TechSpot

Google redirect virus/malware

Solved
By peteskat
Sep 25, 2011
  1. Hi. Looks like my laptop has also been infected with the google redirect virus/malware.

    I've followed steps 1-6. Here are the results.

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7795

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    9/25/2011 9:48:53 AM
    mbam-log-2011-09-25 (09-48-53).txt

    Scan type: Quick scan
    Objects scanned: 175823
    Time elapsed: 3 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Gmer had nothing at all (blank log)

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Kathy at 10:09:06 on 2011-09-25
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4086.2680 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Encore\Hoyle Card Games 2011\Ereg\encore_reg.exe
    C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Windows Live ID Sign-in Helper: {5e84400c-0b3f-0cbb-4188-3b3a1a8b6d27} - C:\Windows\SysWOW64\WcsPlugInSService.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [20090604] C:\Program Files (x86)\Encore\Hoyle Card Games 2011\Ereg\encore_reg.exe /r "C:\Program Files (x86)\Encore\Hoyle Card Games 2011\Ereg\encore_reg.rpd"
    mRun: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\Kathy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    StartupFolder: C:\Users\Kathy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\UTORRE~1.LNK - C:\Program Files (x86)\uTorrent Turbo Booster\uTorrent Turbo Booster.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{D233F17A-0A12-4A88-A964-E16D74200EBA} : DhcpNameServer = 192.168.1.254
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Windows Live ID Sign-in Helper: {5E84400C-0B3F-0CBB-4188-3B3A1A8B6D27} - C:\Windows\SysWOW64\WcsPlugInSService.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    mRun-x64: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-22 366152]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-1 136176]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-1 136176]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-09-25 14:04:11 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F5A86BB8-508A-4613-80B2-69321B770DB9}\offreg.dll
    2011-09-25 14:04:03 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F5A86BB8-508A-4613-80B2-69321B770DB9}\mpengine.dll
    2011-09-25 12:24:53 -------- d-----w- C:\Users\Kathy\AppData\Roaming\Bigfish 3 Days Zoo Mystery
    2011-09-25 12:23:03 -------- d-----w- C:\Program Files (x86)\Games
    2011-09-25 12:20:49 -------- d-----w- C:\Users\Kathy\AppData\Roaming\GameInvest
    2011-09-22 11:14:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-09-22 10:35:23 -------- d-----w- C:\Users\Kathy\AppData\Roaming\Malwarebytes
    2011-09-22 10:35:11 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-09-22 10:35:07 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-09-20 14:57:50 90112 ----a-w- C:\Windows\SysWow64\lfjbg13n.dll
    2011-09-20 14:57:50 73728 ----a-w- C:\Windows\SysWow64\lffax13n.dll
    2011-09-20 14:57:50 453120 ----a-w- C:\Windows\SysWow64\ltkrn13n.dll
    2011-09-20 14:57:50 445440 ----a-w- C:\Windows\SysWow64\ltimg13n.dll
    2011-09-20 14:57:50 388608 ----a-w- C:\Windows\SysWow64\lfcmp13n.dll
    2011-09-20 14:57:50 265216 ----a-w- C:\Windows\SysWow64\ltdis13n.dll
    2011-09-20 14:57:50 246272 ----a-w- C:\Windows\SysWow64\lfj2k13n.dll
    2011-09-20 14:57:50 206848 ----a-w- C:\Windows\SysWow64\ltefx13n.dll
    2011-09-20 14:57:50 189976 ----a-w- C:\Windows\SysWow64\mfimgvwr.ocx
    2011-09-20 14:57:50 1693696 ----a-w- C:\Windows\SysWow64\ltclr13n.dll
    2011-09-20 14:57:50 154112 ----a-w- C:\Windows\SysWow64\ltfil13n.dll
    2011-09-20 14:57:50 142848 ----a-w- C:\Windows\SysWow64\lftif13n.dll
    2011-09-20 14:56:53 -------- d-----w- C:\Program Files (x86)\MFInstall
    2011-09-19 11:08:06 -------- d-----w- C:\Windows\SysWow64\2072
    2011-09-16 12:22:58 -------- d-----w- C:\ProgramData\AgentSS
    2011-09-16 12:22:35 -------- d--h--w- C:\ProgramData\sacache
    2011-09-16 12:18:16 90112 ----a-w- C:\Windows\unvise32.exe
    2011-09-16 12:18:16 -------- d-----w- C:\Program Files (x86)\WinConfig
    2011-09-16 12:18:06 -------- d-----w- C:\Program Files (x86)\Spytech Software
    2011-09-15 23:42:29 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2011-09-15 23:42:28 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A3326CEA-3CDB-4E29-B5FD-42FF992C6784}\gapaengine.dll
    2011-09-15 18:39:43 -------- d-----w- C:\Windows\System32\SPReview
    2011-09-15 18:39:07 -------- d-----w- C:\Windows\System32\EventProviders
    2011-09-15 17:00:22 -------- d-----w- C:\Users\Kathy\AppData\Roaming\Hoyle FaceCreator
    2011-09-15 17:00:17 -------- d-----w- C:\Users\Kathy\AppData\Roaming\Hoyle
    2011-09-15 16:58:41 3786760 ----a-w- C:\Windows\SysWow64\D3DX9_37.dll
    2011-09-15 16:54:12 -------- d-----w- C:\Program Files (x86)\Encore
    2011-09-15 10:41:43 -------- d-----w- C:\Users\Kathy\AppData\Roaming\Special K Software
    2011-09-12 14:03:56 -------- d-----w- C:\Windows\PCHEALTH
    2011-09-12 14:00:07 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
    2011-09-12 13:59:17 -------- d-----w- C:\Users\Kathy\AppData\Local\Microsoft Help
    2011-09-10 13:23:01 -------- d-----w- C:\Program Files (x86)\MSECache
    2011-09-08 10:32:46 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2011-09-06 10:51:59 -------- d-----w- C:\Users\Kathy\AppData\Local\Nero_AG
    2011-09-06 10:51:34 -------- d-----w- C:\Users\Kathy\AppData\Local\Nero
    2011-09-06 10:37:44 -------- d-----w- C:\ProgramData\Nero
    2011-09-06 10:36:54 -------- d-----w- C:\Program Files (x86)\Nero
    2011-09-06 10:33:26 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
    2011-09-06 10:32:09 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
    2011-09-06 10:30:48 3727720 ----a-w- C:\Windows\SysWow64\d3dx9_35.dll
    2011-09-06 09:37:31 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
    2011-09-06 09:36:11 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll
    2011-09-05 20:11:54 -------- d-----w- C:\Program Files (x86)\Gold Miner Vegas
    2011-09-04 19:39:11 -------- d-----w- C:\Program Files (x86)\MagicDisc
    2011-09-04 17:08:53 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
    2011-09-04 16:59:49 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
    2011-09-04 16:59:49 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
    2011-09-04 11:49:28 -------- d-----w- C:\ProgramData\Big Fish Games
    2011-09-04 11:49:24 -------- d-----w- C:\Program Files (x86)\bfgclient
    2011-09-02 21:06:16 -------- d-----w- C:\Windows\SysWow64\Wat
    2011-09-02 21:06:16 -------- d-----w- C:\Windows\System32\Wat
    2011-09-02 16:17:27 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-09-02 13:14:51 -------- d-----w- C:\Program Files (x86)\SilverCreekCommonFiles
    2011-09-02 13:14:50 -------- d-----w- C:\Program Files (x86)\Hardwood Euchre
    2011-09-02 11:41:06 161736 ----a-w- C:\Program Files (x86)\64res.dll
    2011-09-02 11:36:36 -------- d-----w- C:\Program Files (x86)\TelevisionFanaticEI
    2011-09-02 11:29:31 -------- d-----w- C:\Users\Kathy\AppData\Local\DDMSettings
    2011-09-02 11:28:09 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
    2011-09-02 11:27:37 -------- d-----w- C:\Program Files\DivX
    2011-09-02 11:27:22 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
    2011-09-02 11:25:51 -------- d-----w- C:\Program Files (x86)\DivX
    2011-09-02 11:25:17 -------- d-----w- C:\ProgramData\DivX
    2011-09-02 11:16:39 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-09-02 11:10:27 -------- d-----w- C:\Program Files (x86)\RealArcade
    2011-09-02 11:08:08 -------- d-----w- C:\Program Files\Babylon
    2011-09-02 11:07:47 -------- d-----w- C:\Program Files (x86)\uTorrent Turbo Booster
    2011-09-02 11:02:46 -------- d-----w- C:\extensions
    2011-09-02 11:02:44 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
    2011-09-02 11:02:43 -------- d-----w- C:\Users\Kathy\AppData\Local\Conduit
    2011-09-02 11:02:34 -------- d-----w- C:\Program Files (x86)\uTorrent
    2011-09-02 11:01:52 -------- d-----w- C:\Users\Kathy\AppData\Roaming\uTorrent
    2011-09-02 11:01:52 -------- d-----w- C:\Users\Kathy\AppData\Local\uTorrent
    2011-09-02 10:48:23 48976 ----a-w- C:\Windows\System32\netfxperf.dll
    2011-09-02 10:48:23 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2011-09-02 10:48:14 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2011-09-02 10:48:09 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
    2011-09-02 10:48:09 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2011-09-02 10:48:08 3715584 ----a-w- C:\Windows\System32\mstscax.dll
    2011-09-02 10:48:08 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
    2011-09-02 10:48:07 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
    2011-09-02 10:48:03 3215872 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2011-09-02 10:48:00 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2011-09-02 10:48:00 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2011-09-02 10:48:00 1171456 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2011-09-02 10:46:59 933888 ----a-w- C:\Windows\System32\sqlsrv32.dll
    2011-09-02 10:45:59 413696 ----a-w- C:\Windows\SysWow64\PhotoScreensaver.scr
    2011-09-02 10:44:59 9728 ----a-w- C:\Windows\System32\spwmp.dll
    2011-09-02 10:42:24 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
    2011-09-02 10:42:23 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
    2011-09-02 10:42:15 244736 ----a-w- C:\Windows\System32\sqmapi.dll
    2011-09-01 22:35:24 -------- d-----w- C:\Users\Kathy\My eBooks
    2011-09-01 22:16:57 -------- d-----w- C:\Users\Kathy\AppData\Local\Microsoft Games
    2011-09-01 15:57:30 -------- d-----w- C:\Windows\Panther
    2011-09-01 15:33:55 780224 ----a-w- C:\ci.dll
    2011-09-01 15:02:20 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
    2011-09-01 14:54:17 -------- d-----w- C:\Users\Kathy\AppData\Local\Adobe
    2011-09-01 14:53:50 -------- d-----w- C:\Users\Kathy\AppData\Local\Google
    2011-09-01 14:29:32 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2011-09-01 14:29:16 -------- d-sh--w- C:\Windows\Installer
    2011-09-01 14:29:15 -------- d-----w- C:\Program Files\Microsoft Security Client
    2011-09-01 13:17:52 -------- d-----w- C:\Program Files\Protector Suite
    2011-09-01 12:52:37 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-09-01 12:47:36 8862544 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C608BEE-06BF-467A-9EDB-437EC6262C71}\mpengine.dll
    2011-09-01 12:44:18 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
    2011-09-01 12:44:18 31232 ----a-w- C:\Windows\System32\prevhost.exe
    2011-09-01 12:44:11 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-09-01 12:44:11 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-09-01 12:44:00 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-09-01 12:44:00 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-09-01 12:42:48 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-09-01 12:41:19 974336 ----a-w- C:\Windows\System32\WFS.exe
    2011-09-01 12:41:19 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
    2011-09-01 12:37:09 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2011-09-01 12:36:57 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-09-01 12:36:55 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-09-01 12:36:55 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-09-01 12:21:58 1002008 ----a-w- C:\Windows\SysWow64\igxpun.exe
    2011-09-01 12:21:58 -------- d-----w- C:\Windows\SysWow64\x64
    .
    ==================== Find3M ====================
    .
    2011-09-15 18:49:56 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-09-15 18:49:55 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-07-22 20:51:50 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
    2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    .
    ============= FINISH: 10:09:23.97 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/1/2011 8:18:12 AM
    System Uptime: 9/25/2011 5:23:44 AM (5 hours ago)
    .
    Motherboard: Dell Inc. | | 0N6705
    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 222.534 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02091028&REV_12\4&2C68880C&0&0BF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02091028&REV_12\4&2C68880C&0&0BF0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP46: 9/15/2011 2:39:34 PM - Windows 7 Service Pack 1
    RP47: 9/15/2011 5:51:00 PM - Windows Update
    RP48: 9/15/2011 7:41:51 PM - Windows Update
    RP49: 9/17/2011 7:32:09 AM - Windows Update
    RP50: 9/20/2011 11:51:43 AM - Installed Adobe Acrobat X Pro - English, Français, Deutsch.
    RP51: 9/20/2011 3:58:37 PM - Windows Update
    RP52: 9/24/2011 9:08:31 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    3 Days - Zoo Mystery 1.00
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.1)
    Big Fish Games: Game Manager
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hardwood Euchre
    High-Definition Video Playback 10
    Hoyle Card Games 2011 (remove only)
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel Viewer
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 10 Menu TemplatePack Basic
    Nero 10 Movie ThemePack Basic
    Nero BackItUp 10
    Nero BackItUp 10 Help (CHM)
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero CoverDesigner 10
    Nero CoverDesigner 10 Help (CHM)
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Dolby Files 10
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero InfoTool 10
    Nero InfoTool 10 Help (CHM)
    Nero MediaHub 10
    Nero MediaHub 10 Help (CHM)
    Nero Multimedia Suite 10
    Nero Recode 10
    Nero Recode 10 Help (CHM)
    Nero RescueAgent 10
    Nero RescueAgent 10 Help (CHM)
    Nero SoundTrax 10
    Nero SoundTrax 10 Help (CHM)
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    Nero Vision 10
    Nero Vision 10 Help (CHM)
    Nero WaveEditor 10
    Nero WaveEditor 10 Help (CHM)
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Spytech SpyAgent
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2553110)
    uTorrent Turbo Booster
    VC80CRTRedist - 8.0.50727.6195
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/25/2011 5:25:01 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    9/25/2011 5:24:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/24/2011 8:58:26 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/24/2011 1:54:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/23/2011 5:18:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/22/2011 7:20:56 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/22/2011 7:12:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/22/2011 6:59:48 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/22/2011 6:53:04 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/22/2011 6:41:47 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/22/2011 6:16:42 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/22/2011 4:35:38 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
    9/22/2011 3:54:28 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/22/2011 3:12:17 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/21/2011 5:45:35 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/21/2011 3:31:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/20/2011 8:16:49 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/20/2011 3:48:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/20/2011 3:46:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/20/2011 11:47:58 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Kathy-laptop\Kathy SID (S-1-5-21-729279385-1639433662-237037186-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    9/20/2011 11:47:58 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Kathy-laptop\Kathy SID (S-1-5-21-729279385-1639433662-237037186-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    9/20/2011 11:47:58 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Kathy-laptop\Kathy SID (S-1-5-21-729279385-1639433662-237037186-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    9/18/2011 8:40:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/18/2011 7:24:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/18/2011 4:47:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    .
    ==== End Of File ===========================

    Please help. Thank you
  2. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. peteskat

    peteskat TS Rookie Topic Starter

    I have done as instructed and here are the results - please note that i can no longer use any of my icons on my computer. The error is: "Illegal operation attempted on a registry key that has been marked for deletion" - I had to use another computer to post this message.

    ComboFix 11-09-24.04 - Kathy 09/25/2011 15:57:50.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4086.2703 [GMT -4:00]
    Running from: c:\users\Kathy\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files (x86)\Spytech Software
    c:\program files (x86)\Spytech Software\Spytech SpyAgent\Deploy.exe
    c:\program files (x86)\Spytech Software\Spytech SpyAgent\help.htm
    c:\program files (x86)\Spytech Software\Spytech SpyAgent\license.txt
    c:\program files (x86)\Spytech Software\Spytech SpyAgent\NoStealth.exe
    c:\program files (x86)\Spytech Software\Spytech SpyAgent\readme!.txt
    c:\program files (x86)\Spytech Software\Spytech SpyAgent\SpyAgent's 10 Step Guide to Total Stealth.url
    c:\program files (x86)\Spytech Software\Spytech SpyAgent\svchost.exe
    c:\program files (x86)\Spytech Software\Spytech SpyAgent\sysdiag.exe
    c:\program files (x86)\Spytech Software\Spytech SpyAgent\uninstal.log
    c:\program files (x86)\WinConfig
    c:\program files (x86)\WinConfig\npf_mgm.exe
    c:\programdata\emopts.dat
    c:\windows\sbrowse.exe
    c:\windows\SNMPAPI.DLL
    c:\windows\SysWow64\drivers\npf.sys
    c:\windows\SysWow64\NTInvisible.dll
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-25 to 2011-09-25 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-25 15:24 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BDC19EE4-F74C-4021-865D-CBE2D02A110C}\mpengine.dll
    2011-09-25 12:23 . 2011-09-25 12:23 -------- d-----w- c:\program files (x86)\Games
    2011-09-22 11:14 . 2011-09-22 11:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-09-22 10:35 . 2011-09-22 10:35 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-22 10:35 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-19 11:08 . 2011-09-19 11:08 -------- d-----w- c:\windows\SysWow64\2072
    2011-09-16 12:22 . 2011-09-17 11:31 -------- d-----w- c:\programdata\AgentSS
    2011-09-16 12:22 . 2011-09-17 11:04 -------- d--h--w- c:\programdata\sacache
    2011-09-16 12:18 . 2003-03-16 02:15 90112 ----a-w- c:\windows\unvise32.exe
    2011-09-15 23:42 . 2010-11-30 15:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2011-09-15 23:42 . 2010-11-30 15:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3326CEA-3CDB-4E29-B5FD-42FF992C6784}\gapaengine.dll
    2011-09-15 18:39 . 2011-09-15 18:39 -------- d-----w- c:\windows\system32\SPReview
    2011-09-15 18:39 . 2011-09-15 18:39 -------- d-----w- c:\windows\system32\EventProviders
    2011-09-15 16:58 . 2008-03-05 19:56 3786760 ----a-w- c:\windows\SysWow64\D3DX9_37.dll
    2011-09-15 16:54 . 2011-09-15 16:54 -------- d-----w- c:\program files (x86)\Encore
    2011-09-14 07:02 . 2011-09-14 07:02 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2011-09-12 14:04 . 2011-09-14 07:05 -------- d-----w- c:\program files (x86)\Microsoft Works
    2011-09-12 14:03 . 2011-09-12 14:03 -------- d-----w- c:\windows\PCHEALTH
    2011-09-12 14:00 . 2011-09-12 14:00 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
    2011-09-12 13:59 . 2011-09-15 18:57 -------- d-----w- c:\programdata\Microsoft Help
    2011-09-10 13:23 . 2011-09-10 13:23 -------- d-----w- c:\program files (x86)\MSECache
    2011-09-08 10:32 . 2011-09-08 10:32 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2011-09-06 10:37 . 2011-09-06 10:44 -------- d-----w- c:\programdata\Nero
    2011-09-06 10:37 . 2011-09-06 10:37 -------- d-----w- c:\program files (x86)\Common Files\Nero
    2011-09-06 10:36 . 2011-09-06 10:44 -------- d-----w- c:\program files (x86)\Nero
    2011-09-06 10:34 . 2011-09-06 10:34 -------- d-----w- c:\program files (x86)\Microsoft.NET
    2011-09-06 10:33 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
    2011-09-06 10:32 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
    2011-09-06 10:30 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
    2011-09-06 09:37 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
    2011-09-06 09:36 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
    2011-09-05 20:11 . 2011-09-05 20:12 -------- d-----w- c:\program files (x86)\Gold Miner Vegas
    2011-09-04 19:39 . 2011-09-04 19:39 -------- d-----w- c:\program files (x86)\MagicDisc
    2011-09-04 17:08 . 2011-09-04 17:08 -------- d-----w- c:\program files (x86)\Elaborate Bytes
    2011-09-04 16:59 . 2009-02-24 22:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
    2011-09-04 16:59 . 2009-02-24 22:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
    2011-09-04 11:49 . 2011-09-04 11:49 -------- d-----w- c:\programdata\Big Fish Games
    2011-09-04 11:49 . 2011-09-04 11:49 -------- d-----w- c:\program files (x86)\bfgclient
    2011-09-02 21:06 . 2011-09-02 21:06 -------- d-----w- c:\windows\SysWow64\Wat
    2011-09-02 21:06 . 2011-09-02 21:06 -------- d-----w- c:\windows\system32\Wat
    2011-09-02 16:17 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-09-02 13:14 . 2011-09-02 13:14 -------- d-----w- c:\program files (x86)\SilverCreekCommonFiles
    2011-09-02 13:14 . 2011-09-02 13:16 -------- d-----w- c:\program files (x86)\Hardwood Euchre
    2011-09-02 11:41 . 2011-09-02 11:36 161736 ----a-w- c:\program files (x86)\64res.dll
    2011-09-02 11:36 . 2011-09-02 11:36 -------- d-----w- c:\program files (x86)\TelevisionFanaticEI
    2011-09-02 11:28 . 2011-09-02 11:28 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
    2011-09-02 11:27 . 2011-09-02 11:28 -------- d-----w- c:\program files\DivX
    2011-09-02 11:27 . 2011-09-02 11:28 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
    2011-09-02 11:25 . 2011-09-02 11:28 -------- d-----w- c:\program files (x86)\DivX
    2011-09-02 11:25 . 2011-09-02 11:28 -------- d-----w- c:\programdata\DivX
    2011-09-02 11:16 . 2011-09-02 11:16 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-09-02 11:16 . 2011-09-02 11:16 -------- d-----w- c:\windows\SysWow64\Macromed
    2011-09-02 11:10 . 2011-09-02 11:10 -------- d-----w- c:\program files (x86)\RealArcade
    2011-09-02 11:08 . 2011-09-02 11:14 -------- d-----w- c:\program files\Babylon
    2011-09-02 11:07 . 2011-09-02 11:12 -------- d-----w- c:\program files (x86)\uTorrent Turbo Booster
    2011-09-02 11:02 . 2011-09-02 11:02 -------- d-----w- C:\extensions
    2011-09-02 11:02 . 2011-09-02 11:02 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
    2011-09-02 11:02 . 2011-09-02 11:02 -------- d-----w- c:\program files (x86)\uTorrent
    2011-09-02 10:48 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
    2011-09-02 10:48 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
    2011-09-02 10:48 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
    2011-09-02 10:48 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2011-09-02 10:48 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
    2011-09-02 10:48 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
    2011-09-02 10:48 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-09-02 10:48 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
    2011-09-02 10:48 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll
    2011-09-02 10:48 . 2010-11-20 12:19 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
    2011-09-02 10:48 . 2010-11-20 12:19 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
    2011-09-02 10:48 . 2010-11-20 12:18 1171456 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2011-09-02 10:46 . 2010-11-20 13:29 345600 ----a-w- c:\windows\system32\fveapi.dll
    2011-09-02 10:45 . 2010-11-20 13:27 335360 ----a-w- c:\windows\system32\msieftp.dll
    2011-09-02 10:44 . 2010-11-20 13:27 9728 ----a-w- c:\windows\system32\spwmp.dll
    2011-09-02 10:42 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
    2011-09-02 10:42 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
    2011-09-02 10:42 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
    2011-09-01 22:20 . 2011-09-01 22:20 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2011-09-01 15:57 . 2011-09-01 12:18 -------- d-----w- c:\windows\Panther
    2011-09-01 15:33 . 2009-07-14 01:43 780224 ----a-w- C:\ci.dll
    2011-09-01 15:02 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
    2011-09-01 14:55 . 2011-09-01 14:55 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2011-09-01 14:54 . 2011-09-01 14:54 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2011-09-01 14:54 . 2011-09-01 14:54 -------- d-----w- c:\program files\Google
    2011-09-01 14:53 . 2011-09-01 14:54 -------- d-----w- c:\program files (x86)\Google
    2011-09-01 14:29 . 2011-09-01 14:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2011-09-01 14:29 . 2011-09-20 15:51 -------- d-sh--w- c:\windows\Installer
    2011-09-01 14:29 . 2011-09-01 14:29 -------- d-----w- c:\program files\Microsoft Security Client
    2011-09-01 13:17 . 2011-09-01 13:17 -------- d-----w- c:\program files\Protector Suite
    2011-09-01 12:52 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-09-01 12:47 . 2011-08-16 12:48 8862544 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C608BEE-06BF-467A-9EDB-437EC6262C71}\mpengine.dll
    2011-09-01 12:44 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
    2011-09-01 12:44 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
    2011-09-01 12:44 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-09-01 12:44 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2011-09-01 12:44 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2011-09-01 12:44 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-09-01 12:42 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2011-09-01 12:41 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-09-01 12:41 . 2010-11-20 13:25 974336 ----a-w- c:\windows\system32\WFS.exe
    2011-09-01 12:37 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-09-01 12:36 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-09-01 12:36 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-09-01 12:36 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-09-01 12:21 . 2011-09-01 12:21 -------- d-----w- c:\windows\SysWow64\x64
    2011-09-01 12:21 . 2009-09-23 23:30 1002008 ----a-w- c:\windows\SysWow64\igxpun.exe
    2011-09-01 12:18 . 2011-09-01 22:36 -------- d-----w- c:\users\Kathy
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-15 18:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-09-15 18:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
    2011-07-16 04:26 . 2011-09-01 12:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5E84400C-0B3F-0CBB-4188-3B3A1A8B6D27}]
    2009-07-14 01:16 65536 ----a-w- c:\windows\SysWOW64\WcsPlugInSService.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-01 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    c:\users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-9-4 576000]
    uTorrent Turbo Booster.lnk - c:\program files (x86)\uTorrent Turbo Booster\uTorrent Turbo Booster.exe [2008-8-25 371712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-01 136176]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-01 136176]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-20 c:\windows\Tasks\At1.job
    - c:\windows\SysWOW64\RunLegacyCPLElevaated.exe [2009-07-13 01:14]
    .
    2011-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-01 14:53]
    .
    2011-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-01 14:53]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    "combofix"="c:\combofix\CF2880.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ca/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-09-25 16:10:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-25 20:10
    .
    Pre-Run: 252,449,935,360 bytes free
    Post-Run: 252,732,092,416 bytes free
    .
    - - End Of File - - 9628544D7E38DD8AD1D44B82F813F179
  4. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    That's because you don't read my instructions carefully!
    ===================================================================

    How is redirection?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  5. peteskat

    peteskat TS Rookie Topic Starter

    otl.txt part 1

    I'm so sorry for missing note 3, i'm usually very careful. However, here are the results:

    OTL logfile created on: 9/26/2011 12:47:23 PM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Kathy\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.99 Gb Total Physical Memory | 2.89 Gb Available Physical Memory | 72.54% Memory free
    7.98 Gb Paging File | 6.79 Gb Available in Paging File | 85.13% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.99 Gb Total Space | 234.64 Gb Free Space | 78.74% Space Free | Partition Type: NTFS

    Computer Name: KATHY-LAPTOP | User Name: Kathy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/26 12:44:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
    PRC - [2011/09/02 07:16:39 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2007/10/10 17:03:00 | 000,266,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV:64bit: - [2007/03/05 10:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV:64bit: - [2006/11/18 13:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2006/11/17 17:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-729279385-1639433662-237037186-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    IE - HKU\S-1-5-21-729279385-1639433662-237037186-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-729279385-1639433662-237037186-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 D8 4B 9B B6 68 CC 01 [binary data]
    IE - HKU\S-1-5-21-729279385-1639433662-237037186-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/02 07:28:34 | 000,000,000 | ---D | M]


    ========== Chrome ==========


    O1 HOSTS File: ([2011/09/25 16:04:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Windows Live ID Sign-in Helper) - {5E84400C-0B3F-0CBB-4188-3B3A1A8B6D27} - C:\Windows\SysWOW64\WcsPlugInSService.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKU\S-1-5-21-729279385-1639433662-237037186-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O4 - Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uTorrent Turbo Booster.lnk = C:\Program Files (x86)\uTorrent Turbo Booster\uTorrent Turbo Booster.exe (DownloadBoosters LLC)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-729279385-1639433662-237037186-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-729279385-1639433662-237037186-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D233F17A-0A12-4A88-A964-E16D74200EBA}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/26 12:44:27 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
    [2011/09/25 16:10:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/09/25 16:04:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/09/25 15:57:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/09/25 15:57:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/09/25 15:57:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/09/25 15:54:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/09/25 15:54:24 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/09/25 09:49:46 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\TechSpot
    [2011/09/25 08:24:53 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Bigfish 3 Days Zoo Mystery
    [2011/09/25 08:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games
    [2011/09/25 08:20:49 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\GameInvest
    [2011/09/22 07:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/09/22 07:14:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/09/22 06:35:23 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Malwarebytes
    [2011/09/22 06:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/09/22 06:35:07 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/09/20 10:57:50 | 000,189,976 | ---- | C] (MyFamily.com, Inc.) -- C:\Windows\SysWow64\mfimgvwr.ocx
    [2011/09/20 10:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MFInstall
    [2011/09/20 10:53:59 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Documents\Family_Tree
    [2011/09/19 07:08:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\2072
    [2011/09/16 08:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AgentSS
    [2011/09/16 08:22:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\sacache
    [2011/09/16 08:18:16 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
    [2011/09/16 08:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spytech SpyAgent
    [2011/09/15 14:39:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
    [2011/09/15 14:39:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
    [2011/09/15 13:00:22 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Hoyle FaceCreator
    [2011/09/15 13:00:17 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Hoyle
    [2011/09/15 12:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hoyle®
    [2011/09/15 12:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Encore
    [2011/09/15 06:41:43 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Special K Software
    [2011/09/12 10:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2011/09/12 10:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
    [2011/09/12 10:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
    [2011/09/12 10:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2011/09/12 10:03:56 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2011/09/12 10:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2011/09/12 10:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
    [2011/09/12 09:59:17 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Microsoft Help
    [2011/09/12 09:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2011/09/10 09:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2011/09/10 09:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
    [2011/09/08 06:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2011/09/07 08:18:02 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sacra Terra - Angelic Night Collectors Edition
    [2011/09/06 09:46:14 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\garmin
    [2011/09/06 06:51:59 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Nero_AG
    [2011/09/06 06:51:34 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Nero
    [2011/09/06 06:45:23 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Nero
    [2011/09/06 06:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
    [2011/09/06 06:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
    [2011/09/06 06:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
    [2011/09/06 06:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
    [2011/09/06 06:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2011/09/05 16:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gold Miner Vegas
    [2011/09/05 16:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gold Miner Vegas
    [2011/09/04 15:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
    [2011/09/04 15:30:15 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2011/09/04 15:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2011/09/04 13:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
    [2011/09/04 13:00:25 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
    [2011/09/04 13:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
    [2011/09/04 12:59:49 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
    [2011/09/04 12:59:49 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
    [2011/09/04 11:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2011/09/04 07:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
    [2011/09/04 07:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
    [2011/09/02 17:06:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2011/09/02 17:06:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2011/09/02 14:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2011/09/02 09:15:00 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hardwood Euchre
    [2011/09/02 09:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardwood Euchre
    [2011/09/02 09:14:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SilverCreekCommonFiles
    [2011/09/02 09:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hardwood Euchre
    [2011/09/02 07:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TelevisionFanaticEI
    [2011/09/02 07:29:31 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\DDMSettings
    [2011/09/02 07:28:24 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\DivX
    [2011/09/02 07:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
    [2011/09/02 07:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
    [2011/09/02 07:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
    [2011/09/02 07:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
    [2011/09/02 07:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
    [2011/09/02 07:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
    [2011/09/02 07:16:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2011/09/02 07:11:35 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Turbo Booster
    [2011/09/02 07:10:38 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\WinRAR
    [2011/09/02 07:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealArcade
    [2011/09/02 07:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
    [2011/09/02 07:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uTorrent Turbo Booster
    [2011/09/02 07:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent Turbo Booster
    [2011/09/02 07:02:46 | 000,000,000 | ---D | C] -- C:\extensions
    [2011/09/02 07:02:43 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Conduit
    [2011/09/02 07:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
    [2011/09/02 07:01:52 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\uTorrent
    [2011/09/02 07:01:52 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\uTorrent
    [2011/09/02 06:46:15 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
    [2011/09/02 06:45:41 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
    [2011/09/01 18:35:24 | 000,000,000 | ---D | C] -- C:\Users\Kathy\My eBooks
    [2011/09/01 18:16:57 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Microsoft Games
    [2011/09/01 11:57:30 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2011/09/01 11:01:29 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2011/09/01 11:00:37 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Google
    [2011/09/01 10:59:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2011/09/01 10:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2011/09/01 10:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2011/09/01 10:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2011/09/01 10:54:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
    [2011/09/01 10:54:17 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Macromedia
    [2011/09/01 10:54:17 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Adobe
    [2011/09/01 10:54:17 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Adobe
    [2011/09/01 10:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2011/09/01 10:53:50 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Google
    [2011/09/01 10:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
    [2011/09/01 10:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2011/09/01 10:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2011/09/01 10:29:16 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2011/09/01 10:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011/09/01 09:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Protector Suite
    [2011/09/01 08:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
    [2011/09/01 08:21:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
    [2011/09/01 08:18:46 | 000,000,000 | R--D | C] -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2011/09/01 08:18:46 | 000,000,000 | R--D | C] -- C:\Users\Kathy\Searches
    [2011/09/01 08:18:46 | 000,000,000 | R--D | C] -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2011/09/01 08:18:45 | 000,000,000 | -H-D | C] -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2011/09/01 08:18:33 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Identities
    [2011/09/01 08:18:30 | 000,000,000 | R--D | C] -- C:\Users\Kathy\Contacts
    [2011/09/01 08:18:28 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\VirtualStore
    [2011/09/01 08:18:22 | 000,000,000 | --SD | C] -- C:\Users\Kathy\AppData\Roaming\Microsoft
    [2011/09/01 08:18:22 | 000,000,000 | R--D | C] -- C:\Users\Kathy\Videos
    [2011/09/01 08:18:22 | 000,000,000 | R--D | C] -- C:\Users\Kathy\Saved Games
    [2011/09/01 08:18:22 | 000,000,000 | R--D | C] -- C:\Users\Kathy\Pictures
    [2011/09/01 08:18:22 | 000,000,000 | R--D | C] -- C:\Users\Kathy\Music
    [2011/09/01 08:18:22 | 000,000,000 | R--D | C] -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2011/09/01 08:18:22 | 000,000,000 | R--D | C] -- C:\Users\Kathy\Links
    [2011/09/01 08:18:22 | 000,000,000 | R--D | C] -- C:\Users\Kathy\Favorites
    [2011/09/01 08:18:22 | 000,000,000 | R--D | C] -- C:\Users\Kathy\Downloads
    [2011/09/01 08:18:22 | 000,000,000 | R--D | C] -- C:\Users\Kathy\Documents
    [2011/09/01 08:18:22 | 000,000,000 | R--D | C] -- C:\Users\Kathy\Desktop
    [2011/09/01 08:18:22 | 000,000,000 | R--D | C] -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2011/09/01 08:18:22 | 000,000,000 | -HSD | C] -- C:\Users\Kathy\AppData\Local\Temporary Internet Files
    [2011/09/01 08:18:22 | 000,000,000 | -HSD | C] -- C:\Users\Kathy\Templates
    [2011/09/01 08:18:22 | 000,000,000 | -HSD | C] -- C:\Users\Kathy\Start Menu
    [2011/09/01 08:18:22 | 000,000,000 | -HSD | C] -- C:\Users\Kathy\SendTo
    [2011/09/01 08:18:22 | 000,000,000 | -HSD | C] -- C:\Users\Kathy\Recent
    [2011/09/01 08:18:22 | 000,000,000 | -HSD | C] -- C:\Users\Kathy\PrintHood
    [2011/09/01 08:18:22 | 000,000,000 | -HSD | C] -- C:\Users\Kathy\NetHood
    [2011/09/01 08:18:22 | 000,000,000 | -HSD | C] -- C:\Users\Kathy\Documents\My Videos
    [2011/09/01 08:18:22 | 000,000,000 | -HSD | C] -- C:\Users\Kathy\Documents\My Pictures
    [2011/09/01 08:18:22 | 000,000,000 | -HSD | C] -- C:\Users\Kathy\Documents\My Music
    [2011/09/01 08:18:22 | 000,000,000 | -HSD | C] -- C:\Users\Kathy\My Documents
    [2011/09/01 08:18:22 | 000,000,000 | -HSD | C] -- C:\Users\Kathy\Local Settings
    [2011/09/01 08:18:22 | 000,000,000 | -HSD | C] -- C:\Users\Kathy\AppData\Local\History
    [2011/09/01 08:18:22 | 000,000,000 | -HSD | C] -- C:\Users\Kathy\Cookies
    [2011/09/01 08:18:22 | 000,000,000 | -HSD | C] -- C:\Users\Kathy\Application Data
    [2011/09/01 08:18:22 | 000,000,000 | -HSD | C] -- C:\Users\Kathy\AppData\Local\Application Data
    [2011/09/01 08:18:22 | 000,000,000 | -H-D | C] -- C:\Users\Kathy\AppData
    [2011/09/01 08:18:22 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Temp
    [2011/09/01 08:18:22 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Microsoft
    [2011/09/01 08:18:22 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Media Center Programs
    [2011/08/31 08:04:24 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Documents\Chores
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/09/26 12:44:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
    [2011/09/26 12:40:24 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/09/26 12:40:24 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/09/26 12:37:21 | 000,717,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/09/26 12:37:21 | 000,617,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/09/26 12:37:21 | 000,104,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/09/26 12:33:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/09/26 12:33:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/09/26 12:32:52 | 3213,393,920 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/26 12:30:27 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/09/26 07:56:31 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job
    [2011/09/25 16:04:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/09/25 09:37:50 | 000,036,639 | ---- | M] () -- C:\Users\Kathy\Documents\aPasswords.rtf
    [2011/09/25 08:24:40 | 000,002,160 | ---- | M] () -- C:\Users\Kathy\Desktop\3 Days - Zoo Mystery.lnk
    [2011/09/24 17:05:45 | 000,001,350 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
    [2011/09/22 10:12:27 | 001,564,672 | ---- | M] () -- C:\Users\Kathy\Documents\Task management database.accdb
    [2011/09/22 10:07:45 | 004,075,520 | ---- | M] () -- C:\Users\Kathy\Documents\Nutrition.accdb
    [2011/09/22 10:07:24 | 000,817,530 | ---- | M] () -- C:\Users\Kathy\Documents\Nutrition_Tracking.accdt
    [2011/09/22 07:19:46 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/15 19:22:03 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/09/15 12:56:21 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\Hoyle Card Games 2011.lnk
    [2011/09/06 12:15:49 | 000,345,863 | ---- | M] () -- C:\Users\Kathy\Documents\Med_Certificate_Aug31.pdf
    [2011/09/06 06:58:10 | 1472,069,632 | ---- | M] () -- C:\Users\Kathy\Documents\Image.iso
    [2011/09/06 06:49:49 | 1472,069,788 | ---- | M] () -- C:\Users\Kathy\Documents\Image.nrg
    [2011/09/06 06:42:59 | 000,002,923 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
    [2011/09/06 06:41:45 | 000,002,901 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
    [2011/09/06 06:40:19 | 000,002,895 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
    [2011/09/06 06:38:35 | 000,003,013 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
    [2011/09/06 06:38:09 | 000,002,915 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
    [2011/09/04 15:39:14 | 000,000,989 | ---- | M] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    [2011/09/04 15:39:14 | 000,000,953 | ---- | M] () -- C:\Users\Kathy\Desktop\MagicDisc.lnk
    [2011/09/04 07:52:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2011/09/04 07:50:01 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
    [2011/09/04 07:50:01 | 000,000,231 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.url
    [2011/09/02 14:43:53 | 000,000,247 | ---- | M] () -- C:\Users\Kathy\Documents\CooperatorsInsurance.rtf
    [2011/09/02 09:15:00 | 000,001,068 | ---- | M] () -- C:\Users\Kathy\Desktop\Play Euchre.lnk
    [2011/09/02 07:36:47 | 000,161,736 | ---- | M] () -- C:\Program Files (x86)\64res.dll
    [2011/09/02 07:28:38 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011/09/02 07:28:38 | 000,001,613 | ---- | M] () -- C:\Users\Kathy\Desktop\DivX Movies.lnk
    [2011/09/02 07:28:23 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011/09/02 07:11:35 | 000,001,211 | ---- | M] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uTorrent Turbo Booster.lnk
    [2011/09/02 07:11:35 | 000,001,199 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent Turbo Booster.lnk
    [2011/09/02 07:11:35 | 000,001,175 | ---- | M] () -- C:\Users\Kathy\Desktop\uTorrent Turbo Booster.lnk
    [2011/09/02 07:02:36 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2011/09/01 18:22:09 | 000,001,437 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/09/01 18:20:54 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/09/01 18:20:53 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/09/01 11:01:46 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2011/09/01 11:01:46 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2011/09/01 10:55:34 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2011/09/01 10:30:12 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2011/09/01 10:29:37 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/09/01 09:17:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_tcwbf_01_09_00.Wdf
    [2011/09/01 09:17:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
    [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/08/29 09:41:24 | 000,175,015 | ---- | M] () -- C:\Users\Kathy\Documents\CalorieCounter.pdf
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/09/25 15:57:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/09/25 15:57:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/09/25 15:57:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/09/25 15:57:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/09/25 15:57:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/09/25 08:24:40 | 000,002,160 | ---- | C] () -- C:\Users\Kathy\Desktop\3 Days - Zoo Mystery.lnk
    [2011/09/24 17:05:45 | 000,001,350 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
    [2011/09/22 10:12:12 | 001,564,672 | ---- | C] () -- C:\Users\Kathy\Documents\Task management database.accdb
    [2011/09/22 10:07:37 | 004,075,520 | ---- | C] () -- C:\Users\Kathy\Documents\Nutrition.accdb
    [2011/09/22 10:07:31 | 000,817,530 | ---- | C] () -- C:\Users\Kathy\Documents\Nutrition_Tracking.accdt
    [2011/09/22 07:14:19 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/19 07:08:08 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At1.job
    [2011/09/15 12:56:21 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\Hoyle Card Games 2011.lnk
    [2011/09/10 09:23:35 | 000,002,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
    [2011/09/06 12:23:23 | 000,345,863 | ---- | C] () -- C:\Users\Kathy\Documents\Med_Certificate_Aug31.pdf
    [2011/09/06 06:57:13 | 1472,069,632 | ---- | C] () -- C:\Users\Kathy\Documents\Image.iso
    [2011/09/06 06:48:21 | 1472,069,788 | ---- | C] () -- C:\Users\Kathy\Documents\Image.nrg
    [2011/09/06 06:42:59 | 000,002,923 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
    [2011/09/06 06:41:45 | 000,002,901 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
    [2011/09/06 06:40:19 | 000,002,895 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
    [2011/09/06 06:38:35 | 000,003,013 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
    [2011/09/06 06:38:09 | 000,002,915 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
    [2011/09/04 15:39:14 | 000,000,953 | ---- | C] () -- C:\Users\Kathy\Desktop\MagicDisc.lnk
    [2011/09/04 13:00:25 | 000,000,989 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    [2011/09/04 07:52:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2011/09/04 07:50:01 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
    [2011/09/04 07:50:01 | 000,000,231 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.url
    [2011/09/04 07:49:37 | 000,001,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
    [2011/09/04 07:49:37 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
    [2011/09/02 14:43:53 | 000,000,247 | ---- | C] () -- C:\Users\Kathy\Documents\CooperatorsInsurance.rtf
    [2011/09/02 09:15:00 | 000,001,068 | ---- | C] () -- C:\Users\Kathy\Desktop\Play Euchre.lnk
    [2011/09/02 07:41:06 | 000,161,736 | ---- | C] () -- C:\Program Files (x86)\64res.dll
    [2011/09/02 07:28:38 | 000,001,613 | ---- | C] () -- C:\Users\Kathy\Desktop\DivX Movies.lnk
    [2011/09/02 07:28:23 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011/09/02 07:27:53 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011/09/02 07:11:35 | 000,001,211 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uTorrent Turbo Booster.lnk
    [2011/09/02 07:11:35 | 000,001,199 | ---- | C] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent Turbo Booster.lnk
    [2011/09/02 07:11:35 | 000,001,175 | ---- | C] () -- C:\Users\Kathy\Desktop\uTorrent Turbo Booster.lnk
    [2011/09/02 07:02:36 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2011/09/02 06:47:36 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
    [2011/09/02 06:45:12 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
    [2011/09/02 06:44:53 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
    [2011/09/02 06:44:53 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
    [2011/09/02 06:44:41 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
    [2011/09/01 18:20:54 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/09/01 18:20:53 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/09/01 11:01:29 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2011/09/01 11:01:28 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2011/09/01 10:55:34 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2011/09/01 10:55:34 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2011/09/01 10:53:56 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/09/01 10:53:56 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/09/01 10:30:12 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2011/09/01 10:29:37 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/09/01 10:29:21 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011/09/01 10:26:08 | 000,001,437 | ---- | C] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/09/01 09:17:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_tcwbf_01_09_00.Wdf
    [2011/09/01 09:17:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
    [2011/09/01 08:20:42 | 000,001,409 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2011/09/01 08:20:38 | 000,001,443 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2011/09/01 08:18:22 | 000,000,290 | ---- | C] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2011/09/01 08:18:22 | 000,000,272 | ---- | C] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2011/08/29 09:41:22 | 000,175,015 | ---- | C] () -- C:\Users\Kathy\Documents\CalorieCounter.pdf
    [2009/09/23 19:21:08 | 002,050,952 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
    [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 19:41:40 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\RunLegacyCPLElevaated.exe
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2005/02/12 04:40:19 | 000,027,341 | ---- | C] () -- C:\Windows\SystemSA32.dll
    [2004/11/16 19:22:43 | 000,020,480 | ---- | C] () -- C:\Windows\Base64.dll
    [2004/08/24 19:01:34 | 000,053,248 | ---- | C] () -- C:\Windows\YahooDLL.dll
    [2004/06/05 17:51:39 | 000,000,423 | ---- | C] () -- C:\Windows\sadefs.dat
    [2002/05/15 20:41:35 | 000,000,000 | ---- | C] () -- C:\Windows\saopts.dat

    ========== LOP Check ==========

    [2011/09/25 08:20:49 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\GameInvest
    [2011/09/25 12:34:37 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Hoyle
    [2011/09/15 13:00:22 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Hoyle FaceCreator
    [2011/09/15 06:41:43 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Special K Software
    [2011/09/25 11:38:44 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\uTorrent
    [2011/09/26 07:56:31 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At1.job
    [2009/07/14 01:08:49 | 000,016,326 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < * >
    [2009/07/13 21:43:14 | 000,780,224 | ---- | M] () -- \ci.dll
    [2011/09/25 16:10:41 | 000,020,664 | ---- | M] () -- \ComboFix.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- \eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- \eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- \globdata.ini
    [2011/09/26 12:32:52 | 3213,393,920 | -HS- | M] () -- \hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- \install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] () -- \install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] () -- \install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] () -- \install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] () -- \install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] () -- \install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] () -- \install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] () -- \install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] () -- \install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] () -- \install.res.3082.dll
    [2011/08/31 13:12:12 | 000,262,144 | ---- | M] () -- \ntuser.dat
    [2011/08/31 13:12:12 | 000,005,120 | -HS- | M] () -- \ntuser.dat.LOG1
    [2011/08/31 13:12:12 | 000,000,000 | -HS- | M] () -- \ntuser.dat.LOG2
    [2011/08/31 13:12:12 | 000,065,536 | -HS- | M] () -- \ntuser.dat{6aefe300-d2f1-11e0-94c8-0023ae1aecda}.TM.blf
    [2011/08/31 13:12:12 | 000,524,288 | -HS- | M] () -- \ntuser.dat{6aefe300-d2f1-11e0-94c8-0023ae1aecda}.TMContainer00000000000000000001.regtrans-ms
    [2011/08/31 13:12:12 | 000,524,288 | -HS- | M] () -- \ntuser.dat{6aefe300-d2f1-11e0-94c8-0023ae1aecda}.TMContainer00000000000000000002.regtrans-ms
    [2011/09/26 12:32:56 | 4284,526,592 | -HS- | M] () -- \pagefile.sys
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- \vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- \VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- \VC_RED.MSI
    [2011/07/17 10:40:31 | 000,003,180 | ---- | M] () -- \z_prof_log.txt
  6. peteskat

    peteskat TS Rookie Topic Starter

    otl.txt part 2 and otl extras

    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 21:43:14 | 000,780,224 | ---- | M] (Microsoft Corporation) -- C:\ci.dll
    [2011/09/25 16:10:41 | 000,020,664 | ---- | M] () -- C:\ComboFix.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/09/26 12:32:52 | 3213,393,920 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2011/08/31 13:12:12 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
    [2011/08/31 13:12:12 | 000,005,120 | -HS- | M] () -- C:\ntuser.dat.LOG1
    [2011/08/31 13:12:12 | 000,000,000 | -HS- | M] () -- C:\ntuser.dat.LOG2
    [2011/08/31 13:12:12 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{6aefe300-d2f1-11e0-94c8-0023ae1aecda}.TM.blf
    [2011/08/31 13:12:12 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{6aefe300-d2f1-11e0-94c8-0023ae1aecda}.TMContainer00000000000000000001.regtrans-ms
    [2011/08/31 13:12:12 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{6aefe300-d2f1-11e0-94c8-0023ae1aecda}.TMContainer00000000000000000002.regtrans-ms
    [2011/09/26 12:32:56 | 4284,526,592 | -HS- | M] () -- C:\pagefile.sys
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2011/07/17 10:40:31 | 000,003,180 | ---- | M] () -- C:\z_prof_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2011/09/02 07:36:47 | 000,161,736 | ---- | M] () -- C:\Program Files (x86)\64res.dll
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/09/01 18:22:09 | 000,000,221 | -HS- | M] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/26 12:44:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/09/01 09:17:56 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/09/01 09:17:56 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/09/01 09:17:55 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/09/01 09:17:56 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/09/01 09:17:55 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2011/09/01 09:17:56 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/09/15 19:32:11 | 000,000,402 | -HS- | M] () -- C:\Users\Kathy\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/09/17 07:32:04 | 000,001,885 | -H-- | M] () -- C:\ProgramData\sys001.log
    [2011/09/17 07:32:04 | 000,041,664 | -H-- | M] () -- C:\ProgramData\sys002.log
    [2011/09/17 07:32:04 | 000,002,483 | -H-- | M] () -- C:\ProgramData\sys004.log
    [2011/09/17 07:32:04 | 000,227,391 | -H-- | M] () -- C:\ProgramData\sys005.log
    [2011/09/17 07:32:04 | 000,000,002 | -H-- | M] () -- C:\ProgramData\sys006.log
    [2011/09/17 07:32:04 | 000,000,291 | -H-- | M] () -- C:\ProgramData\sys007.log
    [2011/09/17 07:32:04 | 000,001,087 | -H-- | M] () -- C:\ProgramData\sys008.log
    [2011/09/17 07:32:04 | 000,052,595 | -H-- | M] () -- C:\ProgramData\sys011.log
    [2011/09/17 07:32:04 | 000,000,782 | -H-- | M] () -- C:\ProgramData\sys012.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


    < * >
    [2009/07/13 21:43:14 | 000,780,224 | ---- | M] () -- \ci.dll
    [2011/09/25 16:10:41 | 000,020,664 | ---- | M] () -- \ComboFix.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- \eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- \eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- \globdata.ini
    [2011/09/26 12:32:52 | 3213,393,920 | -HS- | M] () -- \hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- \install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] () -- \install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] () -- \install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] () -- \install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] () -- \install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] () -- \install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] () -- \install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] () -- \install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] () -- \install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] () -- \install.res.3082.dll
    [2011/08/31 13:12:12 | 000,262,144 | ---- | M] () -- \ntuser.dat
    [2011/08/31 13:12:12 | 000,005,120 | -HS- | M] () -- \ntuser.dat.LOG1
    [2011/08/31 13:12:12 | 000,000,000 | -HS- | M] () -- \ntuser.dat.LOG2
    [2011/08/31 13:12:12 | 000,065,536 | -HS- | M] () -- \ntuser.dat{6aefe300-d2f1-11e0-94c8-0023ae1aecda}.TM.blf
    [2011/08/31 13:12:12 | 000,524,288 | -HS- | M] () -- \ntuser.dat{6aefe300-d2f1-11e0-94c8-0023ae1aecda}.TMContainer00000000000000000001.regtrans-ms
    [2011/08/31 13:12:12 | 000,524,288 | -HS- | M] () -- \ntuser.dat{6aefe300-d2f1-11e0-94c8-0023ae1aecda}.TMContainer00000000000000000002.regtrans-ms
    [2011/09/26 12:32:56 | 4284,526,592 | -HS- | M] () -- \pagefile.sys
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- \vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- \VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- \VC_RED.MSI
    [2011/07/17 10:40:31 | 000,003,180 | ---- | M] () -- \z_prof_log.txt

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:1604D047
    @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:FB4262DE
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:ED0B32CA
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:B6D84F71
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5E73E1C2
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C78DADEA
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E3615992
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:774C075A
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AD7183FA

    < End of report >

    OTL Extras logfile created on: 9/26/2011 12:47:23 PM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Kathy\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.99 Gb Total Physical Memory | 2.89 Gb Available Physical Memory | 72.54% Memory free
    7.98 Gb Paging File | 6.79 Gb Available in Paging File | 85.13% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.99 Gb Total Space | 234.64 Gb Free Space | 78.74% Space Free | Partition Type: NTFS

    Computer Name: KATHY-LAPTOP | User Name: Kathy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft Security Client" = Microsoft Security Essentials
    "WinRAR archiver" = WinRAR 4.00 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
    "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
    "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
    "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
    "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
    "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
    "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "3 Days - Zoo Mystery 1.00" = 3 Days - Zoo Mystery 1.00
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "BFGC" = Big Fish Games: Game Manager
    "Hardwood Euchre" = Hardwood Euchre
    "Hoyle Card Games 2011" = Hoyle Card Games 2011 (remove only)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "PROPLUSR" = Microsoft Office Professional Plus 2007
    "Spytech SpyAgent" = Spytech SpyAgent
    "uTorrent" = µTorrent
    "uTorrent Turbo Booster" = uTorrent Turbo Booster

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/20/2011 5:42:50 PM | Computer Name = Kathy-laptop | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 9/22/2011 3:12:13 PM | Computer Name = Kathy-laptop | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17514, time
    stamp: 0x4ce7b4e7 Faulting module name: localspl.dll, version: 6.1.7601.17514, time
    stamp: 0x4ce7c718 Exception code: 0xc00000fd Fault offset: 0x000000000001e126 Faulting
    process id: 0x5b0 Faulting application start time: 0x01cc7919a7089c3d Faulting application
    path: C:\Windows\System32\spoolsv.exe Faulting module path: C:\Windows\System32\localspl.dll
    Report
    Id: c6e5d6fe-e54e-11e0-a664-0023ae1aecda

    Error - 9/22/2011 3:54:04 PM | Computer Name = Kathy-laptop | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 798 Start
    Time: 01cc7919a969fc83 Termination Time: 31 Application Path: C:\Windows\Explorer.EXE

    Report
    Id: 9bab4f03-e554-11e0-a664-0023ae1aecda

    Error - 9/22/2011 3:54:25 PM | Computer Name = Kathy-laptop | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17514, time
    stamp: 0x4ce7b4e7 Faulting module name: localspl.dll, version: 6.1.7601.17514, time
    stamp: 0x4ce7c718 Exception code: 0xc00000fd Fault offset: 0x000000000001e126 Faulting
    process id: 0xf58 Faulting application start time: 0x01cc795baf4a0e65 Faulting application
    path: C:\Windows\System32\spoolsv.exe Faulting module path: C:\Windows\System32\localspl.dll
    Report
    Id: ac0661d0-e554-11e0-a664-0023ae1aecda

    Error - 9/22/2011 4:24:58 PM | Computer Name = Kathy-laptop | Source = Application Hang | ID = 1002
    Description = The program explorer.exe version 6.1.7601.17567 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: ce8 Start
    Time: 01cc796161802ae9 Termination Time: 31 Application Path: C:\Windows\explorer.exe

    Report
    Id: eb32e3a4-e558-11e0-a664-0023ae1aecda

    Error - 9/22/2011 4:35:35 PM | Computer Name = Kathy-laptop | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17514, time
    stamp: 0x4ce7b4e7 Faulting module name: localspl.dll, version: 6.1.7601.17514, time
    stamp: 0x4ce7c718 Exception code: 0xc00000fd Fault offset: 0x000000000001e126 Faulting
    process id: 0x744 Faulting application start time: 0x01cc7961941042e4 Faulting application
    path: C:\Windows\System32\spoolsv.exe Faulting module path: C:\Windows\System32\localspl.dll
    Report
    Id: 6c2b7665-e55a-11e0-a664-0023ae1aecda

    Error - 9/24/2011 4:59:37 PM | Computer Name = Kathy-laptop | Source = Application Hang | ID = 1002
    Description = The program Hoyle Card Games.exe version 0.0.0.0 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: e74 Start
    Time: 01cc7afcb638ba45 Termination Time: 35 Application Path: C:\Program Files (x86)\Encore\Hoyle
    Card Games 2011\Hoyle Card Games.exe Report Id:

    Error - 9/25/2011 6:16:28 AM | Computer Name = Kathy-laptop | Source = Application Error | ID = 1000
    Description = Faulting application name: MysteryoftheAncients_LockwoodManor_CE.exe,
    version: 1.0.0.0, time stamp: 0x4e79f93d Faulting module name: MysteryoftheAncients_LockwoodManor_CE.exe,
    version: 1.0.0.0, time stamp: 0x4e79f93d Exception code: 0xc0000005 Fault offset:
    0x006dad6b Faulting process id: 0x93c Faulting application start time: 0x01cc7b64e67792cf
    Faulting
    application path: C:\Program Files (x86)\Mystery of the Ancients - Lockwood Manor
    CE\MysteryoftheAncients_LockwoodManor_CE.exe Faulting module path: C:\Program Files
    (x86)\Mystery of the Ancients - Lockwood Manor CE\MysteryoftheAncients_LockwoodManor_CE.exe
    Report
    Id: 6dc74ff1-e75f-11e0-a7dd-0023ae1aecda

    Error - 9/25/2011 4:33:50 PM | Computer Name = Kathy-laptop | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 9/26/2011 8:34:40 AM | Computer Name = Kathy-laptop | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    [ System Events ]
    Error - 9/25/2011 5:24:03 AM | Computer Name = Kathy-laptop | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 9/25/2011 5:25:01 AM | Computer Name = Kathy-laptop | Source = DCOM | ID = 10016
    Description =

    Error - 9/25/2011 12:46:28 PM | Computer Name = Kathy-laptop | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 9/25/2011 12:47:22 PM | Computer Name = Kathy-laptop | Source = DCOM | ID = 10016
    Description =

    Error - 9/25/2011 4:00:19 PM | Computer Name = Kathy-laptop | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 9/25/2011 4:02:22 PM | Computer Name = Kathy-laptop | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 9/25/2011 4:03:03 PM | Computer Name = Kathy-laptop | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 9/25/2011 4:03:18 PM | Computer Name = Kathy-laptop | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 9/25/2011 4:05:25 PM | Computer Name = Kathy-laptop | Source = DCOM | ID = 10016
    Description =

    Error - 9/26/2011 12:34:14 PM | Computer Name = Kathy-laptop | Source = DCOM | ID = 10016
    Description =


    < End of report >
  7. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Before I can continue....

    You didn't say:
  8. peteskat

    peteskat TS Rookie Topic Starter

    Sorry, I'm not much of a techie - what is redirection? - if you mean did the reboot fix my icons, the answer is yes.
  9. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    You said:
  10. peteskat

    peteskat TS Rookie Topic Starter

    There is nothing in your last post ???
  11. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    What do you mean nothing?
    I asked if you're still experiencing redirection, the reason you started this topic.
     
  12. peteskat

    peteskat TS Rookie Topic Starter

    My brain isn't working today :eek:

    No, I'm not having any problems anymore - thank you so much for your help.
  13. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Good :)

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  14. peteskat

    peteskat TS Rookie Topic Starter

    I thought the problem was solved but my computer is still redirecting.

    I've completed the last steps you gave me and here are the results:

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Adobe Flash Player
    Adobe Reader X (10.1.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````

    C:\Users\Kathy\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\004AD93F.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
    C:\Users\Kathy\Downloads\Software\Malwarebytes Anti-Malware 1.50.1.1100 + Keygens [RH]\MBAM.1.50.1.1100_[RH].rar probably a variant of Win32/Agent.DXPOXSP trojan deleted - quarantined
    C:\Users\Kathy\Downloads\Software\Malwarebytes Anti-Malware 1.50.1.1100 + Keygens [RH]\MBAM.1.50.1.1100_[RH]\Malwarebytes Anti-Malware 1.50.1.1100\Keygen MBAM.1.50.1 and later (CORE)\keygen.exe probably a variant of Win32/Agent.DXPOXSP trojan cleaned by deleting - quarantined
    C:\Windows\System32\FXSAPPI.dll Win32/BHO.ODK trojan cleaned by deleting (after the next restart) - quarantined
  15. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Open IE, go Tools>Internet options>Advanced tab, click on "Reset" button.
    Restart IE.
    Still redirecting?
  16. peteskat

    peteskat TS Rookie Topic Starter

    Seems to be working fine
  17. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Good :)

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  18. peteskat

    peteskat TS Rookie Topic Starter

    otl runfix post

    All processes killed
    Error: Unable to interpret <Code:> in the current context!
    Error: Unable to interpret <---------> in the current context!
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kathy
    ->Temp folder emptied: 1102168 bytes
    ->Temporary Internet Files folder emptied: 41709517 bytes
    ->Flash cache emptied: 709 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 12166 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 635082 bytes

    Total Files Cleaned = 41.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Kathy
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point
    Error: Unable to interpret <---------> in the current context!

    OTL by OldTimer - Version 3.2.29.1 log created on 09272011_172313

    Files\Folders moved on Reboot...
    C:\Users\Kathy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
  19. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Whenever ready...
  20. peteskat

    peteskat TS Rookie Topic Starter

    Computer is doing great - thanks again.
  21. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.