appdata\local\Apps
2012-09-15 19:54:32 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-13 01:08:19 -------- d-----w- c:\program files\CCleaner
2012-09-12 19:23:03 -------- d-----w- c:\users\cynthia\appdata\roaming\Malwarebytes
2012-09-12 19:22:45 -------- d-----w- c:\programdata\Malwarebytes
2012-09-12 19:22:42 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-12 19:22:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-10 18:37:11 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-10 18:37:10 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 03:57:37 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7f0ccf80-75a9-46e1-9182-73b4e5928ae6}\gapaengine.dll
2012-09-07 03:49:51 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-04 17:01:28 -------- d-----w- c:\program files\WinDirStat
2012-08-31 22:00:11 -------- d-----w- c:\program files\Defraggler
2012-08-31 21:35:46 288256 ----a-w- c:\windows\system\rtl8187.sys
2012-08-31 21:35:43 -------- d-----w- c:\program files\Trust USB WiFi Adapter Driver
2012-08-31 21:19:54 329752 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-08-31 21:03:52 1601024 ----a-w- c:\users\cynthia\appdata\roaming\imscr.dll
2012-08-31 20:56:13 -------- d-----w- c:\users\cynthia\appdata\local\Downloaded Installations
2012-08-31 19:55:11 -------- d-----w- c:\program files\IDT
2012-08-31 19:41:53 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-08-31 19:41:44 -------- d-----w- c:\program files\SlimDrivers
2012-08-25 08:04:16 -------- d-----w- c:\program files\Windows Portable Devices
2012-08-25 07:32:05 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-25 07:32:05 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-08-25 07:32:05 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-25 07:32:05 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-25 07:25:42 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-23 13:12:02 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-23 13:12:02 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-08-23 13:12:01 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-08-23 13:12:00 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-08-23 13:12:00 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-08-23 13:12:00 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-08-23 13:12:00 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-08-23 13:11:59 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-08-23 13:11:54 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-08-23 13:11:53 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-08-23 13:10:10 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-08-23 13:10:09 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-23 13:10:09 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-23 13:09:54 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-08-23 13:09:54 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-08-23 13:09:54 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-08-23 13:09:54 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-08-23 13:09:49 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-08-23 13:09:49 189952 ----a-w- c:\windows\system32\winmm.dll
2012-08-23 13:09:46 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-23 13:09:04 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-08-23 13:08:44 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-08-23 13:08:18 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-23 13:08:16 66560 ----a-w- c:\windows\system32\packager.dll
2012-08-23 13:08:13 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-08-23 13:08:11 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-08-23 13:08:07 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-08-23 13:06:38 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-08-23 13:06:38 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-08-23 13:06:19 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-08-23 13:06:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 13:06:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 13:06:14 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-08-23 13:04:58 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-23 13:04:57 278528 ----a-w- c:\windows\system32\schannel.dll
2012-08-23 13:04:57 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-08-23 13:04:56 72704 ----a-w- c:\windows\system32\secur32.dll
2012-08-23 13:04:56 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-23 13:04:55 9728 ----a-w- c:\windows\system32\lsass.exe
2012-08-23 13:04:50 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-08-23 12:37:33 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-08-23 12:21:08 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-23 12:20:27 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-23 12:20:16 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-23 12:20:16 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-23 02:15:33 98816 ----a-w- c:\windows\system32\mfps.dll
2012-08-23 02:13:28 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-08-23 02:13:28 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-08-23 02:13:28 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-08-23 02:13:27 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-08-23 02:13:27 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-08-23 02:13:27 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-08-23 02:13:27 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-08-22 20:18:57 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:45:55 -------- d-----w- c:\windows\system32\eu-ES
2012-08-22 18:45:55 -------- d-----w- c:\windows\system32\ca-ES
2012-08-22 18:45:54 -------- d-----w- c:\windows\system32\vi-VN
2012-08-22 18:14:59 627712 ----a-w- c:\windows\system32\user32.dll
2012-08-22 18:13:59 842240 ----a-w- c:\windows\system32\systemcpl.dll
2012-08-22 18:12:39 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2012-08-22 18:12:39 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2012-08-22 18:12:39 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-08-22 18:12:39 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2012-08-22 18:12:39 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2012-08-22 18:12:39 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2012-08-22 18:12:39 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2012-08-22 18:12:38 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2012-08-22 18:12:37 218624 ----a-w- c:\windows\system32\wdscore.dll
2012-08-22 18:12:37 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2012-08-22 18:12:31 247808 ----a-w- c:\windows\system32\drvstore.dll
2012-08-21 14:33:19 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-08-21 14:13:59 -------- d-----w- C:\dell
2012-08-21 13:42:45 -------- d-----w- c:\users\cynthia\appdata\local\SlimWare Utilities Inc
.
==================== Find3M ====================
.
2012-08-23 02:15:33 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-08-23 02:13:29 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
.
============= FINISH: 17:35:54.89 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/14/2007 3:15:34 AM
System Uptime: 9/17/2012 11:32:04 AM (6 hours ago)
.
Motherboard: Gateway | |
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | uFCPGA2 | 1000/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 112.41 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.152 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP813: 9/16/2012 5:33:42 PM - Windows Update
RP814: 9/17/2012 2:02:25 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
AviSynth 2.5
Browser Address Error Redirector
CCleaner
Defraggler
Encompass Installation Manager
Gateway Recovery Center Installer
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 2.0 SP3 Runtime
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OGA Notifier 2.0.0048.0
OpenOffice.org 3.3
Point
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK RTL8187 Wireless LAN Driver
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Spotify
SupportSoft Assisted Service
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Trust USB WiFi Adapter Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WinDirStat 1.1.2
.
==== Event Viewer Messages From Past Week ========
.
9/15/2012 7:23:59 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/13/2012 12:07:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
9/10/2012 6:57:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.
9/10/2012 6:57:48 AM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/10/2012 2:08:35 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Cynthia-PC\Cynthia SID (S-1-5-21-2100033693-1561413150-3002188466-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

Broni · Sep 17, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=======================================

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=======================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

ccchester · Sep 18, 2012

I ran TDSSKiller and it said it didn't find anything, but for some reason it wouldn't let me copy and paste the log. RougeKiller ran just fine and I was able to get a log, but anwMBR got stuck when I ran it and either shut down the computer or closed the program. This seemed to happen when it was scanning some app data from encompass installer. I'm not sure it ever really finished, but I tried to get a log from it.

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Cynthia [Admin rights]
Mode : Remove -- Date : 09/18/2012 11:51:52
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : -> KILLED [TermProc]
¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][BLACKLIST DLL] HKCU\[...]\Run : imscr ("C:\Windows\System32\rundll32.exe" "C:\Users\Cynthia\AppData\Roaming\imscr.dll",get_gAMA_fixed) -> DELETED
[TASK][RESIDU] SR : C:\Windows\System32\rundll32.exe -> DELETED
[TASK][RESIDU] AutomaticBackup : C:\Windows\System32\rundll32.exe -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD1600BEVS-22RST0 +++++
--- User ---
[MBR] f5b09c0b0d97bae40024b7590fdf9d72
[BSP] 1eb68e628d5cb6c2d363086208c5bdd2 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 9969 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20418615 | Size: 142655 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-18 12:34:46
-----------------------------
12:34:46.003 OS Version: Windows 6.0.6002 Service Pack 2
12:34:46.003 Number of processors: 2 586 0xE08
12:34:46.003 ComputerName: CYNTHIA-PC UserName: Cynthia
12:34:47.773 Initialize success
12:37:57.892 AVAST engine defs: 12091400
12:39:55.483 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:39:55.483 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
12:39:55.503 Disk 0 MBR read successfully
12:39:55.503 Disk 0 MBR scan
12:39:55.513 Disk 0 unknown MBR code
12:39:55.523 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 9969 MB offset 63
12:39:55.543 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142655 MB offset 20418615
12:39:55.563 Disk 0 scanning sectors +312576705
12:39:55.663 Disk 0 scanning C:\Windows\system32\drivers
12:40:19.783 Service scanning
12:40:36.543 Service MpKsl4f2f3aaf c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50D42144-9448-4617-8C5D-7C1986E7AB06}\MpKsl4f2f3aaf.sys **LOCKED** 32
12:41:00.243 Modules scanning
12:41:05.043 Disk 0 trace - called modules:
12:41:05.443 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
12:41:05.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8618a228]
12:41:05.463 3 CLASSPNP.SYS[8899d8b3] -> nt!IofCallDriver -> [0x85760bd8]
12:41:05.473 5 acpi.sys[880976bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84868028]
12:41:07.243 AVAST engine scan C:\Windows
12:41:11.433 AVAST engine scan C:\Windows\system32
12:47:37.844 AVAST engine scan C:\Windows\system32\drivers
12:48:06.914 AVAST engine scan C:\Users\Cynthia
13:03:55.672 Disk 0 MBR has been saved successfully to "C:\Users\Cynthia\Desktop\MBR.dat"
13:03:55.942 The log file has been saved successfully to "C:\Users\Cynthia\Desktop\aswMBR.txt"

Broni · Sep 18, 2012

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=====================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

ccchester · Sep 19, 2012

Here's the ComboFix log.

ComboFix 12-09-18.07 - Cynthia 09/19/2012 10:34:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1305 [GMT -4:00]
Running from: c:\users\Cynthia\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Windows
c:\users\Cynthia\AppData\Roaming\imscr.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system\rtl8187.sys
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))
.
.
2012-09-19 14:42 . 2012-09-19 14:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-19 14:42 . 2012-09-19 14:42 -------- d-----w- c:\users\Cynthia\AppData\Local\temp
2012-09-18 16:30 . 2012-09-18 16:30 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50D42144-9448-4617-8C5D-7C1986E7AB06}\MpKsl4f2f3aaf.sys
2012-09-18 15:46 . 2012-09-18 15:46 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50D42144-9448-4617-8C5D-7C1986E7AB06}\MpKsleddd4e27.sys
2012-09-18 12:42 . 2012-08-23 04:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50D42144-9448-4617-8C5D-7C1986E7AB06}\mpengine.dll
2012-09-17 21:37 . 2012-08-23 04:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-16 15:44 . 2012-09-19 14:29 -------- d-----w- c:\users\Cynthia\AppData\Local\Spotify
2012-09-16 15:42 . 2012-09-19 14:29 -------- d-----w- c:\users\Cynthia\AppData\Roaming\Spotify
2012-09-16 15:41 . 2012-09-16 15:42 -------- d-----w- c:\users\Cynthia\AppData\Local\Deployment
2012-09-16 15:41 . 2012-09-16 15:41 -------- d-----w- c:\users\Cynthia\AppData\Local\Apps
2012-09-13 01:08 . 2012-09-13 01:08 -------- d-----w- c:\program files\CCleaner
2012-09-12 19:23 . 2012-09-12 19:23 -------- d-----w- c:\users\Cynthia\AppData\Roaming\Malwarebytes
2012-09-12 19:22 . 2012-09-12 19:22 -------- d-----w- c:\programdata\Malwarebytes
2012-09-12 19:22 . 2012-09-12 19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-12 19:22 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-10 18:37 . 2012-09-10 18:37 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-10 18:37 . 2012-09-10 18:37 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 03:57 . 2012-09-07 03:57 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F0CCF80-75A9-46E1-9182-73B4E5928AE6}\gapaengine.dll
2012-09-07 03:49 . 2012-09-07 03:50 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-04 17:01 . 2012-09-04 17:01 -------- d-----w- c:\program files\WinDirStat
2012-08-31 22:00 . 2012-08-31 22:00 -------- d-----w- c:\program files\Defraggler
2012-08-31 21:35 . 2012-08-31 21:35 -------- d-----w- c:\program files\Trust USB WiFi Adapter Driver
2012-08-31 21:19 . 2009-02-11 21:11 329752 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-08-31 21:19 . 2012-08-31 21:19 -------- d-----w- c:\users\Cynthia\AppData\Roaming\InstallShield
2012-08-31 20:56 . 2012-08-31 20:56 -------- d-----w- c:\users\Cynthia\AppData\Local\Downloaded Installations
2012-08-31 19:55 . 2012-08-31 19:55 -------- d-----w- c:\program files\IDT
2012-08-31 19:41 . 2012-09-04 16:32 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-08-31 19:41 . 2012-09-05 00:19 -------- d-----w- c:\program files\SlimDrivers
2012-08-25 08:04 . 2012-08-25 08:04 -------- d-----w- c:\program files\Windows Portable Devices
2012-08-25 07:32 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-25 07:32 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-08-25 07:32 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-25 07:32 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-25 07:25 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-23 13:12 . 2012-03-30 12:39 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-23 13:12 . 2012-03-29 13:39 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-08-23 13:12 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-08-23 13:12 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-08-23 13:12 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-08-23 13:12 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-08-23 13:12 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-08-23 13:11 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-08-23 13:11 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-08-23 13:11 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-08-23 13:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-08-23 13:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-23 13:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-23 13:09 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-08-23 13:09 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-08-23 13:09 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-08-23 13:09 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-08-23 13:09 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-08-23 13:09 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-08-23 13:09 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-23 13:09 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-08-23 13:08 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-08-23 13:08 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-23 13:08 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-08-23 13:08 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-08-23 13:08 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-08-23 13:08 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-08-23 13:06 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-08-23 13:06 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-08-23 13:06 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-08-23 13:06 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 13:06 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 13:06 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-08-23 13:04 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-23 13:04 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-08-23 13:04 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-08-23 13:04 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-23 13:04 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-08-23 13:04 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-08-23 13:04 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-08-23 12:37 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-08-23 12:21 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-08-23 12:21 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-23 12:21 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-23 12:21 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-23 12:20 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-08-23 12:20 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-08-23 12:20 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-23 12:20 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-23 12:20 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-23 02:15 . 2012-08-23 02:15 98816 ----a-w- c:\windows\system32\mfps.dll
2012-08-23 02:13 . 2012-08-23 02:13 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-08-23 02:13 . 2012-08-23 02:13 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-08-23 02:13 . 2012-08-23 02:13 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-08-23 02:13 . 2012-08-23 02:13 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-08-23 02:13 . 2012-08-23 02:13 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-08-23 02:13 . 2012-08-23 02:13 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-08-23 02:13 . 2012-08-23 02:13 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-08-22 20:18 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:45 . 2012-08-22 18:46 -------- d-----w- c:\windows\system32\ca-ES
2012-08-22 18:45 . 2012-08-22 18:46 -------- d-----w- c:\windows\system32\eu-ES
2012-08-22 18:45 . 2012-08-22 18:46 -------- d-----w- c:\windows\system32\vi-VN
2012-08-22 18:14 . 2009-04-11 06:28 627712 ----a-w- c:\windows\system32\user32.dll
2012-08-22 18:13 . 2009-04-11 06:28 842240 ----a-w- c:\windows\system32\systemcpl.dll
2012-08-22 18:12 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2012-08-22 18:12 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2012-08-22 18:12 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2012-08-22 18:12 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2012-08-22 18:12 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2012-08-22 18:12 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-08-22 18:12 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2012-08-22 18:12 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2012-08-22 18:12 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2012-08-22 18:12 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2012-08-22 18:12 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2012-08-21 14:33 . 2011-12-06 19:55 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-08-21 14:13 . 2012-08-21 14:13 -------- d-----w- C:\dell
2012-08-21 13:42 . 2012-09-04 23:31 -------- d-----w- c:\users\Cynthia\AppData\Local\SlimWare Utilities Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-23 02:13 . 2012-08-23 02:13 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Spotify"="c:\users\Cynthia\AppData\Roaming\Spotify\Spotify.exe" [2012-09-16 5576408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-05-17 296056]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-11 2756608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 133656]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Cynthia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Alert.lnk]
path=c:\users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Alert.lnk
backup=c:\windows\pss\Desktop Alert.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2100033693-1561413150-3002188466-1000]
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2100033693-1561413150-3002188466-500]
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-27 13:02]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 01:51]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 01:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/?_bc=1
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: mlxchange.com\mfr
Trusted Zone: yahoo.com\cm.my
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-09-19 10:47:15
ComboFix-quarantined-files.txt 2012-09-19 14:47
.
Pre-Run: 119,346,163,712 bytes free
Post-Run: 119,355,621,376 bytes free
.
- - End Of File - - 72A5D0F4AE6BBE4ED339AA408E0A7988

Broni · Sep 19, 2012

Looks good

Any current issues?

=========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

ccchester · Sep 20, 2012

The redirecting seems to have stopped but, I noticed other weird stuff. My scroll pad seems to work off and on and there was a pop up message that said: Activate your Windows now (with a icon of 2 keys). I have a seven year old vista and I don't know why it's asking me to do this. Also, even when I close all windows including internet explorer - task master still seems to have about seven active IE entries going when I am not on the internet.
Thanks.

OTL Extras logfile created on: 9/20/2012 9:53:35 PM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Cynthia\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 31.89% Memory free
4.21 Gb Paging File | 2.31 Gb Available in Paging File | 54.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.31 Gb Total Space | 109.58 Gb Free Space | 78.66% Space Free | Partition Type: NTFS
Drive D: | 9.74 Gb Total Space | 3.17 Gb Free Space | 32.53% Space Free | Partition Type: NTFS

Computer Name: CYNTHIA-PC | User Name: Cynthia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2100033693-1561413150-3002188466-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2100033693-1561413150-3002188466-1000]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2100033693-1561413150-3002188466-500]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{17D71B52-5AA0-4473-AC58-95D8728535BB}C:\users\cynthia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\cynthia\appdata\roaming\spotify\spotify.exe |
"TCP Query User{AFFE7348-5F42-47EA-850B-57A07ED651AB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C0878FC4-8AA2-4E2C-9A8B-4F2BACA29057}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{E86142FE-2694-416A-839B-C6E1F765E7C1}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{EE1AEDC2-6094-4C37-8038-D107BDEF4542}C:\users\cynthia\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\cynthia\appdata\roaming\spotify\spotify.exe |
"UDP Query User{04437E79-6F4C-456A-BA1A-09782264B51E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1903AD9C-1D60-4D2C-AEE6-5AA7394A83C1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{217DF5D5-AB96-4954-91E2-667622E322FE}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{9473F5FD-E140-450C-A0BC-486BD42BEBB4}C:\users\cynthia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\cynthia\appdata\roaming\spotify\spotify.exe |
"UDP Query User{FCB952A0-593B-4239-8E4E-E6B6B567EF69}C:\users\cynthia\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\cynthia\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK RTL8187 Wireless LAN Driver
"{07CEBBBD-E6EF-4265-BC65-777BD5C1FCD7}" = Point
"{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{607398CF-354B-4E21-B1BC-549424BFD04C}" = TIPCI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{876854B3-6F71-40EC-AD7C-A995C0B0EE0A}" = Trust USB WiFi Adapter Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{E1D34262-4885-45F7-BC46-3594A7B0B097}" = Encompass Installation Manager
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}" = Point
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F751F153-0D23-4ED5-85D5-BAE46893D1F9}" = Point
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{607398CF-354B-4E21-B1BC-549424BFD04C}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2100033693-1561413150-3002188466-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2011 8:34:10 AM | Computer Name = Cynthia-PC | Source = Bonjour Service | ID = 100
Description =

Error - 3/3/2011 8:34:12 AM | Computer Name = Cynthia-PC | Source = Bonjour Service | ID = 100
Description =

Error - 3/3/2011 8:34:12 AM | Computer Name = Cynthia-PC | Source = Bonjour Service | ID = 100
Description =

Error - 3/3/2011 8:34:12 AM | Computer Name = Cynthia-PC | Source = Bonjour Service | ID = 100
Description =

Error - 3/3/2011 8:34:14 AM | Computer Name = Cynthia-PC | Source = Bonjour Service | ID = 100
Description =

Error - 3/3/2011 8:34:14 AM | Computer Name = Cynthia-PC | Source = Bonjour Service | ID = 100
Description =

Error - 3/3/2011 8:34:14 AM | Computer Name = Cynthia-PC | Source = Bonjour Service | ID = 100
Description =

Error - 3/3/2011 8:34:15 AM | Computer Name = Cynthia-PC | Source = Bonjour Service | ID = 100
Description =

Error - 3/3/2011 8:34:15 AM | Computer Name = Cynthia-PC | Source = Bonjour Service | ID = 100
Description =

Error - 3/3/2011 8:34:15 AM | Computer Name = Cynthia-PC | Source = Bonjour Service | ID = 100
Description =

[ Media Center Events ]
Error - 12/22/2007 5:28:59 PM | Computer Name = Cynthia-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/17/2008 8:34:32 PM | Computer Name = Cynthia-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/21/2008 9:49:19 PM | Computer Name = Cynthia-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/29/2008 8:02:20 PM | Computer Name = Cynthia-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/30/2008 3:40:51 PM | Computer Name = Cynthia-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/31/2008 4:47:20 PM | Computer Name = Cynthia-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 7:21:39 PM | Computer Name = Cynthia-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/3/2008 1:00:38 PM | Computer Name = Cynthia-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/7/2008 2:33:43 AM | Computer Name = Cynthia-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 11:05:24 AM | Computer Name = Cynthia-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/18/2012 12:23:26 PM | Computer Name = Cynthia-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 9/18/2012 12:23:26 PM | Computer Name = Cynthia-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/18/2012 9:36:28 PM | Computer Name = Cynthia-PC | Source = DCOM | ID = 10010
Description =

Error - 9/19/2012 10:23:53 AM | Computer Name = Cynthia-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:20:19 AM on 9/19/2012 was unexpected.

Error - 9/19/2012 10:34:28 AM | Computer Name = Cynthia-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 9/19/2012 10:34:53 AM | Computer Name = Cynthia-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.1498.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 9/19/2012 10:37:58 AM | Computer Name = Cynthia-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 9/19/2012 10:42:49 AM | Computer Name = Cynthia-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 9/20/2012 11:54:17 AM | Computer Name = Cynthia-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:25:55 AM on 9/20/2012 was unexpected.

Error - 9/20/2012 1:01:33 PM | Computer Name = Cynthia-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume2.

< End of report >

OTL logfile created on: 9/20/2012 9:53:35 PM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Cynthia\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 31.89% Memory free
4.21 Gb Paging File | 2.31 Gb Available in Paging File | 54.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.31 Gb Total Space | 109.58 Gb Free Space | 78.66% Space Free | Partition Type: NTFS
Drive D: | 9.74 Gb Total Space | 3.17 Gb Free Space | 32.53% Space Free | Partition Type: NTFS

Computer Name: CYNTHIA-PC | User Name: Cynthia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/20 21:53:05 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Cynthia\Desktop\OTL.exe
PRC - [2012/09/10 14:37:10 | 000,690,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
PRC - [2012/08/25 09:01:54 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/05/17 14:41:37 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/12/11 00:48:30 | 002,756,608 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/04 13:42:47 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

========== Services (SafeList) ==========

SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/03 11:51:46 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\stwrt.sys -- (STHDA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Cynthia\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/09/04 12:32:45 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [1999/12/31 20:00:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [1999/12/31 20:00:00 | 000,288,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187.sys -- (RTL8187)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {7A198A62-1ABF-418D-9843-C26DC49957A7}
IE - HKLM\..\SearchScopes\{073da794-72ee-4938-b54f-ead77d5861b5}: "URL" = http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=60447&p={searchTerms}
IE - HKLM\..\SearchScopes\{7A198A62-1ABF-418D-9843-C26DC49957A7}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6707
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6707
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/?_bc=1
IE - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\..\SearchScopes\{073da794-72ee-4938-b54f-ead77d5861b5}: "URL" = http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=60447&p={searchTerms}
IE - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\..\SearchScopes\{7A198A62-1ABF-418D-9843-C26DC49957A7}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\..\SearchScopes\{BDDCCFAA-D69A-46B9-9670-1949168B8D9D}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGRP_en
IE - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/04 16:29:41 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/09/19 10:42:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000..\Run: [Spotify] C:\Users\Cynthia\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - Startup: C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O15 - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\..Trusted Domains: mlxchange.com ([mfr] http in Trusted sites)
O15 - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\..Trusted Domains: yahoo.com ([cm.my] http in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A283A52-1221-4105-ABD3-9F51AEF85DAC}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Cynthia\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Cynthia\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/20 21:52:45 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Cynthia\Desktop\OTL.exe
[2012/09/19 10:47:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/19 10:47:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/19 10:47:22 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\temp
[2012/09/19 10:32:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/19 10:32:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/19 10:32:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/19 10:32:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/19 10:32:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/18 21:43:16 | 004,752,754 | R--- | C] (Swearware) -- C:\Users\Cynthia\Desktop\ComboFix.exe
[2012/09/18 11:50:13 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Desktop\RK_Quarantine
[2012/09/17 19:25:14 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cynthia\Desktop\TDSSKiller.exe
[2012/09/16 11:44:01 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\Spotify
[2012/09/16 11:42:32 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Roaming\Spotify
[2012/09/16 11:41:57 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\Deployment
[2012/09/16 11:41:57 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\Apps
[2012/09/12 21:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/12 21:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/12 15:23:03 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Roaming\Malwarebytes
[2012/09/12 15:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/12 15:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/12 15:22:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/12 15:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/12 15:20:06 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Cynthia\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/12 15:11:33 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Desktop\bootkit_remover
[2012/09/06 23:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/04 21:04:21 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/09/04 13:01:29 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2012/09/04 13:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2012/09/04 13:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2012/08/31 19:38:00 | 000,000,000 | R--D | C] -- C:\Users\Cynthia\Documents\Documents\Documents\Notes
[2012/08/31 18:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2012/08/31 18:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012/08/31 17:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trust USB WiFi Adapter Driver
[2012/08/31 17:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2012/08/31 17:19:24 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Roaming\InstallShield
[2012/08/31 16:56:13 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\Downloaded Installations
[2012/08/31 15:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2012/08/31 15:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\SlimDrivers
[2012/08/31 15:41:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/08/31 14:08:22 | 000,000,000 | R--D | C] -- C:\Users\Cynthia\Pictures
[2012/08/25 04:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/08/22 14:45:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/08/22 14:45:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/08/22 14:45:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/20 21:53:05 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Cynthia\Desktop\OTL.exe
[2012/09/20 21:46:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/20 21:42:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/20 21:42:11 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 21:42:11 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 12:17:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/09/20 11:54:29 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/19 10:42:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/19 10:32:16 | 004,752,754 | R--- | M] (Swearware) -- C:\Users\Cynthia\Desktop\ComboFix.exe
[2012/09/18 13:03:55 | 000,000,512 | ---- | M] () -- C:\Users\Cynthia\Desktop\MBR.dat
[2012/09/18 11:47:27 | 000,000,000 | ---- | M] () -- C:\Users\Cynthia\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/09/18 11:46:11 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cynthia\Desktop\TDSSKiller.exe
[2012/09/16 11:43:59 | 000,001,721 | ---- | M] () -- C:\Users\Cynthia\Desktop\Spotify.lnk
[2012/09/12 21:08:20 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/12 15:39:42 | 000,404,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/12 15:35:00 | 000,302,592 | ---- | M] () -- C:\Users\Cynthia\Desktop\gmer.exe
[2012/09/12 15:22:54 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/12 15:20:30 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Cynthia\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/12 15:11:00 | 000,044,607 | ---- | M] () -- C:\Users\Cynthia\Desktop\bootkit_remover.zip
[2012/09/12 12:25:40 | 000,171,241 | ---- | M] () -- C:\Users\Cynthia\blow flower beautiful girl.jpg
[2012/09/12 12:18:33 | 000,039,447 | ---- | M] () -- C:\Users\Cynthia\blow flower 2 space
[2012/09/10 12:51:38 | 012,278,974 | ---- | M] () -- C:\Users\Cynthia\Desktop\earths-forbidden-secrets-part-one.pdf
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/06 23:50:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/06 23:49:57 | 000,614,930 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/06 23:49:57 | 000,108,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/04 13:20:21 | 000,000,828 | ---- | M] () -- C:\Users\Cynthia\Desktop\WinDirStat.lnk
[2012/09/04 12:32:45 | 000,013,024 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/09/03 11:17:20 | 000,030,669 | ---- | M] () -- C:\Users\Cynthia\Documents\Documents\Documents\The Blood Covenant by E.W. Kenyon.odt
[2012/08/31 16:04:10 | 000,016,060 | ---- | M] () -- C:\Windows\System32\results.xml
[2012/08/25 04:03:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/08/25 04:03:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/08/22 22:22:48 | 000,000,943 | ---- | M] () -- C:\Users\Cynthia\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/22 22:17:19 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/08/22 22:17:19 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/08/22 22:17:03 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/19 10:32:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/19 10:32:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/19 10:32:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/19 10:32:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/19 10:32:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/18 13:03:55 | 000,000,512 | ---- | C] () -- C:\Users\Cynthia\Desktop\MBR.dat
[2012/09/16 11:43:59 | 000,001,721 | ---- | C] () -- C:\Users\Cynthia\Desktop\Spotify.lnk
[2012/09/16 11:43:59 | 000,001,707 | ---- | C] () -- C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/09/12 21:08:20 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/12 15:38:34 | 000,404,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/12 15:22:54 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/12 15:11:00 | 000,044,607 | ---- | C] () -- C:\Users\Cynthia\Desktop\bootkit_remover.zip
[2012/09/12 12:25:39 | 000,171,241 | ---- | C] () -- C:\Users\Cynthia\blow flower beautiful girl.jpg
[2012/09/12 12:18:32 | 000,039,447 | ---- | C] () -- C:\Users\Cynthia\blow flower 2 space
[2012/09/10 12:51:37 | 012,278,974 | ---- | C] () -- C:\Users\Cynthia\Desktop\earths-forbidden-secrets-part-one.pdf
[2012/09/06 23:50:00 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/04 13:01:29 | 000,000,828 | ---- | C] () -- C:\Users\Cynthia\Desktop\WinDirStat.lnk
[2012/09/03 10:58:29 | 000,030,669 | ---- | C] () -- C:\Users\Cynthia\Documents\Documents\Documents\The Blood Covenant by E.W. Kenyon.odt
[2012/08/31 17:04:01 | 000,000,000 | ---- | C] () -- C:\Users\Cynthia\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/08/31 16:04:10 | 000,016,060 | ---- | C] () -- C:\Windows\System32\results.xml
[2012/08/31 15:45:37 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1587.dll
[2012/08/31 15:45:29 | 000,032,912 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2012/08/31 15:41:53 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/08/25 04:03:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/08/25 04:03:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/08/22 22:17:03 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/08/22 16:24:24 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/22 14:15:17 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012/08/22 14:15:15 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012/08/22 14:15:03 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012/08/22 14:15:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/08/22 14:15:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/08/22 14:14:58 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012/08/22 14:14:53 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012/08/22 14:14:37 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012/08/22 14:14:34 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012/08/22 14:13:05 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012/08/22 14:12:54 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2012/04/03 23:50:26 | 000,000,680 | ---- | C] () -- C:\Users\Cynthia\AppData\Local\d3d9caps.dat
[2011/02/08 20:31:53 | 000,000,000 | ---- | C] () -- C:\Users\Cynthia\AppData\Roaming\wklnhst.dat
[2009/12/07 13:17:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007/12/11 14:41:01 | 000,000,058 | ---- | C] () -- C:\ProgramData\mchguid.ini
[2007/07/11 14:59:26 | 000,000,095 | ---- | C] () -- C:\Users\Cynthia\AppData\Local\fusioncache.dat
[2007/06/27 16:55:35 | 000,044,032 | ---- | C] () -- C:\Users\Cynthia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/03/11 11:11:11 | 000,000,102 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@babylon[1].txt
[2008/05/20 14:24:12 | 000,000,140 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@findlaw[2].txt
[2008/06/04 09:59:23 | 000,000,135 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@google[2].txt
[2008/01/10 12:54:49 | 000,000,127 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hssports.wftv[2].txt
[2009/10/06 19:20:06 | 000,000,461 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[1].txt
[2009/08/23 10:19:10 | 000,000,807 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[2].txt
[2009/12/15 23:23:51 | 000,000,339 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[4].txt
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2012/08/31 13:56:48 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\Dropbox
[2012/05/04 13:44:49 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\OpenOffice.org
[2007/06/27 16:33:24 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\SampleView
[2012/08/31 12:49:39 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\ScanSoft
[2012/09/20 00:50:02 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\Spotify
[2011/02/08 20:31:57 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\Template

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP

FC5A2B2
< End of report >

Broni · Sep 20, 2012

when I close all windows including internet explorer - task master still seems to have about seven active IE entries going when I am not on the internet.

Did you wait a bit?

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\..\URLSearchHook: - No CLSID value found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O15 - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\..Trusted Domains: mlxchange.com ([mfr] http in Trusted sites)
O15 - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\..Trusted Domains: yahoo.com ([cm.my] http in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O37 - HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
[2012/08/31 17:04:01 | 000,000,000 | ---- | C] () -- C:\Users\Cynthia\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2008/03/11 11:11:11 | 000,000,102 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@babylon[1].txt
[2008/05/20 14:24:12 | 000,000,140 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@findlaw[2].txt
[2008/06/04 09:59:23 | 000,000,135 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@google[2].txt
[2008/01/10 12:54:49 | 000,000,127 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hssports.wftv[2].txt
[2009/10/06 19:20:06 | 000,000,461 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[1].txt
[2009/08/23 10:19:10 | 000,000,807 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[2].txt
[2009/12/15 23:23:51 | 000,000,339 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[4].txt
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

ccchester · Sep 21, 2012

I ran OTL a second time the way you suggested. However, after running it the first time I got this error message:

Windows did not pass genuine validation Security Essentials will become disabled in 30 days if you do not resolve this issue.
To continue using Security Essentials, click Go online and resolve now and get genuine Windows.

But when I clicked on the link they gave to fix it, I got this message: This file does not have a program associated with it for performing this action. Create an association in the Set Associations control panel.

The background on my computer is black and when it was booting up I saw this in the bottom right hand corner of the screen.

Windows Vista (TM)
Build 6002
This copy of Windows is not genuine

This seemed to happen only after I ran OTL. Do you think it could have deleted something? What should I do to fix?

Thanks for your help.

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2100033693-1561413150-3002188466-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2100033693-1561413150-3002188466-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2100033693-1561413150-3002188466-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mlxchange.com\mfr\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2100033693-1561413150-3002188466-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo.com\cm.my\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File oft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_USERS\S-1-5-21-2100033693-1561413150-3002188466-1000_Classes\.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2100033693-1561413150-3002188466-1000_Classes\ComFile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
C:\Users\Cynthia\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@babylon[1].txt moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@findlaw[2].txt moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@google[2].txt moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hssports.wftv[2].txt moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[1].txt moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[2].txt moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[4].txt moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
ADS C:\ProgramData\TEMP

FC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cynthia
->Temp folder emptied: 65353 bytes
->Temporary Internet Files folder emptied: 9175579 bytes
->Flash cache emptied: 506 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 84 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16768 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb

[EMPTYJAVA]

User: All Users

User: Cynthia

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Cynthia
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.64.0 log created on 09212012_071614
Files\Folders moved on Reboot...
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\aceUAC[1].htm moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\aceUAC[2].htm moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\ext-render-secure[1].htm moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\fc[1].htm moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCA1L6NAD.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCA29DVET.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCA5SVC62.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCA721VBL.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCA8DP9G5.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCA8EUBSH.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCAAOKGCE.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCAAT0WAV.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCACK9IVC.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCACU3BXW.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCADUL488.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCAEN5M8I.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCAFVA97X.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCAGRGAJP.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCAI3F1AQ.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCAR7J69X.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCAR8ROOZ.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCAX2VSLG.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCAY2N63Y.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttonsCAZ1J8UQ.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttons[10].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttons[11].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttons[1].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttons[2].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttons[3].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttons[4].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttons[5].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttons[6].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttons[7].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttons[8].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\topbuttons[9].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDQ8C4IV\xframe-proxy_20110929[1].htm moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\0[1].htm moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\ext-render-secure[1].htm moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\ext-render-secure[2].htm moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCA0FQY83.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCA1X05L2.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCA3TE983.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCA47RD3U.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCA5HC2R3.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCA61JBVU.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCA79AN8G.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCA79JNQE.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCA8H6J51.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCABK9YRR.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCAC98RJT.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCAGC5A8W.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCAIJNGKX.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCAKZ09WL.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCALC08SJ.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCAMD9PPA.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCANFF1HO.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCAP8O8D4.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCAQ531FM.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCASTA3UR.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCAV8U8RY.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCAW8FRM2.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttonsCAXVA83Z.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttons[10].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttons[11].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttons[1].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttons[2].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttons[3].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttons[4].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttons[5].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttons[6].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttons[7].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttons[8].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\topbuttons[9].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5DXXB87\xframe-proxy_20110929[1].htm moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\0[1].htm moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCA1GU3O1.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCA2FZ06R.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCA40PLEA.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCA62DI9Z.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCA87HL1Q.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCA8TV2PJ.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAA1F2BI.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAB9VU6H.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCACYCBPK.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAD56VPR.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAE90826.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAEKR4KQ.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAFEC0B4.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAGD0ZR5.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAIT1BG5.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAK3XLJQ.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAL43MDV.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCALLCTVP.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAMESV2K.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAN1C7MS.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAQ3LF32.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAQM39LE.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAU2CYGA.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAU80HVJ.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAVN40YX.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAWEW2EP.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAYPG8DL.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttonsCAYZENUL.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttons[10].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttons[11].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttons[1].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttons[2].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttons[3].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttons[4].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttons[5].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttons[6].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttons[7].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttons[8].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHL4USE3\topbuttons[9].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\0[1].htm moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCA2QSJO6.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCA402L8H.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCA581638.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCA5KR0T4.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCA6ES7C7.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCA6UVOYX.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCA9AHX8G.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAAAS2HC.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAAD9NTM.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAAOF53Z.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCABS5BX9.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAEDW8LZ.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAG2V0Q5.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAGF4GNX.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAGPYAGO.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAHU2Z8O.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAJAXQ6K.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAJG1861.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAJUHNV9.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAJZ3AI1.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAK2VJAW.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAK39OUR.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCALCS03I.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCALSZ2NK.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCANZR2DZ.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAOELG1F.xml moved successfully.
File\Folder C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAPL2XLG.xml not found!
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAS05417.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAS5SEVM.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAS6DXA0.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCASIJ94Z.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCATPSG69.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAU0U9DX.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAWR4EJ8.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAXIQJWN.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttonsCAYL236N.xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttons[10].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttons[11].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttons[1].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttons[2].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttons[3].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttons[4].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttons[5].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttons[6].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttons[7].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttons[8].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\topbuttons[9].xml moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S2K7AQF\um[1].htm moved successfully.
C:\Users\Cynthia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

Broni · Sep 21, 2012

I don't see anything in OTL fix which could cause that issue.

OTL created restore point before it run yesterday.
Try to use it and see it solves the issue.

ccchester · Sep 22, 2012

I found this on the internet:

"OTL does not create a backup so unless ERUNT or another backup program is in use you are relying on System Restore if a problem develops. With the types of infections prevalent nowadays it is wise to have a fall back position. Installation of the Recovery Console is recommended."

My computer is now rejecting my product key and says that if I do not fix this problem within 29 days, my computer will cease to function. I tried to do a system restore, but all my restore points previous to running OTL were wiped out. My CD/DVD drive is not working so I can't try to reinstall my windows. Any advice?

Broni · Sep 22, 2012

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

ccchester · Sep 25, 2012

OK. Here's the log.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-09-2012
Ran by SYSTEM at 23-09-2012 23:27:50
Running from E:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-16] (Synaptics, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-17] (RealNetworks, Inc.)
HKLM\...\Run: [EKAIO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe [2756608 2011-12-10] (Eastman Kodak Company)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Cynthia\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Cynthia\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2007-07-24] (Google Inc.)
HKU\Cynthia\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\Cynthia\...\Run: [Spotify] "C:\Users\Cynthia\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [5576408 2012-09-16] (Spotify Ltd)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Startup: C:\Users\Cynthia\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Services (Whitelisted) ===================
3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [48368 2009-09-03] (NOS Microsystems Ltd.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
==================== Drivers (Whitelisted) ====================
3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-01] (Intel Corporation)
3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [7296 2003-09-23] (GARMIN Corp.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79816 2009-09-16] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2009-09-16] (McAfee, Inc.)
1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214664 2009-09-16] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-01] (Intel® Corporation)
3 RTL8187; C:\Windows\System32\DRIVERS\RTL8187.sys [288256 1999-12-31] (Realtek Semiconductor Corporation )
3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2012-09-04] ()
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\Users\Cynthia\AppData\Local\Temp\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 STHDA; C:\Windows\System32\drivers\stwrt.sys [x]
3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2012-09-22 09:48 - 2012-09-22 09:49 - 07200144 ____A C:\Users\Cynthia\Downloads\watersound.mpeg
2012-09-21 03:16 - 2012-09-21 03:16 - 00000000 ____D C:\_OTL
2012-09-20 18:04 - 2012-09-20 18:04 - 00034954 ____A C:\Users\Cynthia\Desktop\Extras.Txt
2012-09-20 18:02 - 2012-09-20 18:02 - 00062816 ____A C:\Users\Cynthia\Desktop\OTL.Txt
2012-09-20 17:52 - 2012-09-20 17:53 - 00600064 ____A (OldTimer Tools) C:\Users\Cynthia\Desktop\OTL.exe
2012-09-19 06:47 - 2012-09-19 06:47 - 00016770 ____A C:\ComboFix.txt
2012-09-19 06:32 - 2012-09-19 06:47 - 00000000 ___AD C:\Qoobox
2012-09-19 06:32 - 2012-09-19 06:45 - 00000000 ____D C:\Windows\erdnt
2012-09-19 06:32 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-19 06:32 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-19 06:32 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-19 06:32 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-19 06:32 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-19 06:32 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-19 06:32 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-19 06:32 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-18 17:43 - 2012-09-19 06:32 - 04752754 ____R (Swearware) C:\Users\Cynthia\Desktop\ComboFix.exe
2012-09-18 09:03 - 2012-09-18 09:03 - 00001994 ____A C:\Users\Cynthia\Desktop\aswMBR.txt
2012-09-18 09:03 - 2012-09-18 09:03 - 00000512 ____A C:\Users\Cynthia\Desktop\MBR.dat
2012-09-18 08:29 - 2012-09-18 08:29 - 04731392 ____A (AVAST Software) C:\Users\Cynthia\Downloads\aswMBR (1).exe
2012-09-18 07:53 - 2012-09-18 07:54 - 04731392 ____A (AVAST Software) C:\Users\Cynthia\Downloads\aswMBR.exe
2012-09-18 07:51 - 2012-09-18 07:51 - 00001895 ____A C:\Users\Cynthia\Desktop\RKreport[1].txt
2012-09-18 07:51 - 2012-09-18 07:51 - 00001738 ____A C:\Users\Cynthia\Desktop\RKreport[2].txt
2012-09-18 07:50 - 2012-09-18 07:51 - 00000000 ____D C:\Users\Cynthia\Desktop\RK_Quarantine
2012-09-18 07:50 - 2012-09-18 07:50 - 01378816 ____A C:\Users\Cynthia\Downloads\RogueKiller.exe
2012-09-18 07:44 - 2012-09-18 07:45 - 02193278 ____A C:\Users\Cynthia\Downloads\tdsskiller.zip
2012-09-17 15:25 - 2012-09-18 07:46 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Cynthia\Desktop\TDSSKiller.exe
2012-09-17 13:33 - 2012-09-17 13:34 - 00607260 ____R (Swearware) C:\Users\Cynthia\Downloads\dds (1).com
2012-09-16 07:44 - 2012-09-23 16:11 - 00000000 ____D C:\Users\Cynthia\Local Settings\Spotify
2012-09-16 07:44 - 2012-09-23 16:11 - 00000000 ____D C:\Users\Cynthia\Local Settings\Application Data\Spotify
2012-09-16 07:44 - 2012-09-23 16:11 - 00000000 ____D C:\Users\Cynthia\AppData\Local\Spotify
2012-09-16 07:43 - 2012-09-16 07:43 - 00001721 ____A C:\Users\Cynthia\Desktop\Spotify.lnk
2012-09-16 07:42 - 2012-09-23 18:56 - 00000000 ____D C:\Users\Cynthia\Application Data\Spotify
2012-09-16 07:42 - 2012-09-23 18:56 - 00000000 ____D C:\Users\Cynthia\AppData\Roaming\Spotify
2012-09-16 07:41 - 2012-09-16 07:42 - 00000000 ____D C:\Users\Cynthia\Local Settings\Deployment
2012-09-16 07:41 - 2012-09-16 07:42 - 00000000 ____D C:\Users\Cynthia\Local Settings\Application Data\Deployment
2012-09-16 07:41 - 2012-09-16 07:42 - 00000000 ____D C:\Users\Cynthia\AppData\Local\Deployment
2012-09-16 07:41 - 2012-09-16 07:41 - 00000000 ____D C:\Users\Cynthia\AppData\Local\Apps\2.0
2012-09-12 17:08 - 2012-09-12 17:08 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-12 17:08 - 2012-09-12 17:08 - 00000804 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-09-12 17:08 - 2012-09-12 17:08 - 00000000 ____D C:\Program Files\CCleaner
2012-09-12 13:14 - 2012-09-12 13:14 - 00607260 ____R (Swearware) C:\Users\Cynthia\Downloads\dds.com
2012-09-12 11:40 - 2012-09-12 11:40 - 00104104 ____A C:\Users\Cynthia\Local Settings\GDIPFONTCACHEV1.DAT
2012-09-12 11:40 - 2012-09-12 11:40 - 00104104 ____A C:\Users\Cynthia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-12 11:40 - 2012-09-12 11:40 - 00104104 ____A C:\Users\Cynthia\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-12 11:38 - 2012-09-12 11:39 - 00404416 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-12 11:33 - 2012-09-12 11:34 - 00294216 ____A C:\Users\Cynthia\Downloads\gmer.zip
2012-09-12 11:23 - 2012-09-12 11:23 - 00000000 ____D C:\Users\Cynthia\Application Data\Malwarebytes
2012-09-12 11:23 - 2012-09-12 11:23 - 00000000 ____D C:\Users\Cynthia\AppData\Roaming\Malwarebytes
2012-09-12 11:22 - 2012-09-12 11:22 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-12 11:22 - 2012-09-12 11:22 - 00000906 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-12 11:22 - 2012-09-12 11:22 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-12 11:22 - 2012-09-12 11:22 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-09-12 11:22 - 2012-09-12 11:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-09-12 11:22 - 2012-09-07 13:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-12 11:20 - 2012-09-12 11:20 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Cynthia\Desktop\mbam-setup-1.65.0.1400.exe
2012-09-12 11:11 - 2012-09-12 11:11 - 00044607 ____A C:\Users\Cynthia\Desktop\bootkit_remover.zip
2012-09-12 11:11 - 2012-09-12 11:11 - 00000000 ____D C:\Users\Cynthia\Desktop\bootkit_remover
2012-09-12 08:26 - 2012-09-12 08:26 - 00171241 ____A C:\Users\Cynthia\Downloads\blow flower beautiful girl
2012-09-12 08:18 - 2012-09-12 08:18 - 00039447 ____A C:\Users\Cynthia\blow flower 2 space
2012-09-10 10:37 - 2012-09-10 10:37 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-09-10 10:37 - 2012-09-10 10:37 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-10 09:47 - 2012-09-23 19:19 - 00663312 ____A C:\Windows\WindowsUpdate.log
2012-09-06 19:49 - 2012-09-06 19:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-04 09:01 - 2012-09-04 09:20 - 00000828 ____A C:\Users\Cynthia\Desktop\WinDirStat.lnk
2012-09-04 09:01 - 2012-09-04 09:01 - 00000000 ____D C:\Program Files\WinDirStat
2012-08-31 14:00 - 2012-08-31 14:00 - 00000000 ____D C:\Program Files\Defraggler
2012-08-31 13:35 - 2012-08-31 13:35 - 00000000 ____D C:\Program Files\Trust USB WiFi Adapter Driver
2012-08-31 13:19 - 2012-08-31 13:19 - 00000000 ____D C:\Users\Cynthia\Application Data\InstallShield
2012-08-31 13:19 - 2012-08-31 13:19 - 00000000 ____D C:\Users\Cynthia\AppData\Roaming\InstallShield
2012-08-31 13:19 - 2009-02-11 13:11 - 00329752 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys
2012-08-31 12:56 - 2012-08-31 12:56 - 00000000 ____D C:\Users\Cynthia\Local Settings\Downloaded Installations
2012-08-31 12:56 - 2012-08-31 12:56 - 00000000 ____D C:\Users\Cynthia\Local Settings\Application Data\Downloaded Installations
2012-08-31 12:56 - 2012-08-31 12:56 - 00000000 ____D C:\Users\Cynthia\AppData\Local\Downloaded Installations
2012-08-31 12:04 - 2012-08-31 12:04 - 00016060 ____A C:\Windows\System32\results.xml
2012-08-31 11:55 - 2012-08-31 11:55 - 00000000 ____D C:\Program Files\IDT
2012-08-31 11:45 - 1999-12-31 16:00 - 03293184 ____A (Intel Corporation) C:\Windows\System32\igfxress.dll
2012-08-31 11:45 - 1999-12-31 16:00 - 02420736 ____A (Intel Corporation) C:\Windows\System32\ig4icd32.dll
2012-08-31 11:45 - 1999-12-31 16:00 - 02307072 ____A (Intel Corporation) C:\Windows\System32\Drivers\igdkmd32.sys
2012-08-31 11:45 - 1999-12-31 16:00 - 02174976 ____A (Intel Corporation) C:\Windows\System32\ig4dev32.dll
2012-08-31 11:45 - 1999-12-31 16:00 - 00539160 ____A (Intel Corporation) C:\Windows\System32\igfxcfg.exe
2012-08-31 11:45 - 1999-12-31 16:00 - 00204800 ____A (Intel Corporation) C:\Windows\System32\igfxpph.dll
2012-08-31 11:45 - 1999-12-31 16:00 - 00192512 ____A (Intel Corporation) C:\Windows\System32\igfxrell.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00192512 ____A (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00188416 ____A (Intel Corporation) C:\Windows\System32\igfxrnld.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00188416 ____A (Intel Corporation) C:\Windows\System32\igfxrita.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00188416 ____A (Intel Corporation) C:\Windows\System32\igfxresp.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00184320 ____A (Intel Corporation) C:\Windows\System32\igfxrhun.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00184320 ____A (Intel Corporation) C:\Windows\System32\igfxrfra.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00180224 ____A (Intel Corporation) C:\Windows\System32\igfxrrus.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00180224 ____A (Intel Corporation) C:\Windows\System32\igfxrptg.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00180224 ____A (Intel Corporation) C:\Windows\System32\igfxrptb.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00180224 ____A (Intel Corporation) C:\Windows\System32\igfxrplk.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00176128 ____A (Intel Corporation) C:\Windows\System32\igfxrsve.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00176128 ____A (Intel Corporation) C:\Windows\System32\igfxrsky.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00176128 ____A (Intel Corporation) C:\Windows\System32\igfxrnor.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00176128 ____A (Intel Corporation) C:\Windows\System32\igfxrfin.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00176128 ____A (Intel Corporation) C:\Windows\System32\igfxrdan.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00176128 ____A (Intel Corporation) C:\Windows\System32\igfxrcsy.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00172032 ____A (Intel Corporation) C:\Windows\System32\igfxrtrk.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00172032 ____A (Intel Corporation) C:\Windows\System32\igfxrslv.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00170520 ____A (Intel Corporation) C:\Windows\System32\igfxzoom.exe
2012-08-31 11:45 - 1999-12-31 16:00 - 00170520 ____A (Intel Corporation) C:\Windows\System32\igfxext.exe
2012-08-31 11:45 - 1999-12-31 16:00 - 00163840 ____A (Intel Corporation) C:\Windows\System32\igfxrtha.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00159744 ____A (Intel Corporation) C:\Windows\System32\igfxrara.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00155648 ____A (Intel Corporation) C:\Windows\System32\igfxrheb.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00147456 ____A C:\Windows\System32\igfxCoIn_v1587.dll
2012-08-31 11:45 - 1999-12-31 16:00 - 00141848 ____A (Intel Corporation) C:\Windows\System32\igfxtray.exe
2012-08-31 11:45 - 1999-12-31 16:00 - 00135168 ____A (Intel Corporation) C:\Windows\System32\igfxdo.dll
2012-08-31 11:45 - 1999-12-31 16:00 - 00131072 ____A (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00126976 ____A (Intel Corporation) C:\Windows\System32\igfxrkor.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00122880 ____A (Intel Corporation) C:\Windows\System32\igfxcpl.cpl
2012-08-31 11:45 - 1999-12-31 16:00 - 00114688 ____A (Intel Corporation) C:\Windows\System32\igfxrchs.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00110592 ____A (Intel Corporation) C:\Windows\System32\igfxrcht.lrc
2012-08-31 11:45 - 1999-12-31 16:00 - 00069632 ____A (Intel Corporation) C:\Windows\System32\oemdspif.dll
2012-08-31 11:45 - 1999-12-31 16:00 - 00032912 ____A C:\Windows\System32\iglhxs32.vp
2012-08-31 11:45 - 1999-12-31 16:00 - 00024576 ____A (Intel Corporation) C:\Windows\System32\igfxexps.dll
2012-08-31 11:41 - 2012-09-04 08:32 - 00013024 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2012-08-31 11:41 - 2012-08-31 11:41 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2012-08-31 11:41 - 2012-08-31 11:41 - 00000000 ____D C:\Users\All Users\Documents\Downloaded Installers
2012-08-25 00:04 - 2012-08-25 00:04 - 00000000 ____D C:\Program Files\Windows Portable Devices
2012-08-25 00:03 - 2012-08-25 00:03 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2012-08-25 00:03 - 2012-08-25 00:03 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2012-08-24 23:39 - 2009-09-30 17:02 - 02537472 ____A (Microsoft Corporation) C:\Windows\System32\wpdshext.dll
2012-08-24 23:39 - 2009-09-30 17:02 - 00334848 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceApi.dll
2012-08-24 23:39 - 2009-09-30 17:02 - 00087552 ____A (Microsoft Corporation) C:\Windows\System32\WPDShServiceObj.dll
2012-08-24 23:39 - 2009-09-30 17:02 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\BthMtpContextHandler.dll
2012-08-24 23:39 - 2009-09-30 17:02 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\WPDShextAutoplay.exe
2012-08-24 23:39 - 2009-09-30 17:01 - 00546816 ____A (Microsoft Corporation) C:\Windows\System32\wpd_ci.dll
2012-08-24 23:39 - 2009-09-30 17:01 - 00350208 ____A (Microsoft Corporation) C:\Windows\System32\WPDSp.dll
2012-08-24 23:39 - 2009-09-30 17:01 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\WpdMtp.dll
2012-08-24 23:39 - 2009-09-30 17:01 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceWMDRM.dll
2012-08-24 23:39 - 2009-09-30 17:01 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceTypes.dll
2012-08-24 23:39 - 2009-09-30 17:01 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceClassExtension.dll
2012-08-24 23:39 - 2009-09-30 17:01 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\wpdbusenum.dll
2012-08-24 23:39 - 2009-09-30 17:01 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\WpdMtpUS.dll
2012-08-24 23:39 - 2009-09-30 17:01 - 00060928 ____A (Microsoft Corporation) C:\Windows\System32\PortableDeviceConnectApi.dll
2012-08-24 23:39 - 2009-09-30 17:01 - 00040448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WpdUsb.sys
2012-08-24 23:39 - 2009-09-30 17:01 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\WpdConns.dll
2012-08-24 23:39 - 2009-09-09 18:01 - 03023360 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbon.dll
2012-08-24 23:39 - 2009-09-09 18:00 - 01164800 ____A (Microsoft Corporation) C:\Windows\System32\UIRibbonRes.dll
2012-08-24 23:39 - 2009-09-09 18:00 - 00092672 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2012-08-24 23:32 - 2012-02-29 07:11 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 23:32 - 2012-02-29 07:11 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-08-24 23:32 - 2012-02-29 07:09 - 00157696 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-08-24 23:32 - 2012-02-29 05:32 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-08-24 23:25 - 2012-07-04 06:02 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

==================== 3 Months Modified Files ==================
2012-09-23 19:19 - 2012-09-10 09:47 - 00663312 ____A C:\Windows\WindowsUpdate.log
2012-09-23 19:19 - 2006-11-02 05:01 - 00032544 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-23 19:19 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-23 19:19 - 2006-11-02 04:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-23 19:19 - 2006-11-02 04:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-23 19:13 - 2009-02-13 15:07 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
2012-09-23 18:51 - 2011-02-01 17:51 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-23 17:51 - 2011-02-01 17:51 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-22 17:16 - 2006-11-02 02:22 - 42729472 ____A C:\Windows\System32\config\software_previous
2012-09-22 17:16 - 2006-11-02 02:22 - 39583744 ____A C:\Windows\System32\config\components_previous
2012-09-22 17:16 - 2006-11-02 02:22 - 26214400 ____A C:\Windows\System32\config\system_previous
2012-09-22 17:16 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-09-22 17:16 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-09-22 17:16 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2012-09-22 09:49 - 2012-09-22 09:48 - 07200144 ____A C:\Users\Cynthia\Downloads\watersound.mpeg
2012-09-20 18:04 - 2012-09-20 18:04 - 00034954 ____A C:\Users\Cynthia\Desktop\Extras.Txt
2012-09-20 18:02 - 2012-09-20 18:02 - 00062816 ____A C:\Users\Cynthia\Desktop\OTL.Txt
2012-09-20 17:53 - 2012-09-20 17:52 - 00600064 ____A (OldTimer Tools) C:\Users\Cynthia\Desktop\OTL.exe
2012-09-19 06:47 - 2012-09-19 06:47 - 00016770 ____A C:\ComboFix.txt
2012-09-19 06:42 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
2012-09-19 06:32 - 2012-09-18 17:43 - 04752754 ____R (Swearware) C:\Users\Cynthia\Desktop\ComboFix.exe
2012-09-18 09:03 - 2012-09-18 09:03 - 00001994 ____A C:\Users\Cynthia\Desktop\aswMBR.txt
2012-09-18 09:03 - 2012-09-18 09:03 - 00000512 ____A C:\Users\Cynthia\Desktop\MBR.dat
2012-09-18 08:29 - 2012-09-18 08:29 - 04731392 ____A (AVAST Software) C:\Users\Cynthia\Downloads\aswMBR (1).exe
2012-09-18 07:54 - 2012-09-18 07:53 - 04731392 ____A (AVAST Software) C:\Users\Cynthia\Downloads\aswMBR.exe
2012-09-18 07:51 - 2012-09-18 07:51 - 00001895 ____A C:\Users\Cynthia\Desktop\RKreport[1].txt
2012-09-18 07:51 - 2012-09-18 07:51 - 00001738 ____A C:\Users\Cynthia\Desktop\RKreport[2].txt
2012-09-18 07:50 - 2012-09-18 07:50 - 01378816 ____A C:\Users\Cynthia\Downloads\RogueKiller.exe
2012-09-18 07:46 - 2012-09-17 15:25 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Cynthia\Desktop\TDSSKiller.exe
2012-09-18 07:45 - 2012-09-18 07:44 - 02193278 ____A C:\Users\Cynthia\Downloads\tdsskiller.zip
2012-09-17 13:34 - 2012-09-17 13:33 - 00607260 ____R (Swearware) C:\Users\Cynthia\Downloads\dds (1).com
2012-09-16 07:43 - 2012-09-16 07:43 - 00001721 ____A C:\Users\Cynthia\Desktop\Spotify.lnk
2012-09-12 17:31 - 2006-11-02 02:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-09-12 17:08 - 2012-09-12 17:08 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-12 17:08 - 2012-09-12 17:08 - 00000804 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-09-12 13:14 - 2012-09-12 13:14 - 00607260 ____R (Swearware) C:\Users\Cynthia\Downloads\dds.com
2012-09-12 11:40 - 2012-09-12 11:40 - 00104104 ____A C:\Users\Cynthia\Local Settings\GDIPFONTCACHEV1.DAT
2012-09-12 11:40 - 2012-09-12 11:40 - 00104104 ____A C:\Users\Cynthia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-12 11:40 - 2012-09-12 11:40 - 00104104 ____A C:\Users\Cynthia\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-12 11:39 - 2012-09-12 11:38 - 00404416 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-12 11:35 - 2011-07-16 18:21 - 00302592 ____A C:\Users\Cynthia\Desktop\gmer.exe
2012-09-12 11:34 - 2012-09-12 11:33 - 00294216 ____A C:\Users\Cynthia\Downloads\gmer.zip
2012-09-12 11:22 - 2012-09-12 11:22 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-12 11:22 - 2012-09-12 11:22 - 00000906 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-12 11:20 - 2012-09-12 11:20 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Cynthia\Desktop\mbam-setup-1.65.0.1400.exe
2012-09-12 11:11 - 2012-09-12 11:11 - 00044607 ____A C:\Users\Cynthia\Desktop\bootkit_remover.zip
2012-09-12 08:26 - 2012-09-12 08:26 - 00171241 ____A C:\Users\Cynthia\Downloads\blow flower beautiful girl
2012-09-12 08:18 - 2012-09-12 08:18 - 00039447 ____A C:\Users\Cynthia\blow flower 2 space
2012-09-10 10:37 - 2012-09-10 10:37 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-09-10 10:37 - 2012-09-10 10:37 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-07 13:04 - 2012-09-12 11:22 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-06 19:50 - 2012-08-22 12:24 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-06 19:49 - 2006-11-02 02:33 - 00734252 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-04 09:20 - 2012-09-04 09:01 - 00000828 ____A C:\Users\Cynthia\Desktop\WinDirStat.lnk
2012-09-04 08:32 - 2012-08-31 11:41 - 00013024 ____A C:\Windows\System32\Drivers\SWDUMon.sys
2012-08-31 12:04 - 2012-08-31 12:04 - 00016060 ____A C:\Windows\System32\results.xml
2012-08-25 00:03 - 2012-08-25 00:03 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2012-08-25 00:03 - 2012-08-25 00:03 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2012-08-22 18:17 - 2012-08-22 18:17 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-08-22 18:17 - 2012-08-22 18:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-22 18:17 - 2012-08-22 18:17 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-22 18:17 - 2012-08-22 18:17 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-22 18:17 - 2012-08-22 18:17 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-08-22 18:17 - 2012-08-22 18:17 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-08-22 18:17 - 2012-08-22 18:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-22 18:17 - 2012-08-22 18:17 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-08-22 18:17 - 2012-08-22 18:17 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-08-22 18:17 - 2012-08-22 18:17 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-08-22 18:17 - 2012-08-22 18:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-08-22 18:17 - 2012-08-22 18:17 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-22 18:17 - 2012-08-22 18:17 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-08-22 18:17 - 2012-08-22 18:17 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-22 18:17 - 2006-11-01 22:32 - 00008798 ____A C:\Windows\System32\icrav03.rat
2012-08-22 18:17 - 2006-11-01 22:32 - 00001988 ____A C:\Windows\System32\ticrf.rat
2012-08-22 18:15 - 2012-08-22 18:15 - 02873344 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 01554432 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 01075712 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 01029120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 00979456 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 00847360 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 00667648 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
2012-08-22 18:15 - 2012-08-22 18:15 - 00638336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-08-22 18:15 - 2012-08-22 18:15 - 00586240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 00486400 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 00478720 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 00357376 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 00302592 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 00261632 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
2012-08-22 18:15 - 2012-08-22 18:15 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-08-22 18:15 - 2012-08-22 18:15 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
2012-08-22 18:13 - 2012-08-22 18:13 - 00974848 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2012-08-22 18:13 - 2012-08-22 18:13 - 00519680 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2012-08-22 18:13 - 2012-08-22 18:13 - 00369664 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2012-08-22 18:13 - 2012-08-22 18:13 - 00321024 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
2012-08-22 18:13 - 2012-08-22 18:13 - 00252928 ____A (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
2012-08-22 18:13 - 2012-08-22 18:13 - 00195584 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
2012-08-22 18:13 - 2012-08-22 18:13 - 00189440 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2012-08-22 17:59 - 2012-08-22 17:58 - 20158824 ____A (Microsoft Corporation) C:\Users\Cynthia\Downloads\BOIE9_ENUS_BO0085_VIS.EXE
2012-08-22 17:47 - 2012-08-22 17:46 - 22294856 ____A (Microsoft Corporation) C:\Users\Cynthia\Downloads\BOIE9_ENUS_BO0084_VIS.EXE
2012-08-21 06:22 - 2012-08-21 06:23 - 00200869 ____A C:\Users\Cynthia\Downloads\SATA Driver Intel Ver.7.0.0.1020.zip
2012-08-21 06:13 - 2012-08-21 06:13 - 08937128 ____A C:\Users\Cynthia\Downloads\R167846.EXE
2012-07-12 16:58 - 2012-05-26 13:59 - 00032398 ____A C:\Users\Cynthia\My Documents\My first Notebook.odt
2012-07-12 16:58 - 2012-05-26 13:59 - 00032398 ____A C:\Users\Cynthia\Documents\My first Notebook.odt
2012-07-04 06:02 - 2012-08-24 23:25 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-29 08:01 - 2012-08-23 05:09 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-09-20 17:55:33
Restore point made on: 2012-09-22 13:48:58
Restore point made on: 2012-09-22 14:07:33
Restore point made on: 2012-09-22 17:13:00
Restore point made on: 2012-09-22 17:50:38
Restore point made on: 2012-09-23 18:12:04
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 2037.56 MB
Available physical RAM: 1759.66 MB
Total Pagefile: 1969.45 MB
Available Pagefile: 1821.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.52 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:139.31 GB) (Free:111.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (HP Pocket Media Drive) (Fixed) (Total:74.52 GB) (Free:46.83 GB) NTFS
4 Drive r: (MS-RAMDRIVE) (Fixed) (Total:0.01 GB) (Free:0.01 GB) FAT
5 Drive x: (Recovery) (Fixed) (Total:9.74 GB) (Free:3.16 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 1528 KB
Disk 1 Online 75 GB 9 MB
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 10 GB 32 KB
Partition 2 Primary 139 GB 10 GB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 X Recovery NTFS Partition 10 GB Healthy Boot
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 139 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 0 Extended 75 GB 8033 KB
Partition 1 Logical 75 GB 8064 KB
=========================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP Pocket M NTFS Partition 75 GB Healthy
=========================================================
Last Boot: 2012-09-23 11:06
==================== End Of Log ============================

Broni · Sep 25, 2012

* Click on Start, then Run.
* Copy and Paste the bold text below in to the Run Box:

cmd /c dir /a /s C:\QooBox\Quarantine\Registry_backups >log.txt&start log.txt

* Then click on OK.
* A Text File will open up, please Copy and Paste the contents in your next reply.

ccchester · Sep 25, 2012

I tried to do what you said, but I got this error message:

"Windows cannot find log.txt. Make sure you have typed the name correctly, and then try again."

I tried again, making sure I had copied it correctly, but still got the same response. What does that mean, and what should I do next?

Broni · Sep 25, 2012

My bad. One backslash was missing.
I corrected the command.
Please retry.

ccchester · Sep 25, 2012

Where is the command? What exactly will this do?

Broni · Sep 25, 2012

My reply #14.
I edited that command.

Broni · Sep 30, 2012

Still with me?

Broni · Oct 5, 2012

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.

Inactive [A] Internet Explorer being redirected

Posts: 9 +0

Posts: 56,041 +516

Posts: 9 +0

Posts: 56,041 +516

Posts: 9 +0

Posts: 56,041 +516

Posts: 9 +0

Posts: 56,041 +516

Posts: 9 +0

Posts: 56,041 +516

Posts: 9 +0

Posts: 56,041 +516

Posts: 9 +0

Posts: 56,041 +516

Posts: 9 +0

Posts: 56,041 +516

Posts: 9 +0

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 56,041 +516

Similar threads