Solved Ie redirect and occassional blue screen

Status
Not open for further replies.
J

jonnyd1013

Posts: 11   +0
I have completed steps 1-8, and the following logs are attached
 

Attachments

  • gmer.log
    1.3 KB · Views: 0
  • AVSCAN-20110113-002727-0B546BFE.LOG
    18.6 KB · Views: 0
  • mbam-log-2011-01-13 (01-15-39).txt
    886 bytes · Views: 0
  • DDS.txt
    15 KB · Views: 0
sorry, pasted logs mbam and gmer

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5509

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

1/13/2011 1:15:39 AM
mbam-log-2011-01-13 (01-15-39).txt

Scan type: Quick scan
Objects scanned: 137651
Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-13 01:57:20
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 IC25N060ATMR04-0 rev.MO3OAD4A
Running: b3u3knj1.exe; Driver: C:\Users\Jonathan\AppData\Local\Temp\fwlyrkow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 117209984 (+255): rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskIC25N060ATMR04-0________________________MO3OAD4A#5&15026cd6&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----
 
pasted DDS

DDS (Ver_10-12-12.02) - NTFSx86
Run by Jonathan at 14:22:24.32 on Thu 01/13/2011
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.420 [GMT -5:00]

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jonathan\Desktop\dds (1).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {00F2C0C6-2194-484E-9064-44E57787867B} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\jonathan\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\jonathan\appdata\roaming\mozilla\firefox\profiles\sp3jt2d3.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\jonathan\appdata\roaming\mozilla\firefox\profiles\sp3jt2d3.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\jonathan\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\jonathan\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-13 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-13 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-13 61960]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-12 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-3 1343400]

=============== Created Last 30 ================

2011-01-13 09:10:53 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-01-13 09:10:49 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{1caabc97-26b0-4246-a273-33bc8a253ef8}\mpengine.dll
2011-01-13 06:18:55 -------- d-----w- c:\users\jonathan\appdata\roaming\Avira
2011-01-13 06:08:24 -------- d-----w- c:\users\jonathan\appdata\roaming\Malwarebytes
2011-01-13 06:08:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-13 06:08:03 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-13 06:07:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-13 06:07:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 05:16:43 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-13 05:16:41 -------- d-----w- c:\program files\Avira
2011-01-13 05:16:41 -------- d-----w- c:\progra~2\Avira
2011-01-13 04:22:59 289792 ----a-w- c:\program files\internet explorer\networkinspection.dll
2011-01-13 04:21:58 3181568 ----a-w- c:\windows\system32\mf.dll
2011-01-13 04:21:58 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-13 04:21:57 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-01-13 04:21:12 804864 ----a-w- c:\windows\system32\FntCache.dll
2011-01-13 04:21:12 737280 ----a-w- c:\windows\system32\d2d1.dll
2011-01-13 04:21:12 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-13 04:21:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-13 04:21:12 1076224 ----a-w- c:\windows\system32\DWrite.dll
2011-01-13 04:20:31 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-13 04:20:31 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-13 04:19:45 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-01-13 04:19:01 -------- d-----w- c:\program files\Feedback Tool
2011-01-09 22:17:41 -------- d-----w- c:\program files\Symantec
2011-01-09 22:17:41 -------- d-----w- c:\program files\common files\Symantec Shared
2011-01-09 22:15:26 -------- d-----w- c:\program files\Norton 360
2011-01-09 22:15:25 -------- d-----w- c:\progra~2\Norton
2011-01-09 22:15:09 -------- d-----w- c:\program files\NortonInstaller
2011-01-09 22:15:09 -------- d-----w- c:\progra~2\NortonInstaller
2011-01-07 15:13:53 -------- d-----w- c:\progra~2\BDLogging
2011-01-07 07:40:52 -------- d-----w- C:\294a13f0dec86ff325e1
2011-01-07 05:24:16 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-07 04:47:48 -------- d-----w- c:\program files\MSSOAP
2011-01-07 04:47:48 -------- d-----w- c:\program files\common files\MSSoap
2011-01-07 04:32:42 -------- d-----w- c:\users\jonathan\appdata\roaming\QuickScan
2011-01-07 04:31:55 -------- d-----w- c:\program files\common files\BitDefender
2011-01-07 04:31:28 581108 ----a-w- c:\progra~2\bdinstall.bin
2011-01-06 19:30:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-06 19:30:41 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-31 20:59:19 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
2010-12-31 06:28:19 -------- d-----w- c:\program files\uTorrent
2010-12-31 06:27:40 -------- d-----w- c:\users\jonathan\appdata\roaming\uTorrent
2010-12-27 04:03:30 -------- d-----w- c:\windows\system32\appmgmt
2010-12-26 04:10:08 -------- d-----w- c:\users\jonathan\appdata\roaming\Hulabee
2010-12-26 04:01:06 -------- d-----w- c:\users\jonathan\appdata\local\RadonLabs
2010-12-26 03:58:24 -------- d-----w- c:\program files\OXXOGames
2010-12-26 03:08:59 70088 ----a-w- c:\windows\system32\Project2-1.ocx
2010-12-26 03:08:59 101888 ----a-w- c:\windows\system32\Vb6stkit.dll
2010-12-26 03:06:27 -------- d-----w- c:\program files\eGames
2010-12-25 22:31:03 -------- d-----w- c:\users\jonathan\appdata\roaming\Ascaron Entertainment
2010-12-25 22:22:00 -------- d-----w- c:\program files\Cinemaware Marquee
2010-12-21 18:48:29 -------- d-----w- c:\program files\MSECache
2010-12-16 02:11:33 -------- d-----w- c:\windows\rescache
2010-12-14 20:12:40 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore-6\Microsoft.MediaCenter.Sports.UI.dll

==================== Find3M ====================

2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-10-19 20:51:33 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: IC25N060ATMR04-0 rev.MO3OAD4A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8540F555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x854157b0]; MOV EAX, [0x8541582c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x82848EE0] -> \Device\Harddisk0\DR0[0x853E7A18]
3 CLASSPNP[0x87E5759E] -> nt!IofCallDriver[0x82848EE0] -> [0x84F7C898]
5 ACPI[0x8323A3B2] -> nt!IofCallDriver[0x82848EE0] -> \IdeDeviceP0T0L0-0[0x84F76030]
\Driver\atapi[0x853F6318] -> IRP_MJ_CREATE -> 0x8540F555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskIC25N060ATMR04-0________________________MO3OAD4A#5&15026cd6&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 117210238 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 14:23:33.00 ===============
 
attached

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/1/2010 4:37:44 AM
System Uptime: 1/13/2011 11:05:26 AM (3 hours ago)

Motherboard: TOSHIBA | | EAL20
Processor: Intel(R) Celeron(R) M processor 1.30GHz | BAN | 1298/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 36.684 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description:
Device ID: ACPI\CMP0101\2&DABA3FF&1
Manufacturer:
Name:
PNP Device ID: ACPI\CMP0101\2&DABA3FF&1
Service:

Class GUID:
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_3582&SUBSYS_FF001179&REV_02\3&18D45AA6&0&11
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_3582&SUBSYS_FF001179&REV_02\3&18D45AA6&0&11
Service:

==== System Restore Points ===================

RP65: 1/12/2011 9:53:10 PM - Scheduled Checkpoint
RP66: 1/12/2011 11:18:54 PM - Windows Update
RP67: 1/12/2011 11:20:10 PM - Windows Update
RP68: 1/12/2011 11:20:51 PM - Windows Update
RP69: 1/12/2011 11:21:36 PM - Windows Update
RP70: 1/12/2011 11:22:27 PM - Windows Update

==== Installed Programs ======================

µTorrent
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X
Avira AntiVir Personal - Free Antivirus
Blingo
Definition update for Microsoft Office 2010 (KB982726)
EVEREST Ultimate Edition v5.50
Extreme Animal Puzzles
Extreme Bugs Puzzles
Extreme Orchid Puzzles
Feedback Tool
Geo Jump
Google Chrome
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Hangman Wild West II
Java Auto Updater
Java(TM) 6 Update 23
Mahjongg Jr.
Malwarebytes' Anti-Malware
Mega Match
Memory Machine
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SOAP Toolkit 3.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.13)
PDF Settings CS5
Peggle Deluxe
Puzzle Master 3 SE
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Snakes and Ladders
TV Guide Crosswords
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
Winamp
Winamp Detector Plug-in
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

1/9/2011 9:48:09 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JUDITH-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{56669001-DA52-4181-B6F0-6AB0. The master browser is stopping or an election is being forced.
1/9/2011 6:52:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
1/9/2011 6:51:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
1/9/2011 6:50:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
1/9/2011 6:50:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/7/2011 9:21:12 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 45 time(s).
1/7/2011 9:21:06 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 44 time(s).
1/7/2011 9:20:58 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 43 time(s).
1/7/2011 9:20:53 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 42 time(s).
1/7/2011 9:20:22 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 41 time(s).
1/7/2011 9:20:16 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 40 time(s).
1/7/2011 9:19:49 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 39 time(s).
1/7/2011 9:19:43 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 38 time(s).
1/7/2011 8:21:35 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 37 time(s).
1/7/2011 8:21:00 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 36 time(s).
1/7/2011 8:20:22 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 35 time(s).
1/7/2011 8:20:16 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 34 time(s).
1/7/2011 8:19:49 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 33 time(s).
1/7/2011 8:19:43 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 32 time(s).
1/7/2011 7:23:31 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 31 time(s).
1/7/2011 7:23:18 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 30 time(s).
1/7/2011 7:22:19 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 29 time(s).
1/7/2011 7:22:13 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 28 time(s).
1/7/2011 7:22:00 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 27 time(s).
1/7/2011 7:21:51 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 26 time(s).
1/7/2011 7:20:54 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 25 time(s).
1/7/2011 7:20:49 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 24 time(s).
1/7/2011 7:20:03 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 23 time(s).
1/7/2011 7:19:56 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 22 time(s).
1/7/2011 6:52:05 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 21 time(s).
1/7/2011 6:51:59 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 20 time(s).
1/7/2011 6:21:47 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 19 time(s).
1/7/2011 6:21:42 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 18 time(s).
1/7/2011 6:21:37 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 17 time(s).
1/7/2011 6:21:31 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 16 time(s).
1/7/2011 6:20:38 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 15 time(s).
1/7/2011 6:20:33 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 14 time(s).
1/7/2011 6:19:44 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 13 time(s).
1/7/2011 6:07:51 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 12 time(s).
1/7/2011 6:07:51 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 4 time(s).
1/7/2011 6:07:19 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).
1/7/2011 6:06:19 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 11 time(s).
1/7/2011 6:06:01 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 10 time(s).
1/7/2011 6:03:23 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 9 time(s).
1/7/2011 6:02:46 PM, Error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 3 time(s).
1/7/2011 6:02:46 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).
1/7/2011 6:02:46 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/7/2011 6:02:45 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The operation completed successfully.
1/7/2011 6:01:45 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/7/2011 5:47:10 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2011 5:44:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/7/2011 5:44:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/7/2011 5:44:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/7/2011 5:44:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/7/2011 5:44:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/7/2011 5:44:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/7/2011 5:43:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Bdfndisf bdfsfltr bdfwfpf Bdvedisk CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 5:43:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x9b00fa00, 0x00000002, 0x00000000, 0x83392fb6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010711-24453-01.
1/7/2011 3:43:02 PM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The pipe has been ended.
1/7/2011 3:43:02 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The pipe has been ended.
1/7/2011 3:38:02 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The pipe has been ended.
1/7/2011 3:36:01 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The pipe has been ended.
1/7/2011 2:28:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
1/7/2011 2:16:50 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 7 time(s).
1/7/2011 2:16:50 PM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 7 time(s).
1/7/2011 2:16:44 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 6 time(s).
1/7/2011 2:16:44 PM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 6 time(s).
1/7/2011 2:14:55 PM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 5 time(s).
1/7/2011 2:11:49 PM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 4 time(s).
1/7/2011 2:09:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Server service to connect.
1/7/2011 2:09:07 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
1/7/2011 2:09:07 AM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/7/2011 12:18:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The pipe has been ended.
1/7/2011 12:18:44 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The pipe has been ended.
1/7/2011 12:06:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
1/7/2011 12:06:40 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/7/2011 12:05:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x972de830, 0x00000002, 0x00000000, 0x833a1fb6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010711-37984-01.
1/7/2011 12:02:30 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/7/2011 11:07:17 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 5 time(s).
1/7/2011 10:45:31 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 9 time(s).
1/7/2011 10:45:31 PM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 3 time(s).
1/7/2011 10:40:30 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/7/2011 10:38:29 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 5 time(s).
1/7/2011 10:21:10 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 53 time(s).
1/7/2011 10:21:04 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 52 time(s).
1/7/2011 10:20:56 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 51 time(s).
1/7/2011 10:20:51 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 50 time(s).
1/7/2011 10:20:20 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 49 time(s).
1/7/2011 10:20:15 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 48 time(s).
1/7/2011 10:19:49 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 47 time(s).
1/7/2011 10:19:43 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 46 time(s).
1/6/2011 9:40:47 PM, Error: Microsoft Antimalware [2001] -
1/6/2011 9:31:32 AM, Error: Service Control Manager [7034] - The Application Management service terminated unexpectedly. It has done this 1 time(s).
1/6/2011 9:27:17 AM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
1/6/2011 9:15:53 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/6/2011 9:15:53 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
1/6/2011 9:15:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
1/6/2011 8:44:24 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
1/6/2011 8:44:13 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
1/6/2011 7:47:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
1/6/2011 7:47:56 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/6/2011 7:45:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wbengine service.
1/6/2011 3:09:50 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 3 time(s).
1/6/2011 11:58:25 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running.
1/6/2011 11:57:43 PM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The pipe has been ended.
1/6/2011 11:05:52 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
1/6/2011 11:00:51 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s).
1/13/2011 3:03:40 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
1/13/2011 3:03:40 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
1/13/2011 3:01:40 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/13/2011 2:12:15 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/13/2011 2:10:15 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/13/2011 2:10:15 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The pipe has been ended.
1/13/2011 1:53:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
1/13/2011 1:53:10 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/13/2011 1:16:40 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
1/13/2011 1:16:40 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
1/13/2011 1:14:40 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/12/2011 9:23:28 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
1/12/2011 6:08:19 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 8 time(s).
1/12/2011 6:08:19 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 8 time(s).
1/12/2011 6:08:19 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 8 time(s).
1/12/2011 5:25:01 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 7 time(s).
1/12/2011 5:25:01 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 7 time(s).
1/12/2011 5:25:01 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 7 time(s).
1/12/2011 4:38:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000004, 0x00000002, 0x00000000, 0x8288f123). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011211-30609-01.
1/12/2011 3:55:35 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 6 time(s).
1/12/2011 3:55:35 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 6 time(s).
1/12/2011 3:55:35 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 6 time(s).
1/12/2011 2:37:37 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 5 time(s).
1/12/2011 2:37:37 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s).
1/12/2011 2:37:37 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 5 time(s).
1/12/2011 2:37:37 AM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 4 time(s).
1/12/2011 2:37:37 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 3 time(s).
1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).
1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).
1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
1/12/2011 12:10:34 PM, Error: Service Control Manager [7038] - The MMCSS service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/12/2011 12:10:34 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not start due to a logon failure.
1/12/2011 12:10:34 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The pipe has been ended.
1/12/2011 11:56:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
1/12/2011 11:56:42 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/12/2011 11:54:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
1/12/2011 11:54:42 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/12/2011 11:21:18 AM, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
1/12/2011 11:00:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
1/12/2011 11:00:24 AM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/12/2011 11:00:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
1/12/2011 10:57:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/12/2011 10:37:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
1/12/2011 10:37:24 AM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/12/2011 1:53:15 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/12/2011 1:28:23 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 4 time(s).
1/12/2011 1:28:23 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s).
1/12/2011 1:28:23 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 4 time(s).
1/12/2011 1:28:23 AM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 4 time(s).

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
cured 1 issue

here is the log

I have not yet had any more redirects. Thank you sooooo much if it keeps working. Quick question. Why didn't any anti virus or other of the steps come up with anything malware?

2011/01/13 17:02:23.0241 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/13 17:02:23.0241 ================================================================================
2011/01/13 17:02:23.0256 SystemInfo:
2011/01/13 17:02:23.0256
2011/01/13 17:02:23.0256 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/13 17:02:23.0256 Product type: Workstation
2011/01/13 17:02:23.0256 ComputerName: JONATHAN-PC
2011/01/13 17:02:23.0256 UserName: Jonathan
2011/01/13 17:02:23.0256 Windows directory: C:\Windows
2011/01/13 17:02:23.0256 System windows directory: C:\Windows
2011/01/13 17:02:23.0256 Processor architecture: Intel x86
2011/01/13 17:02:23.0256 Number of processors: 1
2011/01/13 17:02:23.0256 Page size: 0x1000
2011/01/13 17:02:23.0256 Boot type: Normal boot
2011/01/13 17:02:23.0256 ================================================================================
2011/01/13 17:02:24.0538 Initialize success
2011/01/13 17:02:27.0475 ================================================================================
2011/01/13 17:02:27.0475 Scan started
2011/01/13 17:02:27.0475 Mode: Manual;
2011/01/13 17:02:27.0475 ================================================================================
2011/01/13 17:02:29.0772 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/13 17:02:29.0866 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/13 17:02:29.0975 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/13 17:02:30.0084 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/13 17:02:30.0194 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/13 17:02:30.0366 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/13 17:02:30.0475 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/01/13 17:02:30.0678 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/01/13 17:02:30.0772 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/13 17:02:30.0866 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/01/13 17:02:31.0069 ALCXWDM (292ce6f164008e825d71c07fd0265943) C:\Windows\system32\drivers\ALCXWDM.SYS
2011/01/13 17:02:31.0334 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/13 17:02:31.0413 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/01/13 17:02:31.0475 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/13 17:02:31.0569 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/13 17:02:31.0631 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/13 17:02:31.0725 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/13 17:02:31.0834 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/13 17:02:31.0913 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/13 17:02:32.0272 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/01/13 17:02:32.0397 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/01/13 17:02:32.0491 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/13 17:02:32.0584 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/13 17:02:32.0663 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/13 17:02:32.0819 athr (ac4adac154563ab41cc79b0257bc685a) C:\Windows\system32\DRIVERS\athr.sys
2011/01/13 17:02:33.0084 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/01/13 17:02:33.0178 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/01/13 17:02:33.0334 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/01/13 17:02:33.0444 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/01/13 17:02:33.0569 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/01/13 17:02:33.0819 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/13 17:02:33.0913 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/13 17:02:33.0975 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/13 17:02:34.0053 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/13 17:02:34.0163 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/01/13 17:02:34.0241 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/13 17:02:34.0319 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/13 17:02:34.0397 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/13 17:02:34.0475 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/13 17:02:34.0616 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/13 17:02:34.0928 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/13 17:02:35.0038 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/13 17:02:35.0116 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/01/13 17:02:35.0209 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/13 17:02:35.0272 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/13 17:02:35.0366 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/01/13 17:02:35.0444 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/13 17:02:35.0725 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/13 17:02:35.0819 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/13 17:02:35.0959 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/01/13 17:02:36.0100 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/01/13 17:02:36.0194 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/01/13 17:02:36.0319 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/01/13 17:02:36.0475 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/01/13 17:02:36.0756 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/13 17:02:37.0006 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/01/13 17:02:37.0334 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/13 17:02:37.0444 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/13 17:02:37.0584 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/01/13 17:02:37.0678 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/01/13 17:02:37.0803 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/13 17:02:37.0913 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/01/13 17:02:37.0991 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/01/13 17:02:38.0194 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/13 17:02:38.0256 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/01/13 17:02:38.0397 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/01/13 17:02:38.0506 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/13 17:02:38.0584 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/13 17:02:38.0694 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/13 17:02:38.0866 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/13 17:02:38.0944 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/13 17:02:39.0022 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/13 17:02:39.0084 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/13 17:02:39.0288 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/13 17:02:39.0459 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/13 17:02:39.0584 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/13 17:02:39.0678 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/01/13 17:02:39.0788 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/13 17:02:39.0897 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/13 17:02:40.0100 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/13 17:02:40.0225 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/13 17:02:40.0350 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/13 17:02:40.0444 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/13 17:02:40.0538 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/13 17:02:40.0663 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/13 17:02:40.0756 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/01/13 17:02:40.0850 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/01/13 17:02:40.0928 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/13 17:02:41.0100 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/13 17:02:41.0334 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/13 17:02:41.0428 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/13 17:02:41.0522 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/13 17:02:41.0631 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/13 17:02:41.0913 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/13 17:02:42.0100 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/13 17:02:42.0397 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/13 17:02:42.0522 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/13 17:02:42.0616 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/13 17:02:42.0850 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/01/13 17:02:42.0944 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/13 17:02:43.0022 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/13 17:02:43.0241 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/01/13 17:02:43.0319 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/13 17:02:43.0381 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/13 17:02:43.0428 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/13 17:02:43.0522 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/01/13 17:02:43.0631 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/13 17:02:43.0678 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/13 17:02:44.0053 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/01/13 17:02:45.0194 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/13 17:02:45.0288 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/13 17:02:45.0381 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/13 17:02:46.0553 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/13 17:02:46.0756 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/13 17:02:47.0038 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/01/13 17:02:47.0194 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/13 17:02:47.0272 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/13 17:02:47.0491 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/13 17:02:47.0678 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/13 17:02:47.0803 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/01/13 17:02:47.0881 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/01/13 17:02:47.0991 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/13 17:02:48.0053 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/01/13 17:02:48.0163 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/13 17:02:48.0241 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/01/13 17:02:48.0397 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/13 17:02:48.0678 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/01/13 17:02:48.0756 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/13 17:02:48.0850 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/13 17:02:48.0944 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/13 17:02:49.0006 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/13 17:02:49.0100 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/01/13 17:02:49.0178 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/13 17:02:49.0225 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/13 17:02:49.0459 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/13 17:02:49.0553 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/01/13 17:02:49.0647 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/13 17:02:49.0788 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/01/13 17:02:49.0928 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/01/13 17:02:50.0038 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/13 17:02:50.0194 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/13 17:02:50.0256 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/13 17:02:50.0303 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/13 17:02:50.0428 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/01/13 17:02:50.0491 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/01/13 17:02:50.0553 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/01/13 17:02:50.0616 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/01/13 17:02:50.0694 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/13 17:02:50.0772 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/13 17:02:50.0881 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/01/13 17:02:50.0991 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/01/13 17:02:51.0444 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/13 17:02:51.0522 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/01/13 17:02:51.0663 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/13 17:02:51.0788 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/01/13 17:02:52.0022 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/13 17:02:52.0256 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/13 17:02:52.0334 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/13 17:02:52.0413 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/13 17:02:52.0491 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/13 17:02:52.0584 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/13 17:02:52.0694 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/13 17:02:52.0756 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/13 17:02:52.0819 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/13 17:02:52.0897 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/13 17:02:52.0975 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/13 17:02:53.0053 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/01/13 17:02:53.0319 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/13 17:02:53.0397 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/13 17:02:53.0616 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/01/13 17:02:53.0709 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/01/13 17:02:53.0928 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/13 17:02:54.0053 RTL8023xp (4e20765744bfbc16f6d6e5bd5598786b) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/01/13 17:02:54.0256 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/01/13 17:02:54.0366 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/13 17:02:54.0475 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/13 17:02:54.0631 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/13 17:02:54.0788 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/13 17:02:54.0881 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/01/13 17:02:54.0944 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/13 17:02:55.0038 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/13 17:02:55.0084 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/13 17:02:55.0147 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/13 17:02:55.0209 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/13 17:02:55.0303 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/01/13 17:02:55.0381 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/13 17:02:55.0491 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/13 17:02:55.0694 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/01/13 17:02:55.0788 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/01/13 17:02:55.0928 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/01/13 17:02:56.0053 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/13 17:02:56.0147 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/13 17:02:56.0288 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/01/13 17:02:56.0553 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/13 17:02:56.0709 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/01/13 17:02:56.0819 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/01/13 17:02:56.0881 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/13 17:02:57.0116 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/01/13 17:02:57.0350 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/13 17:02:57.0459 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/13 17:02:57.0569 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/01/13 17:02:57.0616 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/01/13 17:02:57.0694 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/13 17:02:57.0772 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/13 17:02:58.0178 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/13 17:02:58.0303 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/13 17:02:58.0397 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/13 17:02:58.0663 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/13 17:02:58.0897 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/13 17:02:58.0991 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/13 17:02:59.0053 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/13 17:02:59.0147 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/13 17:02:59.0209 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/13 17:02:59.0303 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/13 17:02:59.0491 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/13 17:02:59.0631 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/13 17:02:59.0725 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/13 17:02:59.0834 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/13 17:03:00.0006 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/13 17:03:00.0475 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/13 17:03:00.0756 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/13 17:03:00.0975 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/01/13 17:03:01.0053 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/13 17:03:01.0147 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/01/13 17:03:01.0584 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/01/13 17:03:01.0709 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/13 17:03:01.0788 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/01/13 17:03:02.0038 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/01/13 17:03:02.0569 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/13 17:03:02.0913 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/01/13 17:03:03.0131 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/13 17:03:03.0272 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/13 17:03:03.0350 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/01/13 17:03:03.0444 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/01/13 17:03:03.0538 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/13 17:03:03.0600 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/13 17:03:03.0616 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/13 17:03:03.0772 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/01/13 17:03:04.0788 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/13 17:03:05.0631 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/13 17:03:05.0725 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/01/13 17:03:05.0897 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/13 17:03:06.0147 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/13 17:03:06.0381 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/01/13 17:03:06.0803 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/13 17:03:07.0131 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/13 17:03:07.0147 ================================================================================
2011/01/13 17:03:07.0147 Scan finished
2011/01/13 17:03:07.0147 ================================================================================
2011/01/13 17:03:07.0178 Detected object count: 1
2011/01/13 17:03:16.0116 \HardDisk0 - will be cured after reboot
2011/01/13 17:03:16.0225 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/13 17:03:21.0194 Deinitialize success
 
Good news :)
We're not done yet, though...
You have to keep in mind, that there is no perfect security program.
A lot depends on your computer habits.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
combo and other

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 184):
0x82800000 \SystemRoot\system32\ntoskrnl.exe
0x82C00000 \SystemRoot\system32\halmacpi.dll
0x80BCE000 \SystemRoot\system32\kdcom.dll
0x87426000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8749E000 \SystemRoot\system32\PSHED.dll
0x874AF000 \SystemRoot\system32\BOOTVID.dll
0x874B7000 \SystemRoot\system32\CLFS.SYS
0x874F9000 \SystemRoot\system32\CI.dll
0x875A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x87615000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x87623000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8766B000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x87674000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8767C000 \SystemRoot\system32\DRIVERS\pci.sys
0x876A6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x876B1000 \SystemRoot\System32\drivers\partmgr.sys
0x876C2000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x876CA000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x876D5000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x876E5000 \SystemRoot\System32\drivers\volmgrx.sys
0x87730000 \SystemRoot\system32\DRIVERS\intelide.sys
0x87737000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x87745000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x87773000 \SystemRoot\System32\drivers\mountmgr.sys
0x87789000 \SystemRoot\system32\DRIVERS\atapi.sys
0x87792000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x877B5000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x877BE000 \SystemRoot\system32\drivers\fltmgr.sys
0x87400000 \SystemRoot\system32\drivers\fileinfo.sys
0x87411000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x87818000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87947000 \SystemRoot\System32\Drivers\msrpc.sys
0x87972000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87985000 \SystemRoot\System32\Drivers\cng.sys
0x879E2000 \SystemRoot\System32\drivers\pcw.sys
0x879F0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x879F9000 \SystemRoot\system32\drivers\ndis.sys
0x87AB0000 \SystemRoot\system32\drivers\NETIO.SYS
0x87AEE000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x87C22000 \SystemRoot\System32\drivers\tcpip.sys
0x87D6B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87D9C000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x87DA5000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x87DE4000 \SystemRoot\System32\Drivers\spldr.sys
0x87DEC000 \SystemRoot\System32\drivers\rdyboost.sys
0x87E19000 \SystemRoot\System32\Drivers\mup.sys
0x87E29000 \SystemRoot\System32\drivers\hwpolicy.sys
0x87E31000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x87E63000 \SystemRoot\system32\DRIVERS\disk.sys
0x87E74000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x87ECB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87EEA000 \SystemRoot\System32\Drivers\Null.SYS
0x87EF1000 \SystemRoot\System32\Drivers\Beep.SYS
0x87EF8000 \SystemRoot\System32\drivers\vga.sys
0x87F04000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x87F25000 \SystemRoot\System32\drivers\watchdog.sys
0x87F32000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x87F3A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x87F42000 \SystemRoot\system32\drivers\rdprefmp.sys
0x87F4A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x87F55000 \SystemRoot\System32\Drivers\Npfs.SYS
0x87F63000 \SystemRoot\system32\DRIVERS\tdx.sys
0x87F7A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x87F85000 \SystemRoot\system32\drivers\afd.sys
0x87B13000 \SystemRoot\System32\DRIVERS\netbt.sys
0x87FDF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x87C00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x87FE6000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x87B45000 \SystemRoot\system32\DRIVERS\netbios.sys
0x87B53000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x87B66000 \SystemRoot\system32\DRIVERS\termdd.sys
0x87FF7000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x87B76000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x87BB7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x87BC1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x87BCB000 \SystemRoot\System32\drivers\discache.sys
0x8E433000 \SystemRoot\system32\drivers\csc.sys
0x8E497000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E4AF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8E4BD000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8E4E3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E504000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E516000 \SystemRoot\system32\DRIVERS\vgapnp.sys
0x8E523000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E52E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E579000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E588000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x8E5B4000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x8E5C3000 \SystemRoot\system32\DRIVERS\athr.sys
0x8E6F0000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x8E6FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E6FE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E716000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E723000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E81E000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0x8EA4B000 \SystemRoot\system32\drivers\portcls.sys
0x8EA7A000 \SystemRoot\system32\drivers\drmk.sys
0x8EA93000 \SystemRoot\system32\drivers\ks.sys
0x8EAC7000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8EBCD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EBCF000 \SystemRoot\system32\drivers\modem.sys
0x8EBDC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8EBE9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8E800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E730000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E73B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E75D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E775000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E78C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E7A3000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8E818000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E7AD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E7BB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E400000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E411000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E41E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8E429000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x87E99000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x91480000 \SystemRoot\System32\win32k.sys
0x87EAA000 \SystemRoot\System32\drivers\Dxapi.sys
0x916D0000 \SystemRoot\System32\drivers\dxg.sys
0x87EB4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x91700000 \SystemRoot\System32\TSDDD.dll
0x91780000 \SystemRoot\System32\framebuf.dll
0x91790000 \SystemRoot\System32\ATMFD.DLL
0x87BD7000 \SystemRoot\system32\drivers\luafv.sys
0x87800000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8D006000 \SystemRoot\system32\drivers\WudfPf.sys
0x8D020000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D030000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D076000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8D086000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8D099000 \SystemRoot\system32\drivers\HTTP.sys
0x8D11E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8D137000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8D149000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8D16C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8D1A7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8D1DA000 \SystemRoot\system32\drivers\peauth.sys
0x8D271000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8D27B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8D29C000 \SystemRoot\System32\drivers\tcpipreg.sys
0x8D2A9000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8D2F8000 \SystemRoot\System32\DRIVERS\srv.sys
0x77A50000 \Windows\System32\ntdll.dll
0x47A60000 \Windows\System32\smss.exe
0x77C90000 \Windows\System32\apisetschema.dll
0x00280000 \Windows\System32\autochk.exe
0x77BE0000 \Windows\System32\usp10.dll
0x77940000 \Windows\System32\urlmon.dll
0x777E0000 \Windows\System32\ole32.dll
0x77730000 \Windows\System32\msvcrt.dll
0x776D0000 \Windows\System32\difxapi.dll
0x76A80000 \Windows\System32\shell32.dll
0x77BD0000 \Windows\System32\lpk.dll
0x77BC0000 \Windows\System32\nsi.dll
0x769B0000 \Windows\System32\user32.dll
0x768D0000 \Windows\System32\kernel32.dll
0x76820000 \Windows\System32\rpcrt4.dll
0x767D0000 \Windows\System32\gdi32.dll
0x76700000 \Windows\System32\msctf.dll
0x77BB0000 \Windows\System32\normaliz.dll
0x76680000 \Windows\System32\comdlg32.dll
0x76480000 \Windows\System32\iertutil.dll
0x76440000 \Windows\System32\ws2_32.dll
0x762A0000 \Windows\System32\setupapi.dll
0x76270000 \Windows\System32\imagehlp.dll
0x761D0000 \Windows\System32\advapi32.dll
0x77B90000 \Windows\System32\sechost.dll
0x76140000 \Windows\System32\oleaut32.dll
0x760F0000 \Windows\System32\Wldap32.dll
0x75FD0000 \Windows\System32\wininet.dll
0x75FB0000 \Windows\System32\imm32.dll
0x75FA0000 \Windows\System32\psapi.dll
0x75F40000 \Windows\System32\shlwapi.dll
0x75EB0000 \Windows\System32\clbcatq.dll
0x75E80000 \Windows\System32\xmllite.dll
0x75E30000 \Windows\System32\KernelBase.dll
0x75E00000 \Windows\System32\wintrust.dll
0x75DD0000 \Windows\System32\cfgmgr32.dll
0x75D40000 \Windows\System32\comctl32.dll
0x75D20000 \Windows\System32\devobj.dll
0x75C00000 \Windows\System32\crypt32.dll
0x75BF0000 \Windows\System32\msasn1.dll

Processes (total 41):
0 System Idle Process
4 System
264 C:\Windows\System32\smss.exe
356 csrss.exe
404 C:\Windows\System32\wininit.exe
412 csrss.exe
452 C:\Windows\System32\winlogon.exe
488 C:\Windows\System32\services.exe
496 C:\Windows\System32\lsass.exe
504 C:\Windows\System32\lsm.exe
620 C:\Windows\System32\svchost.exe
696 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\spoolsv.exe
1376 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1392 C:\Windows\System32\taskhost.exe
1424 C:\Windows\System32\svchost.exe
1508 C:\Windows\System32\dwm.exe
1524 C:\Windows\explorer.exe
1884 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1908 C:\Program Files\Winamp\winampa.exe
1940 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1948 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2016 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
364 C:\Windows\System32\svchost.exe
1152 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1544 C:\Windows\System32\conhost.exe
2440 C:\Windows\System32\SearchIndexer.exe
2948 C:\Program Files\Windows Media Player\wmpnetwk.exe
2152 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\audiodg.exe
2816 C:\Windows\System32\taskhost.exe
916 C:\Windows\System32\SearchProtocolHost.exe
2272 C:\Windows\System32\SearchFilterHost.exe
4080 C:\Users\Jonathan\Desktop\MBRCheck.exe
3440 C:\Windows\System32\conhost.exe
3148 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: IC25N060ATMR04-0, Rev: MO3OAD4A

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

ComboFix 11-01-12.04 - Jonathan 01/13/2011 17:53:55.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.598 [GMT -5:00]
Running from: c:\users\Jonathan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
.

2011-01-13 23:07 . 2011-01-13 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-13 22:25 . 2011-01-13 22:25 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 8
2011-01-13 09:10 . 2010-11-16 17:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CAABC97-26B0-4246-A273-33BC8A253EF8}\mpengine.dll
2011-01-13 06:18 . 2011-01-13 06:18 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Avira
2011-01-13 06:08 . 2011-01-13 06:08 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Malwarebytes
2011-01-13 06:08 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-13 06:08 . 2011-01-13 06:08 -------- d-----w- c:\programdata\Malwarebytes
2011-01-13 06:07 . 2011-01-13 06:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 06:07 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-13 05:16 . 2010-12-13 13:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-13 05:16 . 2010-12-13 13:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-13 05:16 . 2011-01-13 05:16 -------- d-----w- c:\programdata\Avira
2011-01-13 05:16 . 2011-01-13 05:16 -------- d-----w- c:\program files\Avira
2011-01-13 04:21 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-13 04:21 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2011-01-13 04:21 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-01-13 04:21 . 2010-08-16 06:15 804864 ----a-w- c:\windows\system32\FntCache.dll
2011-01-13 04:21 . 2010-08-16 06:14 1076224 ----a-w- c:\windows\system32\DWrite.dll
2011-01-13 04:21 . 2010-08-16 06:14 737280 ----a-w- c:\windows\system32\d2d1.dll
2011-01-13 04:21 . 2010-08-16 06:14 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-13 04:21 . 2010-08-16 06:14 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-13 04:20 . 2010-05-09 09:15 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-13 04:20 . 2010-05-09 09:15 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-13 04:19 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-01-13 04:19 . 2011-01-13 04:19 -------- d-----w- c:\program files\Feedback Tool
2011-01-09 22:17 . 2011-01-09 22:17 -------- dc----w- c:\windows\system32\DRVSTORE
2011-01-09 22:17 . 2011-01-10 06:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-09 22:17 . 2011-01-10 06:00 -------- d-----w- c:\program files\Symantec
2011-01-09 22:15 . 2011-01-10 06:00 -------- d-----w- c:\program files\Norton 360
2011-01-09 22:15 . 2011-01-10 06:00 -------- d-----w- c:\programdata\Norton
2011-01-09 22:15 . 2011-01-09 22:15 -------- d-----w- c:\program files\NortonInstaller
2011-01-07 15:13 . 2011-01-07 22:46 -------- d-----w- c:\programdata\BDLogging
2011-01-07 07:40 . 2011-01-10 06:00 -------- d-----w- C:\294a13f0dec86ff325e1
2011-01-07 05:24 . 2010-11-12 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-07 04:47 . 2011-01-07 04:47 -------- d-----w- c:\program files\MSSOAP
2011-01-07 04:32 . 2011-01-07 04:32 -------- d-----w- c:\users\Jonathan\AppData\Roaming\QuickScan
2011-01-07 04:31 . 2011-01-10 06:00 -------- d-----w- c:\program files\Common Files\BitDefender
2011-01-07 04:31 . 2011-01-13 06:21 581108 ----a-w- c:\programdata\bdinstall.bin
2011-01-06 19:30 . 2011-01-07 05:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-06 19:30 . 2011-01-07 05:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-01-06 19:17 . 2011-01-06 19:17 -------- d-----w- c:\windows\Sun
2011-01-06 13:50 . 2011-01-07 02:22 -------- d-----w- c:\program files\7-Zip
2010-12-31 20:59 . 2010-12-31 20:59 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-12-31 19:36 . 2010-12-31 19:36 -------- d-----w- c:\program files\Adobe Media Player
2010-12-31 06:28 . 2010-12-31 06:28 -------- d-----w- c:\program files\uTorrent
2010-12-31 06:27 . 2011-01-07 02:23 -------- d-----w- c:\users\Jonathan\AppData\Roaming\uTorrent
2010-12-26 04:10 . 2010-12-26 04:10 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Hulabee
2010-12-26 04:01 . 2010-12-26 04:01 -------- d-----w- c:\users\Jonathan\AppData\Local\RadonLabs
2010-12-26 03:58 . 2010-12-26 03:58 -------- d-----w- c:\program files\OXXOGames
2010-12-26 03:08 . 2000-07-17 19:41 70088 ----a-w- c:\windows\system32\Project2-1.ocx
2010-12-26 03:08 . 1999-03-26 05:00 101888 ----a-w- c:\windows\system32\Vb6stkit.dll
2010-12-26 03:06 . 2011-01-07 02:23 -------- d-----w- c:\program files\eGames
2010-12-25 22:31 . 2010-12-25 22:31 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Ascaron Entertainment
2010-12-25 22:22 . 2010-12-25 22:34 -------- d-----w- c:\program files\Cinemaware Marquee
2010-12-21 18:48 . 2010-12-21 18:48 -------- d-----w- c:\program files\MSECache
2010-12-16 02:11 . 2011-01-13 17:12 -------- d-----w- c:\windows\rescache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 20:11 . 2010-12-04 20:45 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-01-13 20:00 . 2010-12-04 20:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-01-13 07:23 . 2010-12-12 01:12 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-01-13 07:23 . 2010-12-12 01:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-12-14 20:12 . 2010-12-14 20:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-6\Microsoft.MediaCenter.Sports.UI.dll
2010-12-12 01:13 . 2010-12-12 01:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-12-10 07:54 . 2010-12-10 07:54 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-04 20:47 . 2010-12-04 20:47 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-12-04 20:42 . 2010-12-04 20:42 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-12 23:53 . 2010-12-04 17:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 20:51 . 2010-12-01 11:16 222080 ----a-w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-12 39408]
"Google Update"="c:\users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-12 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-03 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]


--- Other Services/Drivers In Memory ---

*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder

2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 21:42]

2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 21:42]

2011-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2741316650-2310179391-170530555-1000Core.job
- c:\users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 21:42]

2011-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2741316650-2310179391-170530555-1000UA.job
- c:\users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 21:42]

2011-01-13 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]

2010-12-27 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-04-06 21:30]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\rronn2c0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{00F2C0C6-2194-484E-9064-44E57787867B} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-13 18:12:04
ComboFix-quarantined-files.txt 2011-01-13 23:12

Pre-Run: 39,254,740,992 bytes free
Post-Run: 38,949,752,832 bytes free

- - End Of File - - 129840A52BE096F557EE1BF7E27BA919
 
Those look fine :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL and extra

this is the otl txt run 3, extras only happened on run 1. forgot to check all users twice, thats why there was more than one run

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

OTL Extras logfile created on: 1/13/2011 7:45:30 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Jonathan\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 572.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.79 Gb Total Space | 36.33 Gb Free Space | 65.12% Space Free | Partition Type: NTFS

Computer Name: JONATHAN-PC | User Name: Jonathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2741316650-2310179391-170530555-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox 4.0b8 (x86 en-US)" = Mozilla Firefox 4.0b8 (x86 en-US)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Peggle Deluxe" = Peggle Deluxe
"TV Guide Crosswords" = TV Guide Crosswords
"uTorrent" = µTorrent
"Winamp" = Winamp

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2741316650-2310179391-170530555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Blingo" = Blingo
"Extreme Animal Puzzles" = Extreme Animal Puzzles
"Extreme Bugs Puzzles" = Extreme Bugs Puzzles
"Extreme Orchid Puzzles" = Extreme Orchid Puzzles
"Geo Jump" = Geo Jump
"Google Chrome" = Google Chrome
"Hangman Wild West II" = Hangman Wild West II
"Mahjongg Jr." = Mahjongg Jr.
"Mega Match" = Mega Match
"Memory Machine" = Memory Machine
"Puzzle Master 3 SE" = Puzzle Master 3 SE
"Snakes and Ladders" = Snakes and Ladders
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/13/2011 1:05:02 AM | Computer Name = Jonathan-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.7930.16406 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 48c Start
Time: 01cbb2df600b2137 Termination Time: 16 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 1/13/2011 2:14:34 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
id: 0x414 Faulting application start time: 0x01cbb2e79e5c21fe Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 6392ae52-1edc-11e0-8108-000fb058a757

Error - 1/13/2011 3:10:12 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
id: 0x378 Faulting application start time: 0x01cbb2eeb61825ac Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 295da33c-1ee4-11e0-8a3f-000fb058a757

Error - 1/13/2011 4:01:39 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
id: 0xfc0 Faulting application start time: 0x01cbb2f0edb5447f Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 592a170f-1eeb-11e0-8a3f-000fb058a757

Error - 1/13/2011 4:16:22 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.7930.16406,
time stamp: 0x4c7e0414 Faulting module name: swg.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4cabdb21 Exception code: 0xc0000005 Fault offset: 0x1000a58e Faulting
process id: 0xb54 Faulting application start time: 0x01cbb2fa0b473a32 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: swg.dll
Report
Id: 67c2a904-1eed-11e0-8a3f-000fb058a757

Error - 1/13/2011 4:23:59 AM | Computer Name = Jonathan-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.7930.16406 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: be4 Start
Time: 01cbb2f44463ef4c Termination Time: 16 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 1/13/2011 4:24:38 AM | Computer Name = Jonathan-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.7930.16406 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: cf4 Start
Time: 01cbb2fb3a0856ca Termination Time: 32 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 1/13/2011 4:24:57 AM | Computer Name = Jonathan-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.7930.16406 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 468 Start
Time: 01cbb2fb5168a536 Termination Time: 16 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 1/13/2011 4:25:21 AM | Computer Name = Jonathan-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.7930.16406 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d74 Start
Time: 01cbb2fb5c95ab16 Termination Time: 47 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 1/13/2011 6:26:50 PM | Computer Name = Jonathan-PC | Source = Application Hang | ID = 1002
Description = The program setup.exe version 1.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 9e8 Start Time:
01cbb370ce9e3558 Termination Time: 28 Application Path: C:\Users\Jonathan\AppData\Local\Temp\7zSF4D8.tmp\setup.exe

Report
Id: 33b8f346-1f64-11e0-b7bf-000fb058a757

[ Media Center Events ]
Error - 12/11/2010 6:09:58 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
Description = 5:09:58 AM - Error connecting to the internet. 5:09:58 AM - Unable
to contact server..

Error - 12/11/2010 6:10:47 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
Description = 5:10:45 AM - Error connecting to the internet. 5:10:45 AM - Unable
to contact server..

Error - 1/7/2011 3:18:35 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
Description = 2:18:35 AM - Error connecting to the internet. 2:18:35 AM - Unable
to contact server..

Error - 1/7/2011 3:23:09 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
Description = 2:19:23 AM - Error connecting to the internet. 2:19:23 AM - Unable
to contact server..

Error - 1/7/2011 4:26:04 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
Description = 3:26:04 AM - Error connecting to the internet. 3:26:04 AM - Unable
to contact server..

Error - 1/7/2011 4:28:56 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
Description = 3:26:52 AM - Error connecting to the internet. 3:26:52 AM - Unable
to contact server..

Error - 1/7/2011 5:33:39 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
Description = 4:33:39 AM - Error connecting to the internet. 4:33:39 AM - Unable
to contact server..

Error - 1/7/2011 5:36:23 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
Description = 4:34:26 AM - Error connecting to the internet. 4:34:26 AM - Unable
to contact server..

Error - 1/7/2011 6:41:06 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
Description = 5:41:06 AM - Error connecting to the internet. 5:41:06 AM - Unable
to contact server..

Error - 1/7/2011 6:43:49 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
Description = 5:41:54 AM - Error connecting to the internet. 5:41:54 AM - Unable
to contact server..

[ System Events ]
Error - 1/13/2011 4:01:40 AM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 2 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 1/13/2011 4:01:40 AM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in
300000 milliseconds: Restart the service.

Error - 1/13/2011 4:01:40 AM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7034
Description = The Windows Update service terminated unexpectedly. It has done this
2 time(s).

Error - 1/13/2011 4:03:40 AM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056

Error - 1/13/2011 4:03:40 AM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Background Intelligent Transfer
Service service, but this action failed with the following error: %%1056

Error - 1/13/2011 1:10:38 PM | Computer Name = Jonathan-PC | Source = DCOM | ID = 10010
Description =

Error - 1/13/2011 1:18:51 PM | Computer Name = Jonathan-PC | Source = DCOM | ID = 10010
Description =

Error - 1/13/2011 6:50:53 PM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/13/2011 6:53:30 PM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/13/2011 7:07:33 PM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >
 
otl

OTL logfile created on: 1/13/2011 8:01:20 PM - Run 3
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Jonathan\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 412.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.79 Gb Total Space | 36.33 Gb Free Space | 65.11% Space Free | Partition Type: NTFS

Computer Name: JONATHAN-PC | User Name: Jonathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/13 19:36:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe
PRC - [2010/12/16 15:45:38 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
PRC - [2010/12/16 15:45:26 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/12 16:42:59 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


========== Modules (SafeList) ==========

MOD - [2011/01/13 19:36:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/03 17:31:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/16 01:15:05 | 000,804,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2008/08/05 00:56:27 | 002,278,784 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2741316650-2310179391-170530555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2741316650-2310179391-170530555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2741316650-2310179391-170530555-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/12/12 16:42:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/01/13 17:25:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2011/01/13 17:36:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Extensions
[2011/01/13 17:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\sp3jt2d3.default\extensions
[2011/01/13 17:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\sp3jt2d3.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011/01/13 17:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/07 00:24:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/13 17:25:52 | 000,000,000 | ---D | M] (Feedback) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM
[2010/12/12 16:42:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\PROGRAMDATA\GOOGLE\TOOLBAR FOR FIREFOX\{3112CA9C-DE6D-4884-A869-9855DE68056C}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/01/09 22:03:46 | 000,001,093 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O1 - Hosts: 127.0.0.1 coo0lnet.net
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2741316650-2310179391-170530555-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-2741316650-2310179391-170530555-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2741316650-2310179391-170530555-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2741316650-2310179391-170530555-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2741316650-2310179391-170530555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
otl part2

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2011/01/13 19:36:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe
[2011/01/13 18:12:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/13 18:10:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/13 17:51:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/13 17:51:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/13 17:51:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/13 17:51:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/13 17:50:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/13 17:50:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/13 17:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 8
[2011/01/13 17:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 8
[2011/01/13 17:02:07 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\tdsskiller
[2011/01/13 01:18:55 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\Avira
[2011/01/13 01:08:24 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\Malwarebytes
[2011/01/13 01:08:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/13 01:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/13 01:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/13 01:07:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/13 01:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/13 01:06:25 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jonathan\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/13 00:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/01/13 00:16:44 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/01/13 00:16:43 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/01/13 00:16:43 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/01/13 00:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/01/13 00:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/01/12 23:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2011/01/09 17:17:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/01/09 17:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/01/09 17:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/01/09 17:15:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/01/09 17:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/01/09 17:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/01/09 17:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/01/09 17:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/01/09 16:52:23 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/01/07 10:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2011/01/07 02:40:52 | 000,000,000 | ---D | C] -- C:\294a13f0dec86ff325e1
[2011/01/07 00:05:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/01/06 23:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2011/01/06 23:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/01/06 23:32:42 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\QuickScan
[2011/01/06 23:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2011/01/06 14:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/01/06 14:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/06 14:17:47 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/01/06 08:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/12/31 15:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/12/31 15:58:27 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\Adobe Scripts
[2010/12/31 14:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/12/31 14:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2010/12/31 01:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/12/31 01:27:40 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\uTorrent
[2010/12/26 23:03:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/12/25 23:10:08 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\Hulabee
[2010/12/25 23:01:06 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Local\RadonLabs
[2010/12/25 22:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\OXXOGames
[2010/12/25 22:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eGames
[2010/12/25 22:08:59 | 000,070,088 | ---- | C] (xx) -- C:\Windows\System32\Project2-1.ocx
[2010/12/25 22:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\eGames
[2010/12/25 17:32:23 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2010/12/25 17:31:03 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\Ascaron Entertainment
[2010/12/25 17:31:03 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\Ascaron Entertainment
[2010/12/25 17:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cinemaware Marquee
[2010/12/25 17:22:08 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\Cinemaware Marquee
[2010/12/25 17:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Cinemaware Marquee
[2010/12/21 13:52:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/12/21 13:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/12/15 21:11:33 | 000,000,000 | ---D | C] -- C:\Windows\rescache

========== Files - Modified Within 30 Days ==========

[2011/01/13 19:47:12 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/13 19:36:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe
[2011/01/13 19:09:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2741316650-2310179391-170530555-1000UA.job
[2011/01/13 18:00:00 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/01/13 17:47:11 | 004,154,145 | R--- | M] () -- C:\Users\Jonathan\Desktop\ComboFix.exe
[2011/01/13 17:43:44 | 000,080,384 | ---- | M] () -- C:\Users\Jonathan\Desktop\MBRCheck.exe
[2011/01/13 17:25:57 | 000,002,061 | ---- | M] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 8.lnk
[2011/01/13 17:25:57 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 8.lnk
[2011/01/13 17:10:56 | 000,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/13 17:10:56 | 000,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/13 17:09:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2741316650-2310179391-170530555-1000Core.job
[2011/01/13 17:05:33 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/13 17:05:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/13 17:05:03 | 797,827,072 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/13 17:01:14 | 001,231,390 | ---- | M] () -- C:\Users\Jonathan\Desktop\tdsskiller.zip
[2011/01/13 01:21:59 | 000,581,108 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2011/01/13 01:17:44 | 000,296,448 | ---- | M] () -- C:\Users\Jonathan\Desktop\b3u3knj1.exe
[2011/01/13 01:08:05 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 01:07:12 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jonathan\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/13 00:17:03 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/01/12 23:28:28 | 000,001,367 | ---- | M] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/12 16:37:59 | 180,021,366 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/09 22:03:46 | 000,001,093 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/07 18:03:23 | 000,000,140 | ---- | M] () -- C:\ProgramData\search_result.xml
[2011/01/07 15:04:37 | 003,013,203 | ---- | M] () -- C:\Users\Jonathan\Desktop\BDSP_JONATHAN-PC_2011_01_07_15_04.zip
[2011/01/06 23:56:27 | 000,000,415 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2011/01/06 21:09:16 | 000,066,285 | ---- | M] () -- C:\Users\Jonathan\Documents\virepot.docx
[2011/01/01 11:21:49 | 003,762,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/31 01:40:52 | 000,012,743 | ---- | M] () -- C:\Users\Jonathan\Desktop\key code photo.docx
[2010/12/31 01:28:27 | 000,000,897 | ---- | M] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/12/31 01:28:27 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/12/27 00:06:12 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2010/12/25 23:20:32 | 000,000,049 | ---- | M] () -- C:\Windows\extreme.ini
[2010/12/25 23:20:28 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Extreme Orchid Puzzles.lnk
[2010/12/25 23:19:19 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Extreme Bugs Puzzles.lnk
[2010/12/25 23:18:07 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Puzzle Master 3 SE.lnk
[2010/12/25 23:15:30 | 000,000,023 | ---- | M] () -- C:\Windows\Memory.INI
[2010/12/25 23:15:29 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Memory Machine.lnk
[2010/12/25 23:14:55 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Mega Match.lnk
[2010/12/25 23:10:06 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Mahjongg Jr..lnk
[2010/12/25 23:06:31 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Geo Jump.lnk
[2010/12/25 22:58:26 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Viva Game Center.lnk
[2010/12/25 22:43:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/25 22:43:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/25 22:43:36 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Extreme Animal Puzzles.lnk
[2010/12/25 22:32:34 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Blingo.lnk
[2010/12/25 22:29:42 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Snakes and Ladders.lnk
[2010/12/25 22:14:09 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\Hangman Wild West II.lnk
[2010/12/21 13:52:27 | 000,001,061 | ---- | M] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/19 11:31:20 | 000,103,424 | ---- | M] () -- C:\Users\Jonathan\Documents\b card gary.pub
[2010/12/15 17:42:36 | 000,002,661 | ---- | M] () -- C:\Users\Jonathan\Desktop\Microsoft Word 2010.lnk

========== Files Created - No Company Name ==========

[2011/01/13 17:51:37 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/13 17:51:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/13 17:51:37 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/13 17:51:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/13 17:51:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/13 17:46:54 | 004,154,145 | R--- | C] () -- C:\Users\Jonathan\Desktop\ComboFix.exe
[2011/01/13 17:43:42 | 000,080,384 | ---- | C] () -- C:\Users\Jonathan\Desktop\MBRCheck.exe
[2011/01/13 17:25:57 | 000,002,061 | ---- | C] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 8.lnk
[2011/01/13 17:25:57 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 8.lnk
[2011/01/13 17:01:13 | 001,231,390 | ---- | C] () -- C:\Users\Jonathan\Desktop\tdsskiller.zip
[2011/01/13 01:17:44 | 000,296,448 | ---- | C] () -- C:\Users\Jonathan\Desktop\b3u3knj1.exe
[2011/01/13 01:08:05 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 00:17:03 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/01/12 23:22:57 | 000,072,533 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/01/07 18:01:13 | 000,000,140 | ---- | C] () -- C:\ProgramData\search_result.xml
[2011/01/07 15:04:29 | 003,013,203 | ---- | C] () -- C:\Users\Jonathan\Desktop\BDSP_JONATHAN-PC_2011_01_07_15_04.zip
[2011/01/07 00:05:12 | 180,021,366 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/06 23:56:27 | 000,000,415 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2011/01/06 23:31:28 | 000,581,108 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/01/06 21:09:14 | 000,066,285 | ---- | C] () -- C:\Users\Jonathan\Documents\virepot.docx
[2010/12/31 01:40:51 | 000,012,743 | ---- | C] () -- C:\Users\Jonathan\Desktop\key code photo.docx
[2010/12/31 01:28:27 | 000,000,897 | ---- | C] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/12/31 01:28:27 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/12/25 23:20:32 | 000,000,049 | ---- | C] () -- C:\Windows\extreme.ini
[2010/12/25 23:20:28 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Extreme Orchid Puzzles.lnk
[2010/12/25 23:19:19 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\Extreme Bugs Puzzles.lnk
[2010/12/25 23:18:07 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Puzzle Master 3 SE.lnk
[2010/12/25 23:15:30 | 000,000,023 | ---- | C] () -- C:\Windows\Memory.INI
[2010/12/25 23:15:29 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Memory Machine.lnk
[2010/12/25 23:14:55 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Mega Match.lnk
[2010/12/25 23:10:06 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Mahjongg Jr..lnk
[2010/12/25 23:06:31 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Geo Jump.lnk
[2010/12/25 22:58:26 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Viva Game Center.lnk
[2010/12/25 22:43:47 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/12/25 22:43:47 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/12/25 22:43:35 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Extreme Animal Puzzles.lnk
[2010/12/25 22:32:34 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\Blingo.lnk
[2010/12/25 22:29:42 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Snakes and Ladders.lnk
[2010/12/25 22:14:09 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\Hangman Wild West II.lnk
[2010/12/21 13:52:27 | 000,001,061 | ---- | C] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/12/19 11:24:49 | 000,103,424 | ---- | C] () -- C:\Users\Jonathan\Documents\b card gary.pub
[2010/12/01 05:30:46 | 000,156,672 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll

========== LOP Check ==========

[2010/12/25 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Ascaron Entertainment
[2010/12/03 18:23:44 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DriverCure
[2010/12/25 23:10:08 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Hulabee
[2010/12/12 13:07:31 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Oberon Media
[2011/01/06 23:32:42 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\QuickScan
[2011/01/06 21:23:20 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\uTorrent
[2011/01/13 18:00:00 | 000,000,450 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2010/12/27 00:06:12 | 000,000,424 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/01/13 03:01:39 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/01/13 01:20:18 | 000,014,024 | ---- | M] () -- C:\bdlog.txt
[2011/01/13 18:12:05 | 000,013,319 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/13 17:05:03 | 797,827,072 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/25 22:43:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/25 22:43:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/13 17:05:04 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2011/01/13 17:03:21 | 000,060,650 | ---- | M] () -- C:\TDSSKiller.2.4.13.0_13.01.2011_17.02.23_log.txt
[2011/01/13 17:18:27 | 000,001,980 | ---- | M] () -- C:\TDSSKiller.2.4.13.0_13.01.2011_17.18.21_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/01/12 23:28:28 | 000,000,221 | -HS- | M] () -- C:\Users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/13 01:17:44 | 000,296,448 | ---- | M] () -- C:\Users\Jonathan\Desktop\b3u3knj1.exe
[2011/01/13 17:47:11 | 004,154,145 | R--- | M] () -- C:\Users\Jonathan\Desktop\ComboFix.exe
[2011/01/13 01:07:12 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jonathan\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/13 17:43:44 | 000,080,384 | ---- | M] () -- C:\Users\Jonathan\Desktop\MBRCheck.exe
[2011/01/13 19:36:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/12/09 15:31:48 | 000,000,402 | -HS- | M] () -- C:\Users\Jonathan\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/01/13 01:21:59 | 000,581,108 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2011/01/07 18:03:23 | 000,000,140 | ---- | M] () -- C:\ProgramData\search_result.xml

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2011/01/13 01:22:00 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011/01/13 01:20:22 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:8BCBFAE0

< End of report >
 
You're running two AV programs, Microsoft Security Essentials and Avira.
One of them has to go. Your choice.

=========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-2741316650-2310179391-170530555-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2011/01/09 17:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/01/09 17:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/01/09 17:15:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/01/09 17:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/01/09 17:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/01/09 17:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/01/09 17:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:8BCBFAE0

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
logs

Here are the last 2 logs OTL & checkup. No threats were found by the online scan.

I was also wondering. during the online scan I saw several files being scanned for bit defender and other programs that I thought i had uninstalled and gotten rid of, how can i make sure that files and folders related to uninstalled programs are deleted.

Again thank you so much for all of your help. the computer has been working great.


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-2741316650-2310179391-170530555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Program Files\Common Files\Symantec Shared\EENGINE folder moved successfully.
C:\Program Files\Common Files\Symantec Shared folder moved successfully.
C:\Program Files\Symantec folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.33\16\02 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.33\16 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.33 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\1f\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\1f folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\1d\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\1d folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\19\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\19 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\16\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\16 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\15\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\15 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\14\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\14 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\13\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\13 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\12\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\12 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\11\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\11 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\10\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\10 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\0e\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\0e folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\0c\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\0c folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\0b\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\0b folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\0a\03 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\0a folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\09\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\09 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\07\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\07 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\06\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\06 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\05\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\05 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\04\02 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\04\01 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32\04 folder moved successfully.
C:\Program Files\Norton 360\MUI\4.1.0.32 folder moved successfully.
C:\Program Files\Norton 360\MUI folder moved successfully.
C:\Program Files\Norton 360\Engine\4.2.0.12\x86\x86 folder moved successfully.
C:\Program Files\Norton 360\Engine\4.2.0.12\x86 folder moved successfully.
C:\Program Files\Norton 360\Engine\4.2.0.12\spmanifests folder moved successfully.
C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt folder moved successfully.
C:\Program Files\Norton 360\Engine\4.2.0.12\jobs folder moved successfully.
C:\Program Files\Norton 360\Engine\4.2.0.12\images folder moved successfully.
C:\Program Files\Norton 360\Engine\4.2.0.12\ccglog folder moved successfully.
C:\Program Files\Norton 360\Engine\4.2.0.12\ccgevt\global folder moved successfully.
C:\Program Files\Norton 360\Engine\4.2.0.12\ccgevt folder moved successfully.
C:\Program Files\Norton 360\Engine\4.2.0.12\cache\tificocs.symantec.com folder moved successfully.
C:\Program Files\Norton 360\Engine\4.2.0.12\cache folder moved successfully.
C:\Program Files\Norton 360\Engine\4.2.0.12 folder moved successfully.
C:\Program Files\Norton 360\Engine folder moved successfully.
C:\Program Files\Norton 360\Branding\zh-CN folder moved successfully.
C:\Program Files\Norton 360\Branding\nl-NL folder moved successfully.
C:\Program Files\Norton 360\Branding\fr-FR folder moved successfully.
C:\Program Files\Norton 360\Branding\en-US folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\1F\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\1F folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\1D\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\1D folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\19\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\19 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\16\02 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\16\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\16 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\15\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\15 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\14\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\14 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\13\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\13 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\12\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\12 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\11\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\11 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\10\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\10 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\0E\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\0E folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\0C\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\0C folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\0B\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\0B folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\0A\03 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\0A folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\09\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\09 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\07\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\07 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\06\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\06 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\05\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\05 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\04\02 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\04\01 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127\04 folder moved successfully.
C:\Program Files\Norton 360\Branding\4.0.0.127 folder moved successfully.
C:\Program Files\Norton 360\Branding folder moved successfully.
C:\Program Files\Norton 360 folder moved successfully.
Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp scheduled to be moved on reboot.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\symnetdrv folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\SymDS\Temp folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\SymDS folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\SRTSP folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\SPManifests folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\QuickStart folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\QBackup\{8796FA8A-8E61-44BB-9755-B9E8BEE9C1D8} folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\QBackup folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Product folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\1f\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\1f folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\1d\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\1d folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\19\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\19 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\16\02 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\16\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\16 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\15\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\15 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\14\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\14 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\13\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\13 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\12\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\12 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\11\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\11 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\10\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\10 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\0e\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\0e folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\0c\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\0c folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\0b\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\0b folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\0a\03 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\0a folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\09\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\09 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\07\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\07 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\06\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\06 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\05\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\05 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\04\02 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\04\01 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\04 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\NUM folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\NPC folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\NCW folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\NCO folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\LuReg folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\LUFallback folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Lue\Logs folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Lue\Downloads folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Lue folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Logs folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IRON folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\chrome\skin folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\chrome folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPS folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\ErrorManagement\Tasks folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\ErrorManagement\SCD folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\ErrorManagement\Queue folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\ErrorManagement folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\DuLuCbkPkg folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\diStRptr folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs\newdefs-trigger folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs\BinHub folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs\20110110.001 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\TextHub folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\tagfiles folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\newdefs-trigger folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\BinHub folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110109.003 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronWhitelistDefs\newdefs-trigger folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronWhitelistDefs\BinHub folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronWhitelistDefs\20110107.009 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronWhitelistDefs folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronSettingsDefs\newdefs-trigger folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronSettingsDefs\BinHub folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronSettingsDefs\20100908.040 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronSettingsDefs folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronRevocationDefs\newdefs-trigger folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronRevocationDefs\BinHub folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronRevocationDefs\20110107.032 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronRevocationDefs folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\newdefs-trigger folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\BinHub folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110107.002 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\newdefs-trigger folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\BinHub folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\AntispamDefs\newdefs-trigger folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\AntispamDefs\BinHub folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\AntispamDefs\20110109.022 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\AntispamDefs folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Connections folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\content folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\chrome\skin folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\chrome folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt\_lck folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt\ErrorInstances folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt\ccSubSDK folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt\ccSetMgr folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt\ccJobMgr folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt\ccGLog folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt\ccGEvt\Global folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt\ccGEvt folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CLT folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\BASH folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Backup folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\AntiSpam folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127 folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps folder moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7} folder moved successfully.
C:\ProgramData\Norton\00000082\0000010f\000004b6 folder moved successfully.
C:\ProgramData\Norton\00000082\0000010f folder moved successfully.
C:\ProgramData\Norton\00000082 folder moved successfully.
C:\ProgramData\Norton folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-21h20m54s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-20h08m17s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h28m32s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h28m27s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h28m23s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h28m17s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h28m12s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h28m08s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h28m04s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m59s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m54s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m50s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m45s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m41s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m36s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m31s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m25s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m20s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m15s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m10s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m04s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h26m59s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h26m58s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h26m52s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h15m19s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h15m09s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs folder moved successfully.
C:\ProgramData\NortonInstaller folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\_lck folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\1f\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\1f folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\1d\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\1d folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\19\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\19 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\16\02 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\16\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\16 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\15\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\15 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\14\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\14 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\13\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\13 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\12\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\12 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\11\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\11 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\10\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\10 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\0e\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\0e folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\0c\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\0c folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\0b\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\0b folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\0a\03 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\0a folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\09\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\09 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\07\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\07 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\06\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\06 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\05\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\05 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\04\02 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\04\01 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\04 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360 folder moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7} folder moved successfully.
C:\Program Files\NortonInstaller folder moved successfully.
ADS C:\ProgramData\TEMP:8BCBFAE0 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jonathan
->Temp folder emptied: 806772 bytes
->Temporary Internet Files folder emptied: 50390535 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70727776 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 48090 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 395966 bytes

Total Files Cleaned = 117.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jonathan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.2 log created on 01132011_210129

Files\Folders moved on Reboot...
File\Folder C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp not found!

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader X
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````
 
I saw several files being scanned for bit defender and other programs that I thought i had uninstalled and gotten rid of, how can i make sure that files and folders related to uninstalled programs are deleted
Click to expand...
Those files are not active, just taking space. If you want to get rid of them, there is no other way, but just through a search.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
running great thanks will update if anything changes

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jonathan
->Temp folder emptied: 1197 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51580959 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 566 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 49.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jonathan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.20.2 log created on 01132011_233349

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Status
Not open for further replies.

Similar threads

D
OLED burn-in could soon be a thing of the past thanks to innovative blue LED technique
Replies
8
Views
170
toooooot
T
Itamyl
I built a fresh PC, but no screen
Replies
2
Views
184
Nelson28
N
Hodsocks
Multi monitor issue
Replies
1
Views
463
Hodsocks
Hodsocks

Latest posts

Back