Virus won't delete on restart

Resolved
By mdw90
Mar 14, 2012
Topic Status:
Not open for further replies.
  1. Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.14.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    welch :: DELL_14Z_LAPTOP [administrator]

    3/14/2012 4:09:04 AM
    mbam-log-2012-03-14 (04-09-04).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 210868
    Time elapsed: 4 minute(s), 51 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 5408 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-14 04:45:37
    Windows 6.1.7601 Service Pack 1
    Running: j38frsix.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c8093797b82
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c8093797b82 (not active ControlSet)

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\Temp\TMP0000001D52B2337DC410AFAF 524288 bytes

    ---- EOF - GMER 1.0.15 ----


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/28/2012 3:00:48 PM
    System Uptime: 3/14/2012 4:07:33 AM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0NFVTW
    Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU | 2501/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 446 GiB total, 389.376 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP26: 1/29/2012 9:02:35 AM - Windows Update
    RP27: 2/5/2012 6:14:10 PM - Scheduled Checkpoint
    RP28: 2/13/2012 7:26:51 PM - Scheduled Checkpoint
    RP29: 2/28/2012 11:53:28 AM - Windows Update
    RP30: 2/28/2012 11:56:31 AM - Windows Update
    RP31: 3/3/2012 5:57:25 PM - Windows Update
    RP32: 3/7/2012 6:20:52 AM - Windows Update
    RP33: 3/10/2012 3:06:59 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP34: 3/10/2012 3:12:31 PM - Windows Update
    RP35: 3/13/2012 4:07:47 PM - Installed WOT for Internet Explorer
    RP36: 3/13/2012 4:52:15 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    AccelerometerP11
    Accidental Damage Services Agreement
    Adobe AIR
    Adobe Community Help
    Adobe Photoshop Elements 9
    Adobe Premiere Elements 9
    Adobe Reader X MUI
    Advanced Audio FX Engine
    Banctec Service Agreement
    Bejeweled 2 Deluxe
    Black Chip Poker
    Blackhawk Striker 2
    Blio
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Chuzzle Deluxe
    Complete Care Business Service Agreement
    Consumer In-Home Service Agreement
    Cozi
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Digital Delivery
    Dell Getting Started Guide
    Dell Home Systems Service Agreement
    Dell MusicStage
    Dell PhotoStage
    Dell Stage
    Dell VideoStage
    Dell Webcam Central
    Diner Dash 2 Restaurant Rescue
    DirectX 9 Runtime
    Dora's World Adventure
    eBay
    Elements 9 Organizer
    Elements STI Installer
    Escape Whisper Valley (TM)
    Farm Frenzy
    FATE
    Final Drive Fury
    Final Drive Nitro
    Google Toolbar for Internet Explorer
    Google Update Helper
    High-Definition Video Playback
    Holdem Manager
    ImgBurn
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) WiDi
    Java Auto Updater
    Java(TM) 6 Update 27
    Jewel Quest
    Jewel Quest Solitaire 2
    Junk Mail filter update
    Luxor
    Malwarebytes Anti-Malware version 1.60.1.1000
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_CRT_x86
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Namco All-Stars PAC-MAN
    Nero 10 Movie ThemePack Basic
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    Penguins!
    PhotoShowExpress
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    PostgreSQL 8.4
    Premium Service Agreement
    QualxServ Service Agreement
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    RPM Poker
    Samantha Swift
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype™ 5.8
    SmartSound Quicktracks for Premiere Elements 9.0
    Sonic CinePlayer Decoder Pack
    SyncUP
    TableScan Turbo RC4 build 12
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update Installer for WildTangent Games App
    Virtual Villagers 4 - The Tree of Life
    Wedding Dash - Ready, Aim, Love!
    WildTangent Games
    WildTangent Games App (Dell Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Searchqu Toolbar
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/7/2012 6:20:20 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user dell_14z_laptop\welch SID (S-1-5-21-4046857109-3900067831-1562690482-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    3/14/2012 4:10:21 AM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
    3/14/2012 3:55:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    3/13/2012 5:20:35 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    3/13/2012 5:11:30 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.
    3/13/2012 4:51:52 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    3/13/2012 4:43:07 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
    3/13/2012 4:43:06 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    3/13/2012 4:43:06 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
    3/13/2012 4:19:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    3/13/2012 4:00:15 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    3/13/2012 11:17:58 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service has not been started.
    3/13/2012 11:17:58 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
    3/11/2012 10:32:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.121.1330.0).
    3/11/2012 10:32:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1319.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80070643 Error description: Fatal error during installation.
    .
    ==== End Of File ===========================

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by welch at 4:11:27 on 2012-03-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6031.4046 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\CxAudMsg64.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files (x86)\dell datasafe local backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    c:\program files (x86)\dell datasafe local backup\TOASTER.EXE
    c:\program files (x86)\dell datasafe local backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files\Conexant\SA3\SmartAudio3.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Conexant\SA3\CxUtilSvc.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
    BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{2710E467-3B00-467A-948E-9343CEF8221F} : DhcpNameServer = 192.168.2.1 192.168.2.1
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
    BHO-X64: Searchqu Toolbar - No File
    BHO-X64: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun-x64: [(Default)]
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
    IE-X64: {00710644-edb6-40fb-b3e2-51b615e97d5a} - C:\Users\welch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RPM Poker\RPM Poker.lnk
    IE-X64: {a6090802-f053-454f-85af-43d606dbe92a} - C:\Users\welch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black Chip Poker\Black Chip Poker.lnk
    AppInit_DLLs-X64: C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
    R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-8 1692480]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-8 2656280]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
    R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2012-1-8 109184]
    R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MCfilt;MCfilt;C:\Windows\system32\drivers\MCfilt64.sys --> C:\Windows\system32\drivers\MCfilt64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-28 136176]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-28 136176]
    S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-03-14 08:08:49 20480 ----a-w- C:\Windows\svchost.exe
    2012-03-14 08:00:26 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E1E9CF1-E20F-4462-8AE7-0D6341769619}\offreg.dll
    2012-03-14 07:58:45 -------- d-----w- C:\Users\welch\AppData\Roaming\Malwarebytes
    2012-03-14 07:58:33 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-03-14 07:58:32 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-14 07:58:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-03-14 01:23:07 -------- d-----w- C:\Windows\Microsoft Antimalware
    2012-03-14 01:13:41 -------- d-----w- C:\Windows\Windows Defender Offline
    2012-03-13 20:52:04 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-13 20:52:03 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-03-13 20:52:02 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-03-13 20:52:02 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-13 20:52:02 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-03-13 20:52:02 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-13 20:51:58 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-03-13 20:51:58 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-03-13 20:51:57 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-03-13 20:51:57 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-03-13 20:30:43 -------- d-----w- C:\Program Files (x86)\Windows Searchqu Toolbar
    2012-03-13 20:30:41 15360 ----a-w- C:\Windows\SysWow64\inetfr.DLL
    2012-03-13 20:30:40 40960 ----a-w- C:\Windows\SysWow64\SSubTmr6.dll
    2012-03-13 20:30:40 32768 ----a-w- C:\Windows\SysWow64\CMDLGFR.DLL
    2012-03-13 20:30:40 141312 ----a-w- C:\Windows\SysWow64\MSCMCFR.DLL
    2012-03-13 20:30:40 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL
    2012-03-13 20:30:40 101888 ----a-w- C:\Windows\SysWow64\VB6STKIT.DLL
    2012-03-13 20:30:39 -------- d-----w- C:\Users\welch\AppData\Roaming\FreeBurner
    2012-03-13 20:30:39 -------- d-----w- C:\Program Files (x86)\Free Easy CD DVD Burner
    2012-03-13 20:27:10 -------- d-----w- C:\Users\welch\AppData\Roaming\SUPERAntiSpyware.com
    2012-03-13 20:26:58 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-03-13 20:26:58 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-03-13 20:08:00 -------- d-----w- C:\Program Files\WOT
    2012-03-13 20:08:00 -------- d-----w- C:\Program Files (x86)\WOT
    2012-03-13 19:20:12 -------- d-----w- C:\Program Files (x86)\RPMPoker
    2012-03-13 17:42:43 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E1E9CF1-E20F-4462-8AE7-0D6341769619}\mpengine.dll
    2012-03-11 08:08:34 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\C41.tmp
    2012-03-11 08:08:34 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\C40.tmp
    2012-03-10 20:15:06 -------- d-----w- C:\Program Files (x86)\HEM
    2012-03-10 20:13:33 -------- d-----w- C:\Users\welch\AppData\Local\In The Money
    2012-03-10 20:13:33 -------- d-----w- C:\HMArchive
    2012-03-10 20:13:15 -------- d-----w- C:\ProgramData\XHEO INC
    2012-03-10 20:11:56 -------- d-----w- C:\Program Files (x86)\TableScan Turbo
    2012-03-10 20:10:21 -------- d-----w- C:\Users\welch\AppData\Local\IsolatedStorage
    2012-03-10 20:10:20 -------- d-----w- C:\Users\welch\AppData\Roaming\HEM Data
    2012-03-10 20:07:30 -------- d-----w- C:\Program Files (x86)\PostgreSQL
    2012-03-10 20:06:24 -------- d-----w- C:\Program Files (x86)\RVG Software
    2012-03-10 20:06:10 -------- d-----w- C:\Program Files (x86)\PSQLINSTALL
    2012-03-10 20:05:09 -------- d-----w- C:\Program Files (x86)\BlackChipPoker
    2012-02-29 20:02:49 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-28 17:19:50 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDB05B6E-329F-4D81-BED0-5ECE408C2FF4}\gapaengine.dll
    2012-02-28 17:14:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-02-28 17:14:03 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-02-28 16:53:44 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-02-28 16:53:43 -------- d-----w- C:\Windows\System32\Wat
    2012-02-25 03:09:16 -------- d-----w- C:\Users\welch\hehe
    2012-02-25 03:05:40 -------- d-----w- C:\Users\welch\AppData\Roaming\Reallusion
    .
    ==================== Find3M ====================
    .
    2012-03-10 20:03:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-01-08 09:13:59 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2012-01-08 08:41:28 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2012-01-08 07:45:10 525544 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-01-08 07:44:31 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
    2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    .
    ============= FINISH: 4:13:33.99 ===============
  2. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    I also can't install the windows update "for windows 7 for x64-based systems (KB2639308)"

    The error code is code FFFFFFFE
    This is the site it gives me for when I click more info: http://support.microsoft.com/kb/2639308
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot!Looks like your system is just about right out of the box! Install Date: 1/28/2012

    Hold off on the update for now until we get more information about the malware:

    There are several entries for Searchqu Toolbar, stealth installed, bundled with software from bandoo.com -> one on your system is Windows Searchqu Toolbar and it needs to be removed.

    Please look in your Programs list and if you see any of the following, remove them:
    Searchqu Toolbar
    Fun4IM
    Bandoo.exe

    Then use Windows Explorer to access Computer> Local Drive (C)> Programs> look for the program folders for the 3 program and do a right click> Delete on each.
    I will remove any left over entries
    =========================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===========================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =====================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
    ========================================
    Please leave the logs from Combofix and the Eset scan in your next reply.
  4. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    Yup my mom just got this laptop. :) She had Macafee trial on here but it ran out and she kept browsing sites with no antivirus or anything. I wasn't able to find the programs to delete in add/remove or just in the pulldown. I was able to do Combofix though and I'm running ESET now. Here's the Combofix log while ESET finishes scanning. Thank you! :)

    ComboFix 12-03-14.01 - welch 03/14/2012 13:53:27.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6031.4077 [GMT -4:00]
    Running from: c:\users\welch\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Windows Searchqu Toolbar
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
  5. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngrUI.exe
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\DnsBHO.dll
    c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll
    c:\program files (x86)\Windows Searchqu Toolbar\sysid.ini
    c:\program files (x86)\Windows Searchqu Toolbar\uninstall.exe
    c:\programdata\Roaming
    c:\windows\RPSETUP.EXE.LOG
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-14 18:00 . 2012-03-14 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-14 11:58 . 2012-03-14 11:58 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E1E9CF1-E20F-4462-8AE7-0D6341769619}\offreg.dll
    2012-03-14 11:58 . 2012-03-14 11:58 35664 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E1E9CF1-E20F-4462-8AE7-0D6341769619}\MpKsl953bba33.sys
    2012-03-14 08:58 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-03-14 08:58 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2012-03-14 08:58 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-03-14 08:58 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-03-14 07:58 . 2012-03-14 07:58 -------- d-----w- c:\users\welch\AppData\Roaming\Malwarebytes
    2012-03-14 07:58 . 2012-03-14 07:58 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-14 07:58 . 2012-03-14 07:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-03-14 07:58 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-14 01:23 . 2012-03-14 13:23 -------- d-----w- c:\windows\Microsoft Antimalware
    2012-03-14 01:13 . 2012-03-14 01:13 -------- d-----w- c:\windows\Windows Defender Offline
    2012-03-13 20:52 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-13 20:52 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-13 20:52 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-13 20:52 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-13 20:52 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-13 20:52 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-13 20:51 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-13 20:51 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-13 20:51 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-13 20:51 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-13 20:40 . 2012-03-13 20:41 -------- d-----w- c:\users\welch\AppData\Roaming\ImgBurn
    2012-03-13 20:34 . 2012-03-13 20:34 -------- d-----w- c:\program files (x86)\ImgBurn
    2012-03-13 20:30 . 2011-09-28 13:20 15360 ----a-w- c:\windows\SysWow64\inetfr.DLL
    2012-03-13 20:30 . 2011-09-28 13:20 40960 ----a-w- c:\windows\SysWow64\SSubTmr6.dll
    2012-03-13 20:30 . 2011-09-28 13:20 32768 ----a-w- c:\windows\SysWow64\CMDLGFR.DLL
    2012-03-13 20:30 . 2011-09-28 13:20 141312 ----a-w- c:\windows\SysWow64\MSCMCFR.DLL
    2012-03-13 20:30 . 2011-09-28 13:20 119568 ----a-w- c:\windows\SysWow64\VB6FR.DLL
    2012-03-13 20:30 . 2011-09-28 13:20 101888 ----a-w- c:\windows\SysWow64\VB6STKIT.DLL
    2012-03-13 20:30 . 2012-03-13 20:32 -------- d-----w- c:\program files (x86)\Free Easy CD DVD Burner
    2012-03-13 20:30 . 2012-03-13 20:30 -------- d-----w- c:\users\welch\AppData\Roaming\FreeBurner
    2012-03-13 20:27 . 2012-03-13 20:27 -------- d-----w- c:\users\welch\AppData\Roaming\SUPERAntiSpyware.com
    2012-03-13 20:26 . 2012-03-13 20:27 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-03-13 20:26 . 2012-03-13 20:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-03-13 20:08 . 2012-03-13 20:08 -------- d-----w- c:\program files\WOT
    2012-03-13 20:08 . 2012-03-13 20:08 -------- d-----w- c:\program files (x86)\WOT
    2012-03-13 19:20 . 2012-03-13 19:21 -------- d-----w- c:\program files (x86)\RPMPoker
    2012-03-13 17:42 . 2012-02-08 04:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E1E9CF1-E20F-4462-8AE7-0D6341769619}\mpengine.dll
    2012-03-11 08:08 . 2012-03-11 08:08 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\C41.tmp
    2012-03-11 08:08 . 2012-03-11 08:08 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\C40.tmp
    2012-03-10 20:48 . 2012-03-10 20:48 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-03-10 20:46 . 2012-03-13 19:57 -------- d-----w- c:\users\welch\AppData\Roaming\Skype
    2012-03-10 20:15 . 2012-03-10 20:17 -------- d-----w- c:\program files (x86)\HEM
    2012-03-10 20:13 . 2012-03-10 20:13 -------- d-----w- c:\users\welch\AppData\Local\In The Money
    2012-03-10 20:13 . 2012-03-10 20:13 -------- d-----w- C:\HMArchive
    2012-03-10 20:13 . 2012-03-10 20:13 -------- d-----w- c:\programdata\XHEO INC
    2012-03-10 20:11 . 2012-03-10 20:32 -------- d-----w- c:\program files (x86)\TableScan Turbo
    2012-03-10 20:10 . 2012-03-10 20:10 -------- d-----w- c:\users\welch\AppData\Local\IsolatedStorage
    2012-03-10 20:10 . 2012-03-10 20:10 -------- d-----w- c:\users\welch\AppData\Roaming\HEM Data
    2012-03-10 20:08 . 2012-03-13 21:14 -------- d-----w- c:\users\postgres
    2012-03-10 20:07 . 2012-03-10 20:07 -------- d-----w- c:\program files (x86)\PostgreSQL
    2012-03-10 20:06 . 2012-03-10 20:06 -------- d-----w- c:\program files (x86)\RVG Software
    2012-03-10 20:06 . 2012-03-10 20:10 -------- d-----w- c:\program files (x86)\PSQLINSTALL
    2012-03-10 20:05 . 2012-03-14 09:21 -------- d-----w- c:\program files (x86)\BlackChipPoker
    2012-02-29 20:02 . 2012-02-08 04:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-28 17:19 . 2012-02-28 17:19 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDB05B6E-329F-4D81-BED0-5ECE408C2FF4}\gapaengine.dll
    2012-02-28 17:14 . 2012-02-28 17:14 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-02-28 17:14 . 2012-02-28 17:14 -------- d-----w- c:\program files\Microsoft Security Client
    2012-02-28 16:53 . 2012-02-28 16:53 -------- d-----w- c:\windows\SysWow64\Wat
    2012-02-28 16:53 . 2012-02-28 16:53 -------- d-----w- c:\windows\system32\Wat
    2012-02-25 03:09 . 2012-02-25 03:09 -------- d-----w- c:\users\welch\hehe
    2012-02-25 03:05 . 2012-02-25 03:05 -------- d-----w- c:\users\welch\AppData\Roaming\Reallusion
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-10 20:03 . 2012-01-08 07:26 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-28 20:01 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-01-08 09:14 . 2012-01-08 09:14 31744 ----a-w- c:\windows\system32\drivers\usbrpm.sys
    2012-01-08 09:14 . 2012-01-08 09:14 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
    2012-01-08 09:14 . 2012-01-08 09:14 778752 ----a-w- c:\windows\system32\mssvp.dll
    2012-01-08 09:14 . 2012-01-08 09:14 75264 ----a-w- c:\windows\system32\msscntrs.dll
    2012-01-08 09:14 . 2012-01-08 09:14 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
    2012-01-08 09:14 . 2012-01-08 09:14 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
    2012-01-08 09:14 . 2012-01-08 09:14 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
    2012-01-08 09:14 . 2012-01-08 09:14 491520 ----a-w- c:\windows\system32\mssph.dll
    2012-01-08 09:14 . 2012-01-08 09:14 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2012-01-08 09:14 . 2012-01-08 09:14 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
    2012-01-08 09:14 . 2012-01-08 09:14 337408 ----a-w- c:\windows\SysWow64\mssph.dll
    2012-01-08 09:14 . 2012-01-08 09:14 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
    2012-01-08 09:14 . 2012-01-08 09:14 31232 ----a-w- c:\windows\system32\prevhost.exe
    2012-01-08 09:14 . 2012-01-08 09:14 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2012-01-08 09:14 . 2012-01-08 09:14 288256 ----a-w- c:\windows\system32\mssphtb.dll
    2012-01-08 09:14 . 2012-01-08 09:14 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
    2012-01-08 09:14 . 2012-01-08 09:14 2315776 ----a-w- c:\windows\system32\tquery.dll
    2012-01-08 09:14 . 2012-01-08 09:14 2223616 ----a-w- c:\windows\system32\mssrch.dll
    2012-01-08 09:14 . 2012-01-08 09:14 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
    2012-01-08 09:14 . 2012-01-08 09:14 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
    2012-01-08 09:14 . 2012-01-08 09:14 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
    2012-01-08 09:14 . 2012-01-08 09:14 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
    2012-01-08 09:14 . 2012-01-08 09:14 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
    2012-01-08 09:13 . 2012-01-08 09:13 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2012-01-08 09:13 . 2012-01-08 09:13 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2012-01-08 09:13 . 2012-01-08 09:13 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2012-01-08 09:13 . 2012-01-08 09:13 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2012-01-08 09:13 . 2012-01-08 09:13 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2012-01-08 09:13 . 2012-01-08 09:13 331776 ----a-w- c:\windows\system32\oleacc.dll
    2012-01-08 09:13 . 2012-01-08 09:13 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2012-01-08 09:13 . 2012-01-08 09:13 108032 ----a-w- c:\windows\system32\psisrndr.ax
    2012-01-08 09:13 . 2012-01-08 09:13 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
    2012-01-08 09:13 . 2012-01-08 09:13 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
    2012-01-08 09:13 . 2012-01-08 09:13 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
    2012-01-08 09:13 . 2012-01-08 09:13 212992 ----a-w- c:\windows\system32\odbctrac.dll
    2012-01-08 09:13 . 2012-01-08 09:13 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
    2012-01-08 09:13 . 2012-01-08 09:13 163840 ----a-w- c:\windows\system32\odbccp32.dll
    2012-01-08 09:13 . 2012-01-08 09:13 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
    2012-01-08 09:13 . 2012-01-08 09:13 106496 ----a-w- c:\windows\system32\odbccu32.dll
    2012-01-08 09:13 . 2012-01-08 09:13 106496 ----a-w- c:\windows\system32\odbccr32.dll
    2012-01-08 09:13 . 2012-01-08 09:13 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2012-01-08 09:13 . 2012-01-08 09:13 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2012-01-08 09:13 . 2012-01-08 09:13 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-01-08 09:13 . 2012-01-08 09:13 421888 ----a-w- c:\windows\system32\KernelBase.dll
    2012-01-08 09:13 . 2012-01-08 09:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 338432 ----a-w- c:\windows\system32\conhost.exe
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-29 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
    "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-01-13 1081416]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-29 136176]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-29 136176]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
    S1 MpKsl953bba33;MpKsl953bba33;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E1E9CF1-E20F-4462-8AE7-0D6341769619}\MpKsl953bba33.sys [2012-03-14 35664]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
    S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\sftservice.EXE [2011-09-22 1692480]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
    S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
    S3 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe [2011-08-12 109184]
    S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 MCfilt;MCfilt;c:\windows\system32\drivers\MCfilt64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSL953BBA33
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-29 03:41]
    .
    2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-29 03:41]
    .
    2012-01-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
    .
    2012-03-13 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 416024]
    "SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2011-08-01 1574016]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
    BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - c:\progra~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Windows Searchqu Toolbar - c:\program files (x86)\Windows Searchqu Toolbar\uninstall.exe
    AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-03-14 14:02:29
    ComboFix-quarantined-files.txt 2012-03-14 18:02
    .
    Pre-Run: 417,260,011,520 bytes free
    Post-Run: 417,199,316,992 bytes free
    .
    - - End Of File - - D9882CD60D9D8B712C03776040BB73C8
  6. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    Here's the ESET scan, I didn't remove as per requested in your instructions. All this is is the list of what ESET found.

    C:\ProgramData\Microsoft\Windows\DRM\C40.tmp Win64/Olmarik.AD trojan
    C:\ProgramData\Microsoft\Windows\DRM\C41.tmp Win64/Olmarik.AD trojan
    C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll.vir Win32/Toolbar.SearchSuite application
    C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll.vir Win32/Toolbar.SearchSuite application
    C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe.vir a variant of Win32/Toolbar.SearchSuite application
    C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll.vir Win32/Toolbar.SearchSuite application
    C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll.vir Win32/Toolbar.SearchSuite application
    C:\Users\All Users\Microsoft\Windows\DRM\C40.tmp Win64/Olmarik.AD trojan
    C:\Users\All Users\Microsoft\Windows\DRM\C41.tmp Win64/Olmarik.AD trojan
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You have 4 new entries in the Eset scan:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\ProgramData\Microsoft\Windows\DRM\C40.tmp 
      C:\ProgramData\Microsoft\Windows\DRM\C41.tmp 
      C:\Users\All Users\Microsoft\Windows\DRM\C40.tmp
      C:\Users\All Users\Microsoft\Windows\DRM\C41.tmp 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ==============================================
    About the Eset entries:
    DRM usually stands for Digitl Rights Management.. Basically and simply stated, this is to encrypt and manage the use of copywrited media. The C40 and C41 are malware in this process. Is it possible that you attempted to download media from a 'dirty' site- that is, a site that disables DRM and which has malware on it?
    -----------------
    I note that one of the deletions in Combofix rpsetup.exe is for Record Pad, Sound Recording Software from NH Software.

    Is it possible that this program was downloaded from a torrent site to bypass having to pay for the program, thus having it infect your system with malware?
    =====================================
    Another comment regarding current install of :
    Black Chip Poker
    Poker Superstars III
    RPM PokerConsider checking the legal status of the above programs in the US.
    ==============================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    RegLockDel::
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=
    RegNull::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
    
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    How is system doing now?
  8. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    It is possible I downloaded media from a "dirty site". Blackchippoker is considered a red on the web of trust however I've used it plenty of times on my desktop.

    It is not possible that I tried to bypass paying for a program, I haven't torrented since Napster days.

    The system is doing really crappy at the moment. At first I couldn't open my computer, or any of the icons on the right of the start up pulldown (Documents, Music, etc). I uninstalled MSE because it was giving me problems for Combofix. It was also telling me that there were viruses to remove and kept bugging me to download Windows defender offline beta. Before I asked for your help I did download it, install it on a flash drive, and did a full scan through it and the program found no viruses but it still detected viruses through MSE. After I couldn't open folders to attach the 1st log you wanted I restarted the system and just saw a black screen and the system wouldn't boot explorer and I couldn't do anything. It tried to send me through a start up repair but that didn't work. I just tried doing safe mode now and that seems to be going through the start up repair except I can't cancel the operation unless you want me to just manually shut it off.

    Poker Superstars 3 is a play game, RPM Poker and Blackchip you can play free money still.

    The combofix log is approximately 560,000 characters so I'm going to have to attach it and zip it (560kb unzipped) unless you want me to make 9 posts for it.

    The OTMovit log I can't access since I can't get into my computer.


    Thanks so much again for your help I really appreciate it. Hopefully the computer can stop being such a mess.

    Attached Files:

  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    If you receive Windows Update error FFFFFFFE, this means that an update cannot be installed because of a problem on your computer. This problem is usually caused by a malware (malicious software) infection. To prevent your computer from becoming unstable, Windows does not install the update.

    Update for the Windows Operating System Loader:
    Update for Windows 7 for x64-based Systems (KB2506014)

    Download the package now
    ==============================
    You need to run the following program> download it to the flash drive if you need to. If you can't run in Normal Mode. run in Safe Mode.
    • Download OTL from one of the links below and save it to your desktop.
      OTL.exe
      OTL.com
      OTL.scr
      You just need one. Sometimes the file extension gets blocked.

      Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    =====================================
    I have no idea how or why you were sent into repair or by what. I think we also need to run the following:

    Please run the MGA Diagnostics tool
    • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
    • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
    • You must choose to Run this tool when prompted.
    • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
    • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
    • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
    • Please return to this thread and Paste the results here for review.
    ------------------------------------------
    This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

    1. What edition of Windows?
    2. Does it read "OEM Software" or "OEM Product" in black lettering?
    3. Or, does it have the computer manufacturer's name in black lettering?
    4. DO NOT post the Product Key.

    NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
  10. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    I can't do any of your instructions because all I see is a black screen in safe mode/normal mode. There is no explorer to go to or anything. When I get to the black screen I can't even do ctrl+alt+del. I can move my mouse around the screen but that's it.
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Give these a try:

    If you're desktop is blank and unable to right click on it ,run this command
    Code:
    Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop[/b]
    Press Enter

    If your task manager is disabled,copy and run this command
    Code:
    Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr
    Press Enter

    There may be some other 'cosmetic' changes- we can fix those later. Let me know if the commands above don't help.
     
  12. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    I don't know what just happened but somehow the computer has a screen again. I don't know what happened, I just kept going to the bios to see if I could enter in those commands somewhere and some diagnostic tests were run. I couldn't find anywhere to enter those in so I quit and then the computer restarted and now I can see the screen. I'm going to do your last reply for what to do next.

    Edit: OTMovit was done before Combofix btw.
  13. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    All processes killed
    ========== FILES ==========
    C:\ProgramData\Microsoft\Windows\DRM\C40.tmp moved successfully.
    C:\ProgramData\Microsoft\Windows\DRM\C41.tmp moved successfully.
    File/Folder C:\Users\All Users\Microsoft\Windows\DRM\C40.tmp not found.
    File/Folder C:\Users\All Users\Microsoft\Windows\DRM\C41.tmp not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: postgres
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: welch
    ->Temp folder emptied: 217480 bytes
    ->Temporary Internet Files folder emptied: 409857886 bytes
    ->Java cache emptied: 227306 bytes
    ->Flash cache emptied: 58024 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 12184357 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 403.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 03152012_171120

    Files moved on Reboot...
    C:\Users\welch\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File C:\Windows\temp\fla1585.tmp not found!
    File C:\Windows\temp\fla2F9B.tmp not found!
    File C:\Windows\temp\fla3019.tmp not found!
    File C:\Windows\temp\fla3519.tmp not found!
    File C:\Windows\temp\fla3D54.tmp not found!
    File C:\Windows\temp\fla747B.tmp not found!
    File C:\Windows\temp\flaA877.tmp not found!
    File C:\Windows\temp\flaFAB.tmp not found!

    Registry entries deleted on Reboot...


    OTL logfile created on: 3/17/2012 5:00:31 PM - Run 1
    OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\welch\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.89 Gb Total Physical Memory | 4.19 Gb Available Physical Memory | 71.17% Memory free
    11.78 Gb Paging File | 9.90 Gb Available in Paging File | 84.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 446.13 Gb Total Space | 388.72 Gb Free Space | 87.13% Space Free | Partition Type: NTFS
    Drive E: | 15.12 Gb Total Space | 0.21 Gb Free Space | 1.36% Space Free | Partition Type: FAT32

    Computer Name: DELL_14Z_LAPTOP | User Name: welch | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\welch\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
    PRC - c:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
    PRC - c:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
    PRC - c:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
    PRC - C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe (Conexant Systems, Inc.)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
    PRC - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
    PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
    PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
    PRC - \\.\globalroot\systemroot\svchost.exe ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\99f03be29e7f6de2f4bc278b83f0761b\System.WorkflowServices.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\0113a0162fe157bb4f0130a60bbcad1a\System.ServiceModel.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\fa1161af51ab42a61bfac9d02d469a06\System.Xml.Linq.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d939fca96c3645bb8806ea8ae43cc0ca\System.IdentityModel.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bc96c5c6e644452270ff7c3d066ff713\System.Runtime.Serialization.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\281b67b96a2dd473dad4d222da0ca514\SMDiagnostics.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b74950292d5681795d9d2c1a72a79952\System.ServiceModel.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
    MOD - c:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
    MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
    SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
    SRV:64bit: - (CxUtilSvc) -- C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe (Conexant Systems, Inc.)
    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
    SRV:64bit: - (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
    SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
    SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
    SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV:64bit: - (TurboBoost) Intel(R) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (DellDigitalDelivery) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
    SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
    SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
    SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
    SRV - (SftService) -- c:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
    SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
    SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
    SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
    SRV - (AdobeActiveFileMonitor9.0) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
    SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
    SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (postgresql-8.4) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
    DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
    DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
    DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
    DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
    DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
    DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
    DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
    DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
    DRV:64bit: - (MCfilt) -- C:\Windows\SysNative\drivers\MCfilt64.sys (Creative Technology Ltd.)
    DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
    DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
    DRV - (MpKslf1aa0c3c) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E1E9CF1-E20F-4462-8AE7-0D6341769619}\MpKslf1aa0c3c.sys (Microsoft Corporation)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
    IE:64bit: - HKLM\..\SearchScopes\{52025C54-D4CB-4E3E-8BC2-7957A78259F3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
    IE - HKLM\..\SearchScopes\{52025C54-D4CB-4E3E-8BC2-7957A78259F3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_enUS468
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=421&sr=0&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()



    O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
    O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
    O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe (Conexant Systems, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2710E467-3B00-467A-948E-9343CEF8221F}: DhcpNameServer = 192.168.2.1 192.168.2.1
    O18:64bit: - Protocol\Handler\cozi - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/17 16:51:06 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\welch\Desktop\OTL.exe
    [2012/03/15 17:41:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/03/15 17:23:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/03/15 17:11:20 | 000,000,000 | ---D | C] -- C:\_OTM
    [2012/03/14 13:52:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/03/14 13:52:07 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/14 03:58:32 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/03/13 21:23:07 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
    [2012/03/13 21:13:41 | 000,000,000 | ---D | C] -- C:\Windows\Windows Defender Offline
    [2012/03/13 17:03:47 | 000,000,000 | ---D | C] -- C:\Users\welch\Desktop\sarah
    [2012/03/13 16:30:40 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
    [2012/03/10 16:13:33 | 000,000,000 | ---D | C] -- C:\HMArchive
    [2012/02/28 12:53:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2012/02/28 12:53:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

    ========== Files - Modified Within 30 Days ==========

    [2012/03/17 17:01:00 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2012/03/17 16:58:28 | 000,687,710 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/03/17 16:58:28 | 000,131,050 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/03/17 16:58:28 | 000,006,430 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/03/17 16:55:38 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/17 16:55:38 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/17 16:48:03 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/17 16:47:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/17 16:47:38 | 447,991,807 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/16 11:53:02 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\welch\Desktop\OTL.exe
    [2012/03/14 05:05:52 | 000,776,486 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/03/14 04:40:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/14 04:17:39 | 000,302,592 | ---- | M] () -- C:\Users\welch\Desktop\j38frsix.exe
    [2012/03/13 17:14:44 | 000,326,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/03/13 16:56:42 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2012/03/11 05:09:38 | 000,000,000 | ---- | M] () -- C:\Windows\HMHud.INI
    [2012/02/28 13:48:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2012/02/28 13:18:19 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/02/24 23:25:54 | 000,005,632 | ---- | M] () -- C:\Users\welch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== Files Created - No Company Name ==========

    [2012/03/14 04:17:32 | 000,302,592 | ---- | C] () -- C:\Users\welch\Desktop\j38frsix.exe
    [2012/03/13 16:56:42 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
    [2012/03/13 16:34:21 | 000,001,883 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
    [2012/03/11 05:09:38 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
    [2012/02/28 13:48:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2012/02/28 13:18:19 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/02/28 13:14:09 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/02/24 23:06:25 | 000,005,632 | ---- | C] () -- C:\Users\welch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/01/08 04:43:20 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
    [2012/01/08 04:42:44 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2012/01/08 04:42:41 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2012/01/08 04:42:39 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/01/08 04:42:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2012/01/08 04:42:36 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/02/10 12:10:51 | 000,776,486 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== LOP Check ==========

    [2012/01/29 09:54:17 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2009/07/14 01:08:49 | 000,015,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/03/17 17:01:00 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: EXPLORER.EXE >
    [2012/01/08 05:13:49 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2012/01/08 05:13:49 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2012/01/08 05:13:49 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2012/01/08 05:13:49 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2012/01/08 05:13:49 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2012/01/08 05:13:49 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

    < %systemroot%\*. /mp /s >

    < End of report >
  14. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    OTL Extras logfile created on: 3/17/2012 5:00:31 PM - Run 1
    OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\welch\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.89 Gb Total Physical Memory | 4.19 Gb Available Physical Memory | 71.17% Memory free
    11.78 Gb Paging File | 9.90 Gb Available in Paging File | 84.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 446.13 Gb Total Space | 388.72 Gb Free Space | 87.13% Space Free | Partition Type: NTFS
    Drive E: | 15.12 Gb Total Space | 0.21 Gb Free Space | 1.36% Space Free | Partition Type: FAT32

    Computer Name: DELL_14Z_LAPTOP | User Name: welch | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
    "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
    "{295AEB79-B53A-4F1B-860F-7800BB7E3681}" = Intel(R) PROSet/Wireless WiFi Software
    "{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
    "{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT for Internet Explorer
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "CNXT_AUDIO_HDA" = Conexant SmartAudio HD
    "Dell Support Center" = Dell Support Center
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Dell Touchpad

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B82D6C6-9ECC-4710-97AB-5CE482E72852}_is1" = TableScan Turbo RC4 build 12
    "{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel(R) WiDi
    "{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
    "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio
    "{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
    "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
    "{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}" = Dell Digital Delivery
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
    "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
    "{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage
    "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
    "{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Dell Webcam Central" = Dell Webcam Central
    "HoldemManager" = Holdem Manager
    "ImgBurn" = ImgBurn
    "InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
    "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "PostgreSQL 8.4" = PostgreSQL 8.4
    "PremElem90" = Adobe Premiere Elements 9
    "ProInst" = Intel PROSet Wireless
    "WildTangent dell Master Uninstall" = WildTangent Games
    "Windows Searchqu Toolbar" = Windows Searchqu Toolbar
    "WinLiveSuite" = Windows Live Essentials
    "WT089409" = Bejeweled 2 Deluxe
    "WT089410" = Blackhawk Striker 2
    "WT089411" = Build-a-lot 2
    "WT089412" = Cake Mania
    "WT089413" = Chuzzle Deluxe
    "WT089414" = Diner Dash 2 Restaurant Rescue
    "WT089415" = Dora's World Adventure
    "WT089418" = FATE
    "WT089420" = Jewel Quest
    "WT089422" = Jewel Quest Solitaire 2
    "WT089426" = Poker Superstars III
    "WT089430" = Virtual Villagers 4 - The Tree of Life
    "WT089433" = Polar Golfer
    "WT089434" = Escape Whisper Valley (TM)
    "WT089440" = Namco All-Stars PAC-MAN
    "WT089443" = Bounce Symphony
    "WT089444" = Final Drive Nitro
    "WT089445" = Penguins!
    "WT089446" = Wedding Dash - Ready, Aim, Love!
    "WT089448" = Zuma Deluxe
    "WT089450" = Farm Frenzy
    "WT089452" = Plants vs. Zombies - Game of the Year
    "WT089499" = Final Drive Fury
    "WT089503" = Samantha Swift
    "WT089507" = Luxor
    "WT089508" = Polar Bowler
    "ZinioReader4" = Zinio Reader 4

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Black Chip Poker" = Black Chip Poker
    "RPM Poker" = RPM Poker

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/17/2012 4:48:11 PM | Computer Name = dell_14z_laptop | Source = PostgreSQL | ID = 0
    Description = 2012-03-17 16:48:11 EDTFATAL: the database system is starting up

    Error - 3/17/2012 4:48:12 PM | Computer Name = dell_14z_laptop | Source = PostgreSQL | ID = 0
    Description = 2012-03-17 16:48:12 EDTFATAL: the database system is starting up

    Error - 3/17/2012 4:48:15 PM | Computer Name = dell_14z_laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 3/17/2012 4:48:15 PM | Computer Name = dell_14z_laptop | Source = PostgreSQL | ID = 0
    Description = 2012-03-17 16:48:15 EDTFATAL: the database system is starting up

    Error - 3/17/2012 4:48:19 PM | Computer Name = dell_14z_laptop | Source = PostgreSQL | ID = 0
    Description = 2012-03-17 16:48:19 EDTFATAL: the database system is starting up

    Error - 3/17/2012 4:48:26 PM | Computer Name = dell_14z_laptop | Source = PostgreSQL | ID = 0
    Description = 2012-03-17 16:48:26 EDTFATAL: the database system is starting up

    Error - 3/17/2012 4:52:20 PM | Computer Name = dell_14z_laptop | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 3/17/2012 4:52:20 PM | Computer Name = dell_14z_laptop | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    Error - 3/17/2012 4:58:25 PM | Computer Name = dell_14z_laptop | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 3/17/2012 4:58:25 PM | Computer Name = dell_14z_laptop | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    [ Dell Events ]
    Error - 1/28/2012 4:51:19 PM | Computer Name = dell_14z_laptop | Source = DataSafe | ID = 3
    Description = Failed or cancelled

    Error - 1/28/2012 5:23:31 PM | Computer Name = dell_14z_laptop | Source = DataSafe | ID = 3
    Description = Failed or cancelled

    Error - 1/28/2012 5:23:45 PM | Computer Name = dell_14z_laptop | Source = DataSafe | ID = 3
    Description = Failed or cancelled

    Error - 1/28/2012 7:10:55 PM | Computer Name = dell_14z_laptop | Source = DataSafe | ID = 3
    Description = Failed or cancelled

    Error - 1/28/2012 11:09:56 PM | Computer Name = dell_14z_laptop | Source = DataSafe | ID = 3
    Description = Failed or cancelled

    Error - 1/28/2012 11:28:49 PM | Computer Name = dell_14z_laptop | Source = DataSafe | ID = 3
    Description = Failed or cancelled

    [ System Events ]
    Error - 3/11/2012 10:32:28 PM | Computer Name = dell_14z_laptop | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.121.1319.0 Update Source: %%859 Update Stage:
    %%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error
    code: 0x80070643 Error description: Fatal error during installation.

    Error - 3/11/2012 10:32:32 PM | Computer Name = dell_14z_laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138
    (Definition 1.121.1330.0).

    Error - 3/12/2012 7:38:09 AM | Computer Name = dell_14z_laptop | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 3/12/2012 7:38:39 AM | Computer Name = dell_14z_laptop | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 3/12/2012 7:39:01 AM | Computer Name = dell_14z_laptop | Source = Service Control Manager | ID = 7034
    Description = The Dell Digital Delivery Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 3/12/2012 3:33:53 PM | Computer Name = dell_14z_laptop | Source = Service Control Manager | ID = 7034
    Description = The Dell Digital Delivery Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 3/12/2012 5:34:14 PM | Computer Name = dell_14z_laptop | Source = iaStor | ID = 262153
    Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
    period.

    Error - 3/13/2012 1:34:33 PM | Computer Name = dell_14z_laptop | Source = Service Control Manager | ID = 7034
    Description = The Dell Digital Delivery Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 3/13/2012 1:40:50 PM | Computer Name = dell_14z_laptop | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 3/13/2012 4:00:15 PM | Computer Name = dell_14z_laptop | Source = iaStor | ID = 262153
    Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
    period.


    < End of report >


    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-*****-*****-*****
    Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
    Windows Product ID: 00359-OEM-8992687-00095
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {8674C422-7277-4E44-ADE3-6DC64A074DE1}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.110622-1506
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{8674C422-7277-4E44-ADE3-6DC64A074DE1}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-4046857109-3900067831-1562690482</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell System Inspiron N411Z</Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A02</Version><SMBIOSVersion major="2" minor="6"/><Date>20111019000000.000000+000</Date></BIOS><HWID>97DE3107018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>QA09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, HomePremium edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00359-00178-926-800095-02-1033-7601.0000-0082012
    Installation ID: 017841974203135844195383221172032862012774349203147495
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: RMV82
    License Status: Licensed
    Remaining Windows rearm count: 2
    Trusted time: 3/17/2012 5:03:36 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: N/A
    HealthStatus: 0x0000000000000000
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LgAAAAEAAQABAAEAAAABAAAAAwABAAEAonZEeHIOCsJUaITSnumqJxDGVAkucw==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC DELL QA09
    FACP DELL QA09
    HPET DELL QA09
    MCFG DELL QA09
    SLIC DELL QA09
    SSDT DELL PtidDevc
    ASF! DELL QA09
    SSDT DELL PtidDevc
    SSDT DELL PtidDevc
    UEFI DELL QA09
    UEFI DELL QA09
    UEFI DELL QA09
  15. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    I just restarted the computer to check to see if the black screen went away. It partially did. When I boot up, the black screen is there right before the log onto username screen for about 2-3 seconds. I can then log into my username still. I can also still go onto the internet with the computer. I did a MSE scan and it still says that the virus is there (I didn't try removing it because I figured that would mess things up more possibly). Hope this status report is a little helpful. Thanks! :)
  16. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    Bump since it's been a few days.
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please contact Microsoft and validate the OS. That's why you can't update.

    I am struggling with you comment about this being you mom's laptop. In slightly over a month from install date, you loaded it with poker sites for games, poker discussions and a few other poker related processes. When you started he thread, you gave me only the subject with no details, but as we go along, you mention one problem, then another.

    If you want you mother's computer clean, remove the poker sites for games and discussions. Have her install a current working AV, firewall and at least 2 anti spyware programs.

    You will have to unzip and paste the Combofix log in to continue.
  18. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    I only wanted to use it while I was on spring break. The OS is registered with Microsoft, Microsoft installed like 7/8 updates but won't install this one for some reason. I think the virus is causing this. I've been letting you know all problems that come up after I've been doing the fixes. I don't need anything on that computer anymore. I will uninstall all poker related things if it helps and do the 5 step process again once I have uninstalled everything and reinstalled MSE, malwarebytes, and Super.
     
  19. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.20.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    welch :: DELL_14Z_LAPTOP [administrator]

    3/20/2012 8:54:41 PM
    mbam-log-2012-03-20 (20-54-41).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218889
    Time elapsed: 5 minute(s), 45 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 3760 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-20 21:46:32
    Windows 6.1.7601 Service Pack 1
    Running: pdmfw3oq.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c8093797b82
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c8093797b82 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
  20. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by welch at 21:21:36 on 2012-03-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6031.4344 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Windows\system32\CxAudMsg64.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files (x86)\dell datasafe local backup\sftservice.EXE
    C:\Program Files (x86)\Skype\Updater\Updater.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files (x86)\dell datasafe local backup\TOASTER.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    c:\program files (x86)\dell datasafe local backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Conexant\SA3\SmartAudio3.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
    C:\Program Files\Conexant\SA3\CxUtilSvc.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
    BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    TCP: DhcpNameServer = 137.99.25.14 137.99.203.20
    TCP: Interfaces\{2710E467-3B00-467A-948E-9343CEF8221F} : DhcpNameServer = 137.99.25.14 137.99.203.20
    TCP: Interfaces\{2710E467-3B00-467A-948E-9343CEF8221F}\541676C656F4E656 : DhcpNameServer = 192.168.2.1 192.168.2.1
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
    BHO-X64: Searchqu Toolbar - No File
    BHO-X64: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun-x64: [(Default)]
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
    AppInit_DLLs-X64: C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
    R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-8 1692480]
    R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2012-1-8 109184]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MCfilt;MCfilt;C:\Windows\system32\drivers\MCfilt64.sys --> C:\Windows\system32\drivers\MCfilt64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-28 136176]
    S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-8 2656280]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
    S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
    S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-28 136176]
    S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
    S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-03-21 01:20:49 20480 ----a-w- C:\Windows\svchost.exe
    2012-03-21 00:48:39 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A739D855-4D3E-4C73-AD56-297C245CDBD0}\gapaengine.dll
    2012-03-21 00:48:30 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FF191E7C-393D-4A89-B8BA-44B8873D8A68}\mpengine.dll
    2012-03-21 00:46:01 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-21 00:46:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-03-21 00:45:44 -------- d-----w- C:\Users\welch\AppData\Roaming\SUPERAntiSpyware.com
    2012-03-21 00:45:33 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-03-21 00:45:33 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-03-21 00:44:53 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-03-21 00:44:49 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-03-17 21:21:39 -------- d-----w- C:\Users\welch\AppData\Local\Diagnostics
    2012-03-17 21:03:44 -------- d-----w- C:\MGADiagToolOutput
    2012-03-15 21:11:20 -------- d-----w- C:\_OTM
    2012-03-14 18:07:22 -------- d-----w- C:\Program Files (x86)\ESET
    2012-03-14 08:58:23 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-03-14 08:58:23 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-03-14 08:58:23 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2012-03-14 08:58:23 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-03-14 07:58:45 -------- d-----w- C:\Users\welch\AppData\Roaming\Malwarebytes
    2012-03-14 07:58:33 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-03-14 01:23:07 -------- d-----w- C:\Windows\Microsoft Antimalware
    2012-03-14 01:13:41 -------- d-----w- C:\Windows\Windows Defender Offline
    2012-03-13 20:52:04 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-13 20:52:03 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-03-13 20:52:02 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-03-13 20:52:02 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-13 20:52:02 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-03-13 20:52:02 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-13 20:51:58 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-03-13 20:51:58 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-03-13 20:51:57 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-03-13 20:51:57 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-03-13 20:30:43 -------- d-----w- C:\Program Files (x86)\Windows Searchqu Toolbar
    2012-03-13 20:30:41 15360 ----a-w- C:\Windows\SysWow64\inetfr.DLL
    2012-03-13 20:30:40 40960 ----a-w- C:\Windows\SysWow64\SSubTmr6.dll
    2012-03-13 20:30:40 32768 ----a-w- C:\Windows\SysWow64\CMDLGFR.DLL
    2012-03-13 20:30:40 141312 ----a-w- C:\Windows\SysWow64\MSCMCFR.DLL
    2012-03-13 20:30:40 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL
    2012-03-13 20:30:40 101888 ----a-w- C:\Windows\SysWow64\VB6STKIT.DLL
    2012-03-13 20:30:39 -------- d-----w- C:\Users\welch\AppData\Roaming\FreeBurner
    2012-03-13 20:30:39 -------- d-----w- C:\Program Files (x86)\Free Easy CD DVD Burner
    2012-03-13 20:08:00 -------- d-----w- C:\Program Files\WOT
    2012-03-13 20:08:00 -------- d-----w- C:\Program Files (x86)\WOT
    2012-03-10 20:15:06 -------- d-----w- C:\Program Files (x86)\HEM
    2012-03-10 20:13:33 -------- d-----w- C:\Users\welch\AppData\Local\In The Money
    2012-03-10 20:13:33 -------- d-----w- C:\HMArchive
    2012-03-10 20:13:15 -------- d-----w- C:\ProgramData\XHEO INC
    2012-03-10 20:11:56 -------- d-----w- C:\Program Files (x86)\TableScan Turbo
    2012-03-10 20:10:21 -------- d-----w- C:\Users\welch\AppData\Local\IsolatedStorage
    2012-03-10 20:10:20 -------- d-----w- C:\Users\welch\AppData\Roaming\HEM Data
    2012-03-10 20:07:30 -------- d-----w- C:\Program Files (x86)\PostgreSQL
    2012-03-10 20:06:24 -------- d-----w- C:\Program Files (x86)\RVG Software
    2012-03-10 20:06:10 -------- d-----w- C:\Program Files (x86)\PSQLINSTALL
    2012-02-28 16:53:44 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-02-28 16:53:43 -------- d-----w- C:\Windows\System32\Wat
    2012-02-25 03:09:16 -------- d-----w- C:\Users\welch\hehe
    2012-02-25 03:05:40 -------- d-----w- C:\Users\welch\AppData\Roaming\Reallusion
    .
    ==================== Find3M ====================
    .
    2012-03-10 20:03:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-01-08 09:13:59 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2012-01-08 08:41:28 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2012-01-08 07:45:10 525544 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-01-08 07:44:31 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    .
    ============= FINISH: 21:23:25.50 ===============
  21. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/28/2012 3:00:48 PM
    System Uptime: 3/20/2012 9:19:43 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0NFVTW
    Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU | 2501/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 446 GiB total, 388.498 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP37: 3/14/2012 4:58:31 AM - Windows Update
    RP38: 3/14/2012 5:11:30 AM - Windows Update
    RP39: 3/14/2012 5:15:07 AM - Windows Update
    RP40: 3/14/2012 7:31:09 AM - Windows Update
    RP41: 3/17/2012 4:56:56 PM - OTL Restore Point - 3/17/2012 4:56:54 PM
    RP42: 3/17/2012 5:25:27 PM - Windows Update
    RP43: 3/20/2012 8:47:32 PM - Windows Update
    RP44: 3/20/2012 8:49:58 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    AccelerometerP11
    Accidental Damage Services Agreement
    Adobe AIR
    Adobe Community Help
    Adobe Photoshop Elements 9
    Adobe Premiere Elements 9
    Adobe Reader X MUI
    Advanced Audio FX Engine
    Banctec Service Agreement
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Blio
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Chuzzle Deluxe
    Complete Care Business Service Agreement
    Consumer In-Home Service Agreement
    Cozi
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Digital Delivery
    Dell Getting Started Guide
    Dell Home Systems Service Agreement
    Dell MusicStage
    Dell PhotoStage
    Dell Stage
    Dell VideoStage
    Dell Webcam Central
    Diner Dash 2 Restaurant Rescue
    DirectX 9 Runtime
    Dora's World Adventure
    eBay
    Elements 9 Organizer
    Elements STI Installer
    Escape Whisper Valley (TM)
    Farm Frenzy
    FATE
    Final Drive Fury
    Final Drive Nitro
    Google Toolbar for Internet Explorer
    Google Update Helper
    High-Definition Video Playback
    ImgBurn
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) WiDi
    Java Auto Updater
    Java(TM) 6 Update 27
    Jewel Quest
    Jewel Quest Solitaire 2
    Junk Mail filter update
    Luxor
    Malwarebytes Anti-Malware version 1.60.1.1000
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_CRT_x86
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Namco All-Stars PAC-MAN
    Nero 10 Movie ThemePack Basic
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    Penguins!
    PhotoShowExpress
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Premium Service Agreement
    QualxServ Service Agreement
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Samantha Swift
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype™ 5.8
    SmartSound Quicktracks for Premiere Elements 9.0
    Sonic CinePlayer Decoder Pack
    SyncUP
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update Installer for WildTangent Games App
    Virtual Villagers 4 - The Tree of Life
    Wedding Dash - Ready, Aim, Love!
    WildTangent Games
    WildTangent Games App (Dell Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Searchqu Toolbar
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/20/2012 9:22:29 PM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
    3/20/2012 8:50:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).
    3/20/2012 8:45:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    3/20/2012 8:45:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/20/2012 8:45:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/20/2012 8:45:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/20/2012 8:45:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/20/2012 8:45:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/20/2012 8:45:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/20/2012 8:45:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: dell_14z_laptop\welch Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/20/2012 8:45:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: dell_14z_laptop\welch Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/20/2012 8:45:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: dell_14z_laptop\welch Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/20/2012 8:45:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: dell_14z_laptop\welch Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/20/2012 8:45:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    3/20/2012 8:45:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: dell_14z_laptop\welch Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/20/2012 8:45:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: dell_14z_laptop\welch Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/20/2012 8:45:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: dell_14z_laptop\welch Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/20/2012 8:45:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: dell_14z_laptop\welch Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 5:25:30 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
    3/17/2012 5:21:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    3/17/2012 5:21:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: dell_14z_laptop\welch Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 5:21:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: dell_14z_laptop\welch Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 5:21:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: dell_14z_laptop\welch Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 5:21:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: dell_14z_laptop\welch Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 5:21:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: dell_14z_laptop\welch Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 5:21:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: dell_14z_laptop\welch Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 5:21:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: dell_14z_laptop\welch Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 5:21:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: dell_14z_laptop\welch Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:58:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:58:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:58:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    3/17/2012 4:58:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:58:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:58:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:58:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:53:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    3/17/2012 4:48:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    3/17/2012 4:48:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:48:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:48:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:48:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:48:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:48:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:48:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:48:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:48:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:48:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 4:47:51 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Backup Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
    3/17/2012 2:18:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 2:18:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 2:18:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 2:18:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 2:18:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 2:18:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 2:18:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 2:18:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 2:18:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 2:18:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    3/17/2012 2:18:13 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    3/15/2012 5:44:14 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    3/15/2012 5:44:03 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: A device attached to the system is not functioning.
    3/15/2012 5:39:35 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    3/15/2012 5:39:13 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    3/15/2012 5:33:07 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/15/2012 5:23:52 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003077f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031512-21169-01.
    3/15/2012 5:11:20 PM, Error: Service Control Manager [7034] - The Adobe Active File Monitor V9 service terminated unexpectedly. It has done this 1 time(s).
    3/14/2012 8:08:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    3/14/2012 1:55:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1437.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    3/13/2012 5:20:35 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    3/13/2012 5:11:30 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.
    3/13/2012 4:51:52 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    3/13/2012 4:43:07 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
    3/13/2012 4:43:06 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    3/13/2012 4:43:06 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
    3/13/2012 4:19:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    3/13/2012 11:17:58 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service has not been started.
    3/13/2012 11:17:58 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
    .
    ==== End Of File ===========================
  22. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    Did my logs change a lot from when I first made this topic? My mom's computer is doing very well currently and is able to go on the internet and all of that stuff. The only thing that's wrong is that one windows update not installing. I didn't try scanning with MSE or malwarebytes again after I just had these scans run because I figure that will only hurt things more. Please let me know what else I can do to help fix the problem. I won't be using the computer/internet other than the things you tell me to do while using a flash drive to transfer files back and forth.
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    The system needs to be validated. Please contact Microsoft.

    And I am still puzzled by "mom's" computer. For instance:
    The system lists multiple files from 1/8/2012, but install date of 1/28/2012

    For Windows 7 Kernel Architecture Changes - api-ms-win-core files
    2012-01-08 09:13 421888 ----a-w- c:\windows\system32\KernelBase.dll
    API-MS-Win-Core List: http://www.nirsoft.net/artic/windows_7_kernel_architecture_changes.html
    2012-01-08 09:13 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2012-01-08 09:13 . 2012-01-08 09:13 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    ---------------------
    2012-01-08 09:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll>> C:\Windows\AppPatch
    This directory holds various application patches. These often make older programs compatible with the current OS.

    System hasn't been validated. Multiple poker programs and games. Additionally, the updates for Microsoft antimalware won't work. There are pages and pages of failures for this.

    Does "mom" know there is an entire other set of processes hidden within the Cryptography key?
  24. mdw90

    mdw90 Newcomer, in training Topic Starter Posts: 44

    I'm taking it in to a tech shop because this has taken so long. Please close the topic and I appreciate all the help you've given me.
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Thank you for the update. Thread is closed.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.