1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved google.com won't load

Discussion in 'Malware and Virus Removal Archive' started by BOBBO, 2011/03/01.

Page 2 of 2
  1. 2011/03/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #21
  2. 2011/03/02
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    2011/03/02 16:36:18.0765 0556 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
    2011/03/02 16:36:19.0124 0556 ================================================================================
    2011/03/02 16:36:19.0124 0556 SystemInfo:
    2011/03/02 16:36:19.0124 0556
    2011/03/02 16:36:19.0124 0556 OS Version: 6.1.7600 ServicePack: 0.0
    2011/03/02 16:36:19.0124 0556 Product type: Workstation
    2011/03/02 16:36:19.0124 0556 ComputerName: GAYLE-PC
    2011/03/02 16:36:19.0124 0556 UserName: Gayle
    2011/03/02 16:36:19.0124 0556 Windows directory: C:\Windows
    2011/03/02 16:36:19.0124 0556 System windows directory: C:\Windows
    2011/03/02 16:36:19.0124 0556 Running under WOW64
    2011/03/02 16:36:19.0124 0556 Processor architecture: Intel x64
    2011/03/02 16:36:19.0124 0556 Number of processors: 4
    2011/03/02 16:36:19.0124 0556 Page size: 0x1000
    2011/03/02 16:36:19.0124 0556 Boot type: Normal boot
    2011/03/02 16:36:19.0124 0556 ================================================================================
    2011/03/02 16:36:19.0560 0556 Initialize success
    2011/03/02 16:36:31.0260 2700 ================================================================================
    2011/03/02 16:36:31.0260 2700 Scan started
    2011/03/02 16:36:31.0260 2700 Mode: Manual;
    2011/03/02 16:36:31.0260 2700 ================================================================================
    2011/03/02 16:36:31.0635 2700 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/03/02 16:36:31.0682 2700 Acceler (7a505465bbb1eb8b5ad4d76e8749383b) C:\Windows\system32\DRIVERS\Accelern.sys
    2011/03/02 16:36:31.0744 2700 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/03/02 16:36:31.0791 2700 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/03/02 16:36:31.0838 2700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/03/02 16:36:31.0884 2700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/03/02 16:36:31.0931 2700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/03/02 16:36:32.0025 2700 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2011/03/02 16:36:32.0072 2700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2011/03/02 16:36:32.0118 2700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2011/03/02 16:36:32.0181 2700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2011/03/02 16:36:32.0228 2700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/03/02 16:36:32.0243 2700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/03/02 16:36:32.0306 2700 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/03/02 16:36:32.0352 2700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/03/02 16:36:32.0384 2700 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/03/02 16:36:32.0430 2700 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2011/03/02 16:36:32.0493 2700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/03/02 16:36:32.0508 2700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/03/02 16:36:32.0555 2700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/03/02 16:36:32.0618 2700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2011/03/02 16:36:32.0680 2700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/03/02 16:36:32.0727 2700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/03/02 16:36:32.0774 2700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/03/02 16:36:32.0914 2700 BHDrvx64 (0163c18a9ebc4a76542790cec49f5120) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20110225.002\BHDrvx64.sys
    2011/03/02 16:36:32.0976 2700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/03/02 16:36:33.0023 2700 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/03/02 16:36:33.0054 2700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/03/02 16:36:33.0086 2700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/03/02 16:36:33.0117 2700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/03/02 16:36:33.0132 2700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/03/02 16:36:33.0164 2700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/03/02 16:36:33.0179 2700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/03/02 16:36:33.0210 2700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/03/02 16:36:33.0257 2700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/03/02 16:36:33.0304 2700 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/03/02 16:36:33.0351 2700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/03/02 16:36:33.0398 2700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/03/02 16:36:33.0491 2700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/03/02 16:36:33.0538 2700 cmdGuard (f5e7e85bcd94a829eea83819cab7e4df) C:\Windows\system32\DRIVERS\cmdguard.sys
    2011/03/02 16:36:33.0569 2700 cmdHlp (77a022dedf973e07f13b377b63ee71aa) C:\Windows\system32\DRIVERS\cmdhlp.sys
    2011/03/02 16:36:33.0600 2700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/03/02 16:36:33.0647 2700 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2011/03/02 16:36:33.0678 2700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/03/02 16:36:33.0694 2700 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/03/02 16:36:33.0741 2700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/03/02 16:36:33.0788 2700 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
    2011/03/02 16:36:33.0834 2700 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2011/03/02 16:36:33.0866 2700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/03/02 16:36:33.0897 2700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/03/02 16:36:33.0959 2700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/03/02 16:36:34.0022 2700 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/03/02 16:36:34.0131 2700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/03/02 16:36:34.0271 2700 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    2011/03/02 16:36:34.0334 2700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/03/02 16:36:34.0380 2700 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2011/03/02 16:36:34.0412 2700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2011/03/02 16:36:34.0490 2700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/03/02 16:36:34.0536 2700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/03/02 16:36:34.0583 2700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/03/02 16:36:34.0630 2700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/03/02 16:36:34.0646 2700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/03/02 16:36:34.0677 2700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/03/02 16:36:34.0708 2700 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2011/03/02 16:36:34.0739 2700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/03/02 16:36:34.0755 2700 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/03/02 16:36:34.0802 2700 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/03/02 16:36:34.0833 2700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/03/02 16:36:34.0895 2700 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/03/02 16:36:34.0926 2700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/03/02 16:36:34.0958 2700 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/03/02 16:36:35.0004 2700 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    2011/03/02 16:36:35.0036 2700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/03/02 16:36:35.0067 2700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/03/02 16:36:35.0098 2700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/03/02 16:36:35.0160 2700 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/03/02 16:36:35.0207 2700 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/03/02 16:36:35.0238 2700 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2011/03/02 16:36:35.0285 2700 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2011/03/02 16:36:35.0316 2700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/03/02 16:36:35.0379 2700 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/03/02 16:36:35.0410 2700 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/03/02 16:36:35.0550 2700 IDSVia64 (6f9b281bc4afff5fe784d7da699d347f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20110302.001\IDSvia64.sys
    2011/03/02 16:36:35.0753 2700 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
    2011/03/02 16:36:35.0956 2700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/03/02 16:36:36.0003 2700 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    2011/03/02 16:36:36.0065 2700 inspect (cd9a470cd342224b2052e37c907426d0) C:\Windows\system32\DRIVERS\inspect.sys
    2011/03/02 16:36:36.0159 2700 IntcAzAudAddService (491dadcc74327fabc85e0ab80af8f204) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/03/02 16:36:36.0206 2700 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
    2011/03/02 16:36:36.0221 2700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2011/03/02 16:36:36.0252 2700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/03/02 16:36:36.0299 2700 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/03/02 16:36:36.0330 2700 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/03/02 16:36:36.0346 2700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/03/02 16:36:36.0408 2700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/03/02 16:36:36.0440 2700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/03/02 16:36:36.0471 2700 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/03/02 16:36:36.0518 2700 JMCR (08ed99a8271cf0b808c595d88ecee779) C:\Windows\system32\DRIVERS\jmcr.sys
    2011/03/02 16:36:36.0564 2700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/03/02 16:36:36.0580 2700 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/03/02 16:36:36.0627 2700 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2011/03/02 16:36:36.0674 2700 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/03/02 16:36:36.0705 2700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/03/02 16:36:36.0767 2700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/03/02 16:36:36.0830 2700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/03/02 16:36:36.0845 2700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/03/02 16:36:36.0876 2700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/03/02 16:36:36.0908 2700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/03/02 16:36:36.0939 2700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/03/02 16:36:36.0954 2700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/03/02 16:36:37.0001 2700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/03/02 16:36:37.0032 2700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/03/02 16:36:37.0048 2700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/03/02 16:36:37.0095 2700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/03/02 16:36:37.0126 2700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/03/02 16:36:37.0157 2700 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2011/03/02 16:36:37.0188 2700 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2011/03/02 16:36:37.0204 2700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/03/02 16:36:37.0251 2700 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2011/03/02 16:36:37.0298 2700 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/03/02 16:36:37.0329 2700 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/03/02 16:36:37.0360 2700 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/03/02 16:36:37.0407 2700 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
    2011/03/02 16:36:37.0438 2700 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/03/02 16:36:37.0500 2700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/03/02 16:36:37.0547 2700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/03/02 16:36:37.0578 2700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/03/02 16:36:37.0641 2700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/03/02 16:36:37.0672 2700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/03/02 16:36:37.0703 2700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/03/02 16:36:37.0750 2700 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2011/03/02 16:36:37.0781 2700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/03/02 16:36:37.0797 2700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/03/02 16:36:37.0828 2700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/03/02 16:36:37.0859 2700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/03/02 16:36:37.0922 2700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/03/02 16:36:38.0015 2700 NAVENG (7be93dbb02b66e72872ff76d8a92e662) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110301.020\ENG64.SYS
    2011/03/02 16:36:38.0062 2700 NAVEX15 (be99edbba322ca59b3f2fe17b9bf987a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110301.020\EX64.SYS
    2011/03/02 16:36:38.0140 2700 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2011/03/02 16:36:38.0202 2700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/03/02 16:36:38.0234 2700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/03/02 16:36:38.0265 2700 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/03/02 16:36:38.0296 2700 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/03/02 16:36:38.0343 2700 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2011/03/02 16:36:38.0358 2700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/03/02 16:36:38.0390 2700 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2011/03/02 16:36:38.0592 2700 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
    2011/03/02 16:36:38.0733 2700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/03/02 16:36:38.0764 2700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/03/02 16:36:38.0811 2700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/03/02 16:36:38.0873 2700 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
    2011/03/02 16:36:38.0936 2700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/03/02 16:36:38.0998 2700 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
    2011/03/02 16:36:39.0029 2700 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    2011/03/02 16:36:39.0076 2700 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
    2011/03/02 16:36:39.0294 2700 nvlddmkm (011f0596d167d073e6813ae88e7947a9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/03/02 16:36:39.0372 2700 nvpciflt (2bcc53e4ba1acc9b63595c4ae7361ad3) C:\Windows\system32\DRIVERS\nvpciflt.sys
    2011/03/02 16:36:39.0419 2700 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/03/02 16:36:39.0466 2700 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/03/02 16:36:39.0513 2700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/03/02 16:36:39.0560 2700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/03/02 16:36:39.0606 2700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/03/02 16:36:39.0638 2700 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2011/03/02 16:36:39.0731 2700 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
    2011/03/02 16:36:39.0794 2700 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2011/03/02 16:36:39.0825 2700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2011/03/02 16:36:39.0872 2700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/03/02 16:36:39.0887 2700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/03/02 16:36:39.0934 2700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/03/02 16:36:40.0059 2700 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/03/02 16:36:40.0074 2700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/03/02 16:36:40.0121 2700 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2011/03/02 16:36:40.0168 2700 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/03/02 16:36:40.0215 2700 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
    2011/03/02 16:36:40.0277 2700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/03/02 16:36:40.0340 2700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/03/02 16:36:40.0371 2700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/03/02 16:36:40.0418 2700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/03/02 16:36:40.0480 2700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/03/02 16:36:40.0527 2700 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/03/02 16:36:40.0558 2700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/03/02 16:36:40.0605 2700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/03/02 16:36:40.0636 2700 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/03/02 16:36:40.0652 2700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/03/02 16:36:40.0683 2700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/03/02 16:36:40.0714 2700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/03/02 16:36:40.0745 2700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/03/02 16:36:40.0776 2700 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2011/03/02 16:36:40.0808 2700 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2011/03/02 16:36:40.0854 2700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/03/02 16:36:40.0901 2700 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/03/02 16:36:40.0932 2700 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/03/02 16:36:40.0979 2700 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/03/02 16:36:41.0010 2700 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/03/02 16:36:41.0057 2700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/03/02 16:36:41.0088 2700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/03/02 16:36:41.0120 2700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/03/02 16:36:41.0151 2700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/03/02 16:36:41.0198 2700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/03/02 16:36:41.0213 2700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/03/02 16:36:41.0244 2700 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/03/02 16:36:41.0276 2700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/03/02 16:36:41.0307 2700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/03/02 16:36:41.0322 2700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/03/02 16:36:41.0369 2700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/03/02 16:36:41.0400 2700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/03/02 16:36:41.0494 2700 SRTSP (9a359fb3d10c9de23edc427ada8ac8be) C:\Windows\system32\drivers\NAVx64\1205000.07D\SRTSP64.SYS
    2011/03/02 16:36:41.0541 2700 SRTSPX (a14a9aaa8005d411ef1657601f55776d) C:\Windows\system32\drivers\NAVx64\1205000.07D\SRTSPX64.SYS
    2011/03/02 16:36:41.0588 2700 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    2011/03/02 16:36:41.0634 2700 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    2011/03/02 16:36:41.0681 2700 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/03/02 16:36:41.0744 2700 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
    2011/03/02 16:36:41.0806 2700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/03/02 16:36:41.0837 2700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2011/03/02 16:36:41.0931 2700 SymDS (6d33d1669b3b6193658129d1767a4aff) C:\Windows\system32\drivers\NAVx64\1205000.07D\SYMDS64.SYS
    2011/03/02 16:36:41.0978 2700 SymEFA (9acc52c79420236dcb1ab1a17ed0df2e) C:\Windows\system32\drivers\NAVx64\1205000.07D\SYMEFA64.SYS
    2011/03/02 16:36:42.0040 2700 SymEvent (84e27ca1a5af320a705e767ea53086e5) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2011/03/02 16:36:42.0087 2700 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NAVx64\1205000.07D\Ironx64.SYS
    2011/03/02 16:36:42.0134 2700 SymNetS (af56ca02f9dc706709c0a7df5c1dab82) C:\Windows\system32\drivers\NAVx64\1205000.07D\SYMNETS.SYS
    2011/03/02 16:36:42.0196 2700 SynTP (36f506c894e1ea59c65faf6398bdf49a) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/03/02 16:36:42.0305 2700 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    2011/03/02 16:36:42.0414 2700 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/03/02 16:36:42.0477 2700 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/03/02 16:36:42.0508 2700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/03/02 16:36:42.0539 2700 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/03/02 16:36:42.0570 2700 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/03/02 16:36:42.0602 2700 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2011/03/02 16:36:42.0664 2700 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/03/02 16:36:42.0695 2700 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/03/02 16:36:42.0742 2700 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
    2011/03/02 16:36:42.0804 2700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/03/02 16:36:42.0851 2700 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
    2011/03/02 16:36:42.0914 2700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/03/02 16:36:42.0945 2700 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2011/03/02 16:36:42.0976 2700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/03/02 16:36:43.0038 2700 usbccgp (945bfba692c0f3cdf5a9d824972188f6) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/03/02 16:36:43.0070 2700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/03/02 16:36:43.0101 2700 usbehci (b6942800840c9466223aefd4d9a74fbf) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/03/02 16:36:43.0163 2700 usbhub (85bc7b6ee233b4e979e024a3cd15cd49) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/03/02 16:36:43.0210 2700 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/03/02 16:36:43.0241 2700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/03/02 16:36:43.0288 2700 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/03/02 16:36:43.0319 2700 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/03/02 16:36:43.0366 2700 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
    2011/03/02 16:36:43.0428 2700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/03/02 16:36:43.0460 2700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/03/02 16:36:43.0491 2700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/03/02 16:36:43.0522 2700 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/03/02 16:36:43.0569 2700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2011/03/02 16:36:43.0616 2700 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/03/02 16:36:43.0631 2700 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2011/03/02 16:36:43.0694 2700 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/03/02 16:36:43.0740 2700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/03/02 16:36:43.0772 2700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/03/02 16:36:43.0803 2700 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/03/02 16:36:43.0850 2700 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/03/02 16:36:43.0881 2700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/03/02 16:36:43.0912 2700 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/02 16:36:43.0943 2700 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/02 16:36:43.0974 2700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/03/02 16:36:44.0021 2700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/03/02 16:36:44.0068 2700 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\Windows\system32\DRIVERS\WDKMD.sys
    2011/03/02 16:36:44.0115 2700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/03/02 16:36:44.0146 2700 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    2011/03/02 16:36:44.0177 2700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/03/02 16:36:44.0255 2700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/03/02 16:36:44.0286 2700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/03/02 16:36:44.0349 2700 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
    2011/03/02 16:36:44.0396 2700 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/03/02 16:36:44.0458 2700 ================================================================================
    2011/03/02 16:36:44.0458 2700 Scan finished
    2011/03/02 16:36:44.0458 2700 ================================================================================
     
    BOBBO,
    #22


  3. to hide this advert.

  4. 2011/03/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #23
  5. 2011/03/02
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here's the first half of the long OTL.txt report:

    OTL logfile created on: 3/2/2011 5:01:31 PM - Run 1
    OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Gayle\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 77.00% Memory free
    11.00 Gb Paging File | 10.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.07 Gb Total Space | 404.43 Gb Free Space | 89.66% Space Free | Partition Type: NTFS

    Computer Name: GAYLE-PC | User Name: Gayle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/02 16:55:48 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Gayle\Desktop\OTL.exe
    PRC - [2011/01/13 11:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    PRC - [2011/01/13 11:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2011/01/13 11:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    PRC - [2011/01/13 11:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
    PRC - [2010/09/24 08:21:20 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    PRC - [2010/08/19 16:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    PRC - [2010/08/12 10:18:10 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/08/12 10:10:32 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2010/06/30 15:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/06/30 15:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/04/26 21:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010/02/09 11:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    PRC - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    PRC - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2009/01/12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/02 16:55:48 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Gayle\Desktop\OTL.exe
    MOD - [2011/01/13 05:30:36 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/03/05 08:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/03/05 08:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2010/03/05 08:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2009/11/17 01:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/11/02 10:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2011/01/17 23:30:48 | 002,466,032 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files (x86)\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2011/01/13 11:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
    SRV - [2011/01/13 04:07:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe -- (NAV)
    SRV - [2010/08/12 10:18:10 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/08/12 10:10:32 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/06/30 15:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/06/30 15:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/02/01 22:16:33 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2011/01/13 05:30:41 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/01/13 05:30:41 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/13 05:30:23 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/30 21:24:00 | 000,382,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\symnets.sys -- (SymNetS)
    DRV:64bit: - [2010/11/22 20:08:32 | 000,735,864 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2010/11/22 20:08:32 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2010/11/17 18:59:55 | 000,802,864 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymEFA64.sys -- (SymEFA)
    DRV:64bit: - [2010/11/15 17:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\Ironx64.sys -- (SymIRON)
    DRV:64bit: - [2010/10/20 18:28:36 | 000,450,608 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymDS64.sys -- (SymDS)
    DRV:64bit: - [2010/09/26 22:13:16 | 000,169,048 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
    DRV:64bit: - [2010/08/20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
    DRV:64bit: - [2010/08/19 14:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
    DRV:64bit: - [2010/08/12 09:35:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2010/08/12 08:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2010/07/29 23:36:38 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
    DRV:64bit: - [2010/07/27 22:10:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/07/14 20:54:20 | 001,381,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/07/12 02:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
    DRV:64bit: - [2010/06/23 01:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/06/21 12:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2010/06/20 10:45:54 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/06/18 08:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/05/30 20:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
    DRV:64bit: - [2010/04/26 20:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/04/26 20:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/03/03 02:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/02/25 23:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/11/02 10:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2009/09/16 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2011/02/25 13:59:11 | 001,124,472 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20110225.002\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2011/02/01 22:22:56 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110301.020\EX64.SYS -- (NAVEX15)
    DRV - [2011/02/01 22:22:56 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2011/02/01 22:22:56 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/02/01 22:22:56 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110301.020\ENG64.SYS -- (NAVENG)
    DRV - [2010/11/10 17:46:29 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20110302.001\IDSviA64.sys -- (IDSVia64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3812855668-3064132733-4185535367-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKU\S-1-5-21-3812855668-3064132733-4185535367-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CProgram%20Files%20%28x86%29%5CSeaMonkey%5Csearchplugins%5Cgoogle.src "
    FF - prefs.js..browser.search.opensidebarsearchpanel: false
    FF - prefs.js..browser.startup.homepage: "http://www.google.com "
    FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.87.4
    FF - prefs.js..extensions.enabledItems: modern@themes.mozilla.org:1.0
    FF - prefs.js..network.proxy.share_proxy_settings: true

    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn\ [2011/02/01 22:16:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\SeaMonkey 2.0.11\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2011/02/17 14:09:26 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\SeaMonkey 2.0.11\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2011/02/17 14:41:26 | 000,000,000 | ---D | M]

    [2011/01/29 02:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gayle\AppData\Roaming\Mozilla\Extensions
    [2011/01/29 02:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gayle\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
    [2011/01/29 02:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gayle\AppData\Roaming\Mozilla\SeaMonkey\Profiles\1syerixe.default\extensions
    [2011/01/29 02:06:09 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\PROGRAM FILES (X86)\SEAMONKEY\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}

    O1 HOSTS File: ([2011/02/23 11:25:07 | 000,002,271 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 204.152.194.204 www.google.com
    O1 - Hosts: 204.152.194.204 google.com
    O1 - Hosts: 204.152.194.204 google.com.au
    O1 - Hosts: 204.152.194.204 www.google.com.au
    O1 - Hosts: 204.152.194.204 google.be
    O1 - Hosts: 204.152.194.204 www.google.be
    O1 - Hosts: 204.152.194.204 google.com.br
    O1 - Hosts: 204.152.194.204 www.google.com.br
    O1 - Hosts: 204.152.194.204 google.ca
    O1 - Hosts: 204.152.194.204 www.google.ca
    O1 - Hosts: 204.152.194.204 google.ch
    O1 - Hosts: 204.152.194.204 www.google.ch
    O1 - Hosts: 204.152.194.204 google.de
    O1 - Hosts: 204.152.194.204 www.google.de
    O1 - Hosts: 204.152.194.204 google.dk
    O1 - Hosts: 204.152.194.204 www.google.dk
    O1 - Hosts: 204.152.194.204 google.fr
    O1 - Hosts: 204.152.194.204 www.google.fr
    O1 - Hosts: 204.152.194.204 google.ie
    O1 - Hosts: 204.152.194.204 www.google.ie
    O1 - Hosts: 204.152.194.204 google.it
    O1 - Hosts: 204.152.194.204 www.google.it
    O1 - Hosts: 204.152.194.204 google.co.jp
    O1 - Hosts: 204.152.194.204 www.google.co.jp
    O1 - Hosts: 204.152.194.204 google.nl
    O1 - Hosts: 22 more lines...
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files (x86)\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
    O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKU\S-1-5-21-3812855668-3064132733-4185535367-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [ "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
    O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
    O4 - HKU\S-1-5-21-3812855668-3064132733-4185535367-1000..\RunOnce: [mctadmin] File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3812855668-3064132733-4185535367-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3812855668-3064132733-4185535367-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

     
    BOBBO,
    #24
  6. 2011/03/02
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    And here's the second half of the OTL.txt report:

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/02 16:55:48 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Gayle\Desktop\OTL.exe
    [2011/03/02 16:36:03 | 000,000,000 | ---D | C] -- C:\Desktop
    [2011/03/01 20:44:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/03/01 20:42:07 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/03/01 20:36:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/03/01 20:36:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/03/01 20:36:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/03/01 20:36:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/03/01 20:35:14 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/01 20:34:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/03/01 20:34:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/03/01 18:14:40 | 000,000,000 | ---D | C] -- C:\Users\Gayle\Documents\HostsXpert
    [2011/03/01 13:12:56 | 000,000,000 | ---D | C] -- C:\gmer
    [2011/03/01 12:47:04 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Gayle\Desktop\TFC.exe
    [2011/02/23 15:07:19 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\Diagnostics
    [2011/02/23 14:46:33 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\ElevatedDiagnostics
    [2011/02/23 11:20:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\ISZONE
    [2011/02/23 11:20:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\d41137
    [2011/02/21 19:17:35 | 000,000,000 | R--D | C] -- C:\Users\Gayle\Dropbox
    [2011/02/21 19:15:31 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    [2011/02/21 19:15:15 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\Dropbox
    [2011/02/21 18:58:39 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2011/02/21 18:58:13 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\Google
    [2011/02/21 18:57:56 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\Deployment
    [2011/02/21 18:57:56 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\Apps
    [2011/02/21 16:15:38 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\Apple Computer
    [2011/02/21 16:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/02/21 16:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/02/21 16:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2011/02/21 16:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/02/21 16:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    [2011/02/21 16:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2011/02/21 16:14:03 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/02/21 16:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2011/02/21 16:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/02/21 16:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2011/02/18 18:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2011/02/17 14:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    [2011/02/17 14:40:36 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\Epson
    [2011/02/17 14:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2011/02/17 14:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2011/02/17 14:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2011/02/17 14:08:56 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\Apple Computer
    [2011/02/17 14:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2011/02/17 14:08:24 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\Apple
    [2011/02/17 14:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2011/02/17 14:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF IFilter
    [2011/02/17 14:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
    [2011/02/17 14:00:51 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\Programs
    [2011/02/17 13:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX
    [2011/02/17 13:43:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Spool
    [2011/02/17 13:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Transfer
    [2011/02/17 13:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\muvee Technologies
    [2011/02/17 13:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon
    [2011/02/17 13:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
    [2011/02/17 13:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15
    [2011/02/17 13:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp
    [2011/02/17 13:39:48 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\ArcSoft
    [2011/02/17 13:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
    [2011/02/17 13:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
    [2011/02/17 13:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Panorama Maker 5
    [2011/02/17 13:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
    [2011/02/17 13:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
    [2011/02/17 13:38:22 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\ArcSoft
    [2011/02/17 13:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
    [2011/02/17 13:31:32 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\InstallShield
    [2011/02/17 13:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
    [2011/02/17 13:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
    [2011/02/17 13:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
    [2011/02/17 13:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
    [2011/02/17 13:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
    [2011/02/16 16:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nikon
    [2011/02/16 16:51:21 | 000,000,000 | ---D | C] -- C:\Users\Gayle\Nikon
    [2011/02/16 16:50:19 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\Foxit Software
    [2011/02/09 16:58:10 | 000,000,000 | ---D | C] -- C:\Users\Gayle\Documents\My Media
    [2011/02/09 16:57:56 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\OverDrive
    [2011/02/09 16:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive Media Console
    [2011/02/09 16:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OverDrive Media Console
    [2011/02/01 23:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
    [2011/02/01 22:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2011/02/01 22:43:14 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\Malwarebytes
    [2011/02/01 22:43:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/02/01 22:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/02/01 22:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/02/01 22:42:56 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/02/01 22:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/02/01 22:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    [2011/02/01 22:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
    [2011/02/01 22:35:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMODO
    [2011/02/01 22:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2011/02/01 22:18:56 | 000,000,000 | ---D | C] -- C:\Users\Gayle\Documents\Symantec
    [2011/02/01 22:16:33 | 000,174,640 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2011/02/01 22:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2011/02/01 22:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2011/02/01 22:16:25 | 000,802,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymEFA64.sys
    [2011/02/01 22:16:25 | 000,735,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtsp64.sys
    [2011/02/01 22:16:25 | 000,450,608 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymDS64.sys
    [2011/02/01 22:16:25 | 000,382,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\symnets.sys
    [2011/02/01 22:16:25 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\Ironx64.sys
    [2011/02/01 22:16:25 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtspx64.sys
    [2011/02/01 22:16:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
    [2011/02/01 22:16:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D
    [2011/02/01 22:16:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
    [2011/02/01 22:16:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
    [2011/02/01 22:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2011/02/01 22:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2011/02/01 22:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller

    ========== Files - Modified Within 30 Days ==========

    [2011/03/02 17:03:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3812855668-3064132733-4185535367-1002UA.job
    [2011/03/02 16:55:48 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Gayle\Desktop\OTL.exe
    [2011/03/02 16:34:43 | 001,261,440 | ---- | M] () -- C:\Users\Gayle\Desktop\tdsskiller.zip
    [2011/03/02 16:18:17 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/02 16:18:17 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/02 16:15:26 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/03/02 16:15:26 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/03/02 16:15:26 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/03/02 16:10:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/02 16:10:43 | 326,340,607 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/02 14:55:20 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2011/03/01 22:03:36 | 000,002,699 | ---- | M] () -- C:\Users\Gayle\Desktop\Google Chrome.lnk
    [2011/03/01 20:28:42 | 004,278,237 | R--- | M] () -- C:\Users\Gayle\Desktop\ComboFix.exe
    [2011/03/01 19:03:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3812855668-3064132733-4185535367-1002Core.job
    [2011/03/01 13:42:33 | 000,624,128 | ---- | M] () -- C:\Users\Gayle\Desktop\dds.scr
    [2011/03/01 13:39:14 | 000,080,384 | ---- | M] () -- C:\Users\Gayle\Desktop\MBRCheck.exe
    [2011/03/01 13:03:06 | 000,288,107 | ---- | M] () -- C:\Users\Gayle\Desktop\gmer.zip
    [2011/03/01 12:47:04 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gayle\Desktop\TFC.exe
    [2011/02/23 14:15:54 | 001,294,538 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\Cat.DB
    [2011/02/23 11:25:07 | 000,002,271 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/02/21 19:17:35 | 000,001,043 | ---- | M] () -- C:\Users\Gayle\Desktop\Dropbox.lnk
    [2011/02/21 16:15:30 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/02/17 14:45:19 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
    [2011/02/17 14:41:27 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2011/02/17 14:09:19 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/02/17 13:43:49 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\ViewNX.lnk
    [2011/02/17 13:43:02 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Podcasting
    [2011/02/17 13:43:02 | 000,000,268 | RH-- | M] () -- C:\Users\Gayle\AppData\Roaming\Plants
    [2011/02/17 13:43:02 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
    [2011/02/17 13:43:02 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Profiles
    [2011/02/17 13:42:12 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Nikon Transfer.lnk
    [2011/02/17 13:41:22 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Plug-Ins
    [2011/02/17 13:41:22 | 000,000,268 | RH-- | M] () -- C:\Users\Gayle\AppData\Roaming\Pipe Organ
    [2011/02/17 13:41:22 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
    [2011/02/17 13:41:22 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Printer Icons
    [2011/02/17 13:39:32 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\Panorama Maker 5.lnk
    [2011/02/17 13:28:16 | 000,000,060 | ---- | M] () -- C:\Windows\EPNX510.ini
    [2011/02/16 16:57:40 | 000,001,458 | ---- | M] () -- C:\Users\Gayle\Desktop\Nikon Manual.lnk
    [2011/02/09 16:57:07 | 000,002,525 | ---- | M] () -- C:\Users\Public\Desktop\OverDrive Media Console.lnk
    [2011/02/09 16:29:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2011/02/08 13:04:47 | 000,341,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/02/01 22:43:00 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/01 22:40:22 | 000,001,009 | ---- | M] () -- C:\Users\Gayle\Desktop\SpywareBlaster.lnk
    [2011/02/01 22:16:33 | 000,174,640 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2011/02/01 22:16:33 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2011/02/01 22:16:33 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2011/02/01 22:16:31 | 000,002,474 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk

    ========== Files Created - No Company Name ==========

    [2011/03/02 16:34:43 | 001,261,440 | ---- | C] () -- C:\Users\Gayle\Desktop\tdsskiller.zip
    [2011/03/01 20:36:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/03/01 20:36:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/03/01 20:36:06 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/03/01 20:36:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/03/01 20:36:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/03/01 20:28:34 | 004,278,237 | R--- | C] () -- C:\Users\Gayle\Desktop\ComboFix.exe
    [2011/03/01 13:42:33 | 000,624,128 | ---- | C] () -- C:\Users\Gayle\Desktop\dds.scr
    [2011/03/01 13:39:14 | 000,080,384 | ---- | C] () -- C:\Users\Gayle\Desktop\MBRCheck.exe
    [2011/03/01 13:03:04 | 000,288,107 | ---- | C] () -- C:\Users\Gayle\Desktop\gmer.zip
    [2011/02/21 19:17:35 | 000,001,043 | ---- | C] () -- C:\Users\Gayle\Desktop\Dropbox.lnk
    [2011/02/21 18:58:40 | 000,002,699 | ---- | C] () -- C:\Users\Gayle\Desktop\Google Chrome.lnk
    [2011/02/21 18:58:15 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3812855668-3064132733-4185535367-1002UA.job
    [2011/02/21 18:58:14 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3812855668-3064132733-4185535367-1002Core.job
    [2011/02/21 16:15:30 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/02/17 14:45:19 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
    [2011/02/17 14:09:19 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/02/17 14:08:23 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2011/02/17 13:43:49 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\ViewNX.lnk
    [2011/02/17 13:43:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Podcasting
    [2011/02/17 13:43:02 | 000,000,268 | RH-- | C] () -- C:\Users\Gayle\AppData\Roaming\Plants
    [2011/02/17 13:43:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
    [2011/02/17 13:43:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Profiles
    [2011/02/17 13:42:12 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Nikon Transfer.lnk
    [2011/02/17 13:41:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Plug-Ins
    [2011/02/17 13:41:22 | 000,000,268 | RH-- | C] () -- C:\Users\Gayle\AppData\Roaming\Pipe Organ
    [2011/02/17 13:41:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
    [2011/02/17 13:41:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Printer Icons
    [2011/02/17 13:39:32 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\Panorama Maker 5.lnk
    [2011/02/17 13:31:38 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
    [2011/02/17 13:31:38 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
    [2011/02/17 13:31:38 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
    [2011/02/17 13:31:38 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
    [2011/02/17 13:31:38 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
    [2011/02/17 13:31:38 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
    [2011/02/17 13:31:38 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
    [2011/02/17 13:31:38 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
    [2011/02/17 13:31:38 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
    [2011/02/17 13:31:38 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
    [2011/02/17 13:31:38 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
    [2011/02/17 13:31:38 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
    [2011/02/17 13:31:38 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
    [2011/02/17 13:31:38 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
    [2011/02/17 13:31:38 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
    [2011/02/17 13:31:38 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
    [2011/02/17 13:31:38 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
    [2011/02/17 13:31:38 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
    [2011/02/17 13:31:38 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
    [2011/02/17 13:31:38 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
    [2011/02/17 13:31:38 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
    [2011/02/17 13:31:38 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
    [2011/02/17 13:27:51 | 000,000,060 | ---- | C] () -- C:\Windows\EPNX510.ini
    [2011/02/16 16:57:40 | 000,001,458 | ---- | C] () -- C:\Users\Gayle\Desktop\Nikon Manual.lnk
    [2011/02/09 16:57:07 | 000,002,525 | ---- | C] () -- C:\Users\Public\Desktop\OverDrive Media Console.lnk
    [2011/02/09 16:29:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2011/02/01 22:43:00 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/01 22:40:22 | 000,001,009 | ---- | C] () -- C:\Users\Gayle\Desktop\SpywareBlaster.lnk
    [2011/02/01 22:16:34 | 001,294,538 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\Cat.DB
    [2011/02/01 22:16:33 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2011/02/01 22:16:33 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2011/02/01 22:16:31 | 000,002,474 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
    [2011/02/01 22:16:20 | 000,003,374 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymEFA.inf
    [2011/02/01 22:16:20 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymDS.inf
    [2011/02/01 22:16:20 | 000,001,446 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymNet.inf
    [2011/02/01 22:16:20 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtsp64.inf
    [2011/02/01 22:16:20 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtspx64.inf
    [2011/02/01 22:16:20 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\Iron.inf
    [2011/02/01 22:16:15 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\iron.cat
    [2011/02/01 22:16:15 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtspx64.cat
    [2011/02/01 22:16:15 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymEFA64.cat
    [2011/02/01 22:16:15 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\symnet64.cat
    [2011/02/01 22:16:15 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtsp64.cat
    [2011/02/01 22:16:15 | 000,007,454 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymDS64.cat
    [2011/02/01 22:16:15 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\isolate.ini
    [2011/01/30 00:38:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/11/24 08:59:25 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2010/11/24 08:59:25 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010/11/24 08:59:25 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2010/11/24 08:59:25 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2010/11/24 08:59:25 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/01/31 04:03:54 | 000,000,000 | ---D | M] -- C:\Users\Gayle\AppData\Roaming\Auslogics
    [2011/02/23 13:16:31 | 000,000,000 | ---D | M] -- C:\Users\Gayle\AppData\Roaming\Dropbox
    [2011/02/17 14:40:39 | 000,000,000 | ---D | M] -- C:\Users\Gayle\AppData\Roaming\Epson
    [2011/02/16 16:50:19 | 000,000,000 | ---D | M] -- C:\Users\Gayle\AppData\Roaming\Foxit Software
    [2011/02/09 16:57:56 | 000,000,000 | ---D | M] -- C:\Users\Gayle\AppData\Roaming\OverDrive
    [2011/01/29 11:26:43 | 000,000,000 | ---D | M] -- C:\Users\Gayle\AppData\Roaming\PCDr
    [2011/01/29 00:47:52 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2009/07/13 21:08:49 | 000,019,874 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/03/02 14:55:20 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < >

    < %SYSTEMDRIVE%\*.* >
    [2011/03/01 20:44:47 | 000,037,707 | ---- | M] () -- C:\ComboFix.txt
    [2011/01/13 05:34:40 | 000,003,929 | RH-- | M] () -- C:\dell.sdr
    [2011/01/13 04:06:22 | 000,001,231 | ---- | M] () -- C:\freefallprotection.log
    [2011/03/02 16:10:43 | 326,340,607 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/02 16:10:48 | 1866,776,575 | -HS- | M] () -- C:\pagefile.sys
    [2011/01/13 04:02:40 | 000,002,320 | ---- | M] () -- C:\RHDSetup.log
    [2011/03/02 16:59:08 | 000,069,906 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_02.03.2011_16.36.18_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 12:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/22 22:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/01/29 00:01:06 | 000,000,221 | -HS- | M] () -- C:\Users\Gayle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/03/01 20:28:42 | 004,278,237 | R--- | M] () -- C:\Users\Gayle\Desktop\ComboFix.exe
    [2011/03/01 13:39:14 | 000,080,384 | ---- | M] () -- C:\Users\Gayle\Desktop\MBRCheck.exe
    [2011/03/02 16:55:48 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Gayle\Desktop\OTL.exe
    [2011/03/01 12:47:04 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gayle\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/01/13 04:02:37 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2011/01/13 04:02:37 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2011/01/13 04:02:37 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2011/01/13 04:02:37 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2011/01/13 04:02:37 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2011/01/13 04:02:37 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/02/20 14:01:49 | 000,000,402 | -HS- | M] () -- C:\Users\Gayle\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/02/17 13:41:22 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Plug-Ins
    [2011/02/17 13:43:02 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Podcasting
    [2011/02/17 13:41:22 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Printer Icons
    [2011/02/17 13:43:02 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Profiles

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

    < End of report >
     
    BOBBO,
    #25
  7. 2011/03/02
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here's the Extras.txt report:

    OTL Extras logfile created on: 3/2/2011 5:01:31 PM - Run 1
    OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Gayle\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 77.00% Memory free
    11.00 Gb Paging File | 10.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.07 Gb Total Space | 404.43 Gb Free Space | 89.66% Space Free | Partition Type: NTFS

    Computer Name: GAYLE-PC | User Name: Gayle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3812855668-3064132733-4185535367-1002\SOFTWARE\Classes\<extension>]
    .html [@ = SeaMonkeyHTML] -- C:\Program Files (x86)\SeaMonkey\seamonkey.exe (mozilla.org)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
    "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
    "{5C98193B-C038-473D-83E5-EA6E5591267B}" = Foxit PDF IFilter
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel(R) Wireless Display
    "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
    "{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi Software
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
    "{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
    "Dell Support Center" = Dell Support Center
    "EPSON NX510 Series" = EPSON NX510 Series Printer Uninstall
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skypeâ„¢ 5.1
    "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Belarc Advisor" = Belarc Advisor 8.1
    "Dell Dock" = Dell Dock
    "Dell Webcam Central" = Dell Webcam Central
    "EPSON Scanner" = EPSON Scan
    "Foxit Reader" = Foxit Reader
    "GoToAssist" = GoToAssist 8.0.0.514
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "NAV" = Norton AntiVirus
    "NVIDIA.Updatus" = NVIDIA Updatus
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "SeaMonkey (2.0.11)" = SeaMonkey (2.0.11)
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3812855668-3064132733-4185535367-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/21/2011 8:18:01 PM | Computer Name = Gayle-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
    Express\CoziExpress.exe ".Error in manifest or policy file " " on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    Error - 2/21/2011 8:18:01 PM | Computer Name = Gayle-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
    Express\CoziExpress.exe ".Error in manifest or policy file " " on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    Error - 2/21/2011 10:54:08 PM | Computer Name = Gayle-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
    Express\CoziExpress.exe ".Error in manifest or policy file " " on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    Error - 2/21/2011 10:54:08 PM | Computer Name = Gayle-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
    Express\CoziExpress.exe ".Error in manifest or policy file " " on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    Error - 2/22/2011 11:13:12 AM | Computer Name = Gayle-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
    Express\CoziExpress.exe ".Error in manifest or policy file " " on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    Error - 2/23/2011 12:44:44 PM | Computer Name = Gayle-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
    Express\CoziExpress.exe ".Error in manifest or policy file " " on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    Error - 2/23/2011 4:38:15 PM | Computer Name = Gayle-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
    Express\CoziExpress.exe ".Error in manifest or policy file " " on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    Error - 2/23/2011 4:38:15 PM | Computer Name = Gayle-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
    Express\CoziExpress.exe ".Error in manifest or policy file " " on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    Error - 2/23/2011 4:47:29 PM | Computer Name = Gayle-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
    Express\CoziExpress.exe ".Error in manifest or policy file " " on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    Error - 2/23/2011 4:47:29 PM | Computer Name = Gayle-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
    Express\CoziExpress.exe ".Error in manifest or policy file " " on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    [ Dell Events ]
    Error - 1/29/2011 5:04:05 AM | Computer Name = Gayle-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 1/29/2011 5:04:05 AM | Computer Name = Gayle-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 2/23/2011 4:03:55 PM | Computer Name = Gayle-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ System Events ]
    Error - 3/1/2011 12:19:43 AM | Computer Name = Gayle-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 3/1/2011 12:19:43 AM | Computer Name = Gayle-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 3/1/2011 12:19:43 AM | Computer Name = Gayle-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 3/1/2011 12:19:49 AM | Computer Name = Gayle-PC | Source = DCOM | ID = 10005
    Description =

    Error - 3/1/2011 12:19:52 AM | Computer Name = Gayle-PC | Source = DCOM | ID = 10005
    Description =

    Error - 3/1/2011 12:19:52 AM | Computer Name = Gayle-PC | Source = DCOM | ID = 10005
    Description =

    Error - 3/1/2011 12:19:53 AM | Computer Name = Gayle-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 3/1/2011 12:19:53 AM | Computer Name = Gayle-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 3/1/2011 12:19:53 AM | Computer Name = Gayle-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 3/1/2011 12:20:01 AM | Computer Name = Gayle-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll
    Error
    Code: 21


    < End of report >
     
    BOBBO,
    #26
  8. 2011/03/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-3812855668-3064132733-4185535367-1000..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2011/02/23 11:20:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\ISZONE
[2011/02/23 11:20:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\d41137
[2011/01/30 00:38:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34


:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
     
    broni,
    #27
  9. 2011/03/02
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    I updated Java and removed the old version. When I tried to run another OTL scan, a window popped up informing me that the SONAR section of my Norton A-V program had removed the OTL.exe file, so I had to download that applet again. Somewhere in the midst of all that I had to do a reboot and the next thing I knew an update to my browser, SeaMonkey, was downloading and installing itself. Took just a few seconds, but it worried me at first.

    After the latest restart, my home page (google.com) now loads as it should and this Windows BBS site is back to its normal speed -- it had been extremely slow while going through all the prior steps. So we may be close to final success!

    Here's the latest OTL.txt file:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
    Registry value HKEY_USERS\S-1-5-21-3812855668-3064132733-4185535367-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
    File move failed. C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
    File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Folder C:\ProgramData\ISZONE\ not found.
    Folder C:\ProgramData\d41137\ not found.
    File C:\ProgramData\ezsidmv.dat not found.
    Unable to delete ADS C:\ProgramData\TEMP:5C321E34 .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Gayle
    ->Temp folder emptied: 5909 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 608 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Gayle
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Error: Unable to interpret <[Reboot> in the current context!

    OTL by OldTimer - Version 3.2.22.2 log created on 03022011_193749

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
    File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
    File\Folder C:\Users\Gayle\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
     
    BOBBO,
    #28
  10. 2011/03/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news :)

    It looks like it was mostly a matter of infected "hosts" file.

     
    broni,
    #29
  11. 2011/03/02
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here's the OTL log file:

    OTL logfile created on: 3/2/2011 8:30:40 PM - Run 2
    OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Gayle\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 74.00% Memory free
    11.00 Gb Paging File | 10.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.07 Gb Total Space | 405.35 Gb Free Space | 89.86% Space Free | Partition Type: NTFS

    Computer Name: GAYLE-PC | User Name: Gayle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/02 20:30:04 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Gayle\Desktop\OTL.exe
    PRC - [2011/03/02 19:26:50 | 011,639,296 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\SeaMonkey\seamonkey.exe
    PRC - [2011/01/13 11:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    PRC - [2011/01/13 11:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2011/01/13 11:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    PRC - [2011/01/13 11:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
    PRC - [2010/09/24 08:21:20 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    PRC - [2010/08/19 16:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    PRC - [2010/08/12 10:18:10 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/08/12 10:10:32 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2010/06/30 15:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/06/30 15:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/04/26 21:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010/02/09 11:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    PRC - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    PRC - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2009/01/12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/02 20:30:04 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Gayle\Desktop\OTL.exe
    MOD - [2011/01/13 05:30:36 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/03/05 08:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/03/05 08:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2010/03/05 08:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2009/11/17 01:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/11/02 10:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2011/01/17 23:30:48 | 002,466,032 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files (x86)\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2011/01/13 11:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
    SRV - [2011/01/13 04:07:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe -- (NAV)
    SRV - [2010/08/12 10:18:10 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/08/12 10:10:32 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/06/30 15:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/06/30 15:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/02/01 22:16:33 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2011/01/13 05:30:41 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/01/13 05:30:41 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/13 05:30:23 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/30 21:24:00 | 000,382,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\symnets.sys -- (SymNetS)
    DRV:64bit: - [2010/11/22 20:08:32 | 000,735,864 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2010/11/22 20:08:32 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2010/11/17 18:59:55 | 000,802,864 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymEFA64.sys -- (SymEFA)
    DRV:64bit: - [2010/11/15 17:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\Ironx64.sys -- (SymIRON)
    DRV:64bit: - [2010/10/20 18:28:36 | 000,450,608 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymDS64.sys -- (SymDS)
    DRV:64bit: - [2010/09/26 22:13:16 | 000,169,048 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
    DRV:64bit: - [2010/08/20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
    DRV:64bit: - [2010/08/19 14:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
    DRV:64bit: - [2010/08/12 09:35:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2010/08/12 08:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2010/07/29 23:36:38 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
    DRV:64bit: - [2010/07/27 22:10:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/07/14 20:54:20 | 001,381,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/07/12 02:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
    DRV:64bit: - [2010/06/23 01:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/06/21 12:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2010/06/20 10:45:54 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/06/18 08:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/05/30 20:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
    DRV:64bit: - [2010/04/26 20:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/04/26 20:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/03/03 02:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/02/25 23:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/11/02 10:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2009/09/16 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2011/02/25 13:59:11 | 001,124,472 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20110225.002\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2011/02/01 22:22:56 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110302.019\EX64.SYS -- (NAVEX15)
    DRV - [2011/02/01 22:22:56 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2011/02/01 22:22:56 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/02/01 22:22:56 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110302.019\ENG64.SYS -- (NAVENG)
    DRV - [2010/11/10 17:46:29 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20110302.001\IDSviA64.sys -- (IDSVia64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3812855668-3064132733-4185535367-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKU\S-1-5-21-3812855668-3064132733-4185535367-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CProgram%20Files%20%28x86%29%5CSeaMonkey%5Csearchplugins%5Cgoogle.src "
    FF - prefs.js..browser.search.opensidebarsearchpanel: false
    FF - prefs.js..browser.startup.homepage: "http://www.google.com "
    FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.87.4
    FF - prefs.js..extensions.enabledItems: modern@themes.mozilla.org:1.0
    FF - prefs.js..network.proxy.share_proxy_settings: true

    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn\ [2011/02/01 22:16:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\SeaMonkey 2.0.12\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2011/03/02 19:26:51 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\SeaMonkey 2.0.12\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2011/03/02 19:26:51 | 000,000,000 | ---D | M]

    [2011/01/29 02:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gayle\AppData\Roaming\Mozilla\Extensions
    [2011/01/29 02:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gayle\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
    [2011/01/29 02:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gayle\AppData\Roaming\Mozilla\SeaMonkey\Profiles\1syerixe.default\extensions
    [2011/01/29 02:06:09 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\PROGRAM FILES (X86)\SEAMONKEY\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}

    O1 HOSTS File: ([2011/03/02 19:38:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files (x86)\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
    O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKU\S-1-5-21-3812855668-3064132733-4185535367-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [ "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
    O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
    O4 - HKU\S-1-5-21-3812855668-3064132733-4185535367-1000..\RunOnce: [mctadmin] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3812855668-3064132733-4185535367-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3812855668-3064132733-4185535367-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/02 20:30:03 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Gayle\Desktop\OTL.exe
    [2011/03/02 19:29:07 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\CrashDumps
    [2011/03/02 19:21:57 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/03/02 18:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2011/03/02 16:36:03 | 000,000,000 | ---D | C] -- C:\Desktop
    [2011/03/01 20:44:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/03/01 20:42:07 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/03/01 20:36:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/03/01 20:36:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/03/01 20:36:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/03/01 20:36:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/03/01 20:35:14 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/01 20:34:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/03/01 20:34:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/03/01 18:14:40 | 000,000,000 | ---D | C] -- C:\Users\Gayle\Documents\HostsXpert
    [2011/03/01 13:12:56 | 000,000,000 | ---D | C] -- C:\gmer
    [2011/03/01 12:47:04 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Gayle\Desktop\TFC.exe
    [2011/02/23 15:07:19 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\Diagnostics
    [2011/02/23 14:46:33 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\ElevatedDiagnostics
    [2011/02/21 19:17:35 | 000,000,000 | R--D | C] -- C:\Users\Gayle\Dropbox
    [2011/02/21 19:15:31 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    [2011/02/21 19:15:15 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\Dropbox
    [2011/02/21 18:58:39 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2011/02/21 18:58:13 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\Google
    [2011/02/21 18:57:56 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\Deployment
    [2011/02/21 18:57:56 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\Apps
    [2011/02/21 16:15:38 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\Apple Computer
    [2011/02/21 16:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/02/21 16:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/02/21 16:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2011/02/21 16:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/02/21 16:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    [2011/02/21 16:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2011/02/21 16:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2011/02/21 16:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/02/21 16:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2011/02/18 18:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2011/02/17 14:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    [2011/02/17 14:40:36 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\Epson
    [2011/02/17 14:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2011/02/17 14:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2011/02/17 14:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2011/02/17 14:08:56 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\Apple Computer
    [2011/02/17 14:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2011/02/17 14:08:24 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\Apple
    [2011/02/17 14:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2011/02/17 14:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF IFilter
    [2011/02/17 14:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
    [2011/02/17 14:00:51 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\Programs
    [2011/02/17 13:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX
    [2011/02/17 13:43:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Spool
    [2011/02/17 13:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Transfer
    [2011/02/17 13:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\muvee Technologies
    [2011/02/17 13:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon
    [2011/02/17 13:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
    [2011/02/17 13:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15
    [2011/02/17 13:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp
    [2011/02/17 13:39:48 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Local\ArcSoft
    [2011/02/17 13:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
    [2011/02/17 13:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
    [2011/02/17 13:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Panorama Maker 5
    [2011/02/17 13:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
    [2011/02/17 13:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
    [2011/02/17 13:38:22 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\ArcSoft
    [2011/02/17 13:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
    [2011/02/17 13:31:32 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\InstallShield
    [2011/02/17 13:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
    [2011/02/17 13:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
    [2011/02/17 13:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
    [2011/02/17 13:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
    [2011/02/17 13:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
    [2011/02/16 16:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nikon
    [2011/02/16 16:51:21 | 000,000,000 | ---D | C] -- C:\Users\Gayle\Nikon
    [2011/02/16 16:50:19 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\Foxit Software
    [2011/02/09 16:58:10 | 000,000,000 | ---D | C] -- C:\Users\Gayle\Documents\My Media
    [2011/02/09 16:57:56 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\OverDrive
    [2011/02/09 16:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive Media Console
    [2011/02/09 16:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OverDrive Media Console
    [2011/02/01 23:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
    [2011/02/01 22:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2011/02/01 22:43:14 | 000,000,000 | ---D | C] -- C:\Users\Gayle\AppData\Roaming\Malwarebytes
    [2011/02/01 22:43:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/02/01 22:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/02/01 22:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/02/01 22:42:56 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/02/01 22:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/02/01 22:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    [2011/02/01 22:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
    [2011/02/01 22:35:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMODO
    [2011/02/01 22:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2011/02/01 22:18:56 | 000,000,000 | ---D | C] -- C:\Users\Gayle\Documents\Symantec
    [2011/02/01 22:16:33 | 000,174,640 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2011/02/01 22:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2011/02/01 22:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2011/02/01 22:16:25 | 000,802,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymEFA64.sys
    [2011/02/01 22:16:25 | 000,735,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtsp64.sys
    [2011/02/01 22:16:25 | 000,450,608 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymDS64.sys
    [2011/02/01 22:16:25 | 000,382,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\symnets.sys
    [2011/02/01 22:16:25 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\Ironx64.sys
    [2011/02/01 22:16:25 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtspx64.sys
    [2011/02/01 22:16:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
    [2011/02/01 22:16:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D
    [2011/02/01 22:16:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
    [2011/02/01 22:16:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
    [2011/02/01 22:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2011/02/01 22:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2011/02/01 22:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller

    ========== Files - Modified Within 30 Days ==========

    [2011/03/02 20:30:04 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Gayle\Desktop\OTL.exe
    [2011/03/02 20:03:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3812855668-3064132733-4185535367-1002UA.job
    [2011/03/02 19:46:20 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/02 19:46:20 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/02 19:43:26 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/03/02 19:43:26 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/03/02 19:43:26 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/03/02 19:38:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/02 19:38:47 | 326,340,607 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/02 19:38:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
    [2011/03/02 19:03:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3812855668-3064132733-4185535367-1002Core.job
    [2011/03/02 19:02:23 | 000,159,757 | ---- | M] () -- C:\Users\Gayle\Desktop\JavaRa.zip
    [2011/03/02 16:34:43 | 001,261,440 | ---- | M] () -- C:\Users\Gayle\Desktop\tdsskiller.zip
    [2011/03/02 14:55:20 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2011/03/01 22:03:36 | 000,002,699 | ---- | M] () -- C:\Users\Gayle\Desktop\Google Chrome.lnk
    [2011/03/01 20:28:42 | 004,278,237 | R--- | M] () -- C:\Users\Gayle\Desktop\ComboFix.exe
    [2011/03/01 13:42:33 | 000,624,128 | ---- | M] () -- C:\Users\Gayle\Desktop\dds.scr
    [2011/03/01 13:39:14 | 000,080,384 | ---- | M] () -- C:\Users\Gayle\Desktop\MBRCheck.exe
    [2011/03/01 13:03:06 | 000,288,107 | ---- | M] () -- C:\Users\Gayle\Desktop\gmer.zip
    [2011/03/01 12:47:04 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gayle\Desktop\TFC.exe
    [2011/02/23 14:15:54 | 001,294,538 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\Cat.DB
    [2011/02/21 19:17:35 | 000,001,043 | ---- | M] () -- C:\Users\Gayle\Desktop\Dropbox.lnk
    [2011/02/21 16:15:30 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/02/17 14:45:19 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
    [2011/02/17 14:41:27 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2011/02/17 14:09:19 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/02/17 13:43:49 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\ViewNX.lnk
    [2011/02/17 13:43:02 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Podcasting
    [2011/02/17 13:43:02 | 000,000,268 | RH-- | M] () -- C:\Users\Gayle\AppData\Roaming\Plants
    [2011/02/17 13:43:02 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
    [2011/02/17 13:43:02 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Profiles
    [2011/02/17 13:42:12 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Nikon Transfer.lnk
    [2011/02/17 13:41:22 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Plug-Ins
    [2011/02/17 13:41:22 | 000,000,268 | RH-- | M] () -- C:\Users\Gayle\AppData\Roaming\Pipe Organ
    [2011/02/17 13:41:22 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
    [2011/02/17 13:41:22 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Printer Icons
    [2011/02/17 13:39:32 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\Panorama Maker 5.lnk
    [2011/02/17 13:28:16 | 000,000,060 | ---- | M] () -- C:\Windows\EPNX510.ini
    [2011/02/16 16:57:40 | 000,001,458 | ---- | M] () -- C:\Users\Gayle\Desktop\Nikon Manual.lnk
    [2011/02/09 16:57:07 | 000,002,525 | ---- | M] () -- C:\Users\Public\Desktop\OverDrive Media Console.lnk
    [2011/02/09 16:29:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2011/02/08 13:04:47 | 000,341,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/02/01 22:43:00 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/01 22:40:22 | 000,001,009 | ---- | M] () -- C:\Users\Gayle\Desktop\SpywareBlaster.lnk
    [2011/02/01 22:16:33 | 000,174,640 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2011/02/01 22:16:33 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2011/02/01 22:16:33 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2011/02/01 22:16:31 | 000,002,474 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk

    ========== Files Created - No Company Name ==========

    [2011/03/02 19:02:22 | 000,159,757 | ---- | C] () -- C:\Users\Gayle\Desktop\JavaRa.zip
    [2011/03/02 16:34:43 | 001,261,440 | ---- | C] () -- C:\Users\Gayle\Desktop\tdsskiller.zip
    [2011/03/01 20:36:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/03/01 20:36:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/03/01 20:36:06 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/03/01 20:36:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/03/01 20:36:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/03/01 20:28:34 | 004,278,237 | R--- | C] () -- C:\Users\Gayle\Desktop\ComboFix.exe
    [2011/03/01 13:42:33 | 000,624,128 | ---- | C] () -- C:\Users\Gayle\Desktop\dds.scr
    [2011/03/01 13:39:14 | 000,080,384 | ---- | C] () -- C:\Users\Gayle\Desktop\MBRCheck.exe
    [2011/03/01 13:03:04 | 000,288,107 | ---- | C] () -- C:\Users\Gayle\Desktop\gmer.zip
    [2011/02/21 19:17:35 | 000,001,043 | ---- | C] () -- C:\Users\Gayle\Desktop\Dropbox.lnk
    [2011/02/21 18:58:40 | 000,002,699 | ---- | C] () -- C:\Users\Gayle\Desktop\Google Chrome.lnk
    [2011/02/21 18:58:15 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3812855668-3064132733-4185535367-1002UA.job
    [2011/02/21 18:58:14 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3812855668-3064132733-4185535367-1002Core.job
    [2011/02/21 16:15:30 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/02/17 14:45:19 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
    [2011/02/17 14:09:19 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/02/17 14:08:23 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2011/02/17 13:43:49 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\ViewNX.lnk
    [2011/02/17 13:43:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Podcasting
    [2011/02/17 13:43:02 | 000,000,268 | RH-- | C] () -- C:\Users\Gayle\AppData\Roaming\Plants
    [2011/02/17 13:43:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
    [2011/02/17 13:43:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Profiles
    [2011/02/17 13:42:12 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Nikon Transfer.lnk
    [2011/02/17 13:41:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Plug-Ins
    [2011/02/17 13:41:22 | 000,000,268 | RH-- | C] () -- C:\Users\Gayle\AppData\Roaming\Pipe Organ
    [2011/02/17 13:41:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
    [2011/02/17 13:41:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Printer Icons
    [2011/02/17 13:39:32 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\Panorama Maker 5.lnk
    [2011/02/17 13:31:38 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
    [2011/02/17 13:31:38 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
    [2011/02/17 13:31:38 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
    [2011/02/17 13:31:38 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
    [2011/02/17 13:31:38 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
    [2011/02/17 13:31:38 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
    [2011/02/17 13:31:38 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
    [2011/02/17 13:31:38 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
    [2011/02/17 13:31:38 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
    [2011/02/17 13:31:38 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
    [2011/02/17 13:31:38 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
    [2011/02/17 13:31:38 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
    [2011/02/17 13:31:38 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
    [2011/02/17 13:31:38 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
    [2011/02/17 13:31:38 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
    [2011/02/17 13:31:38 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
    [2011/02/17 13:31:38 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
    [2011/02/17 13:31:38 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
    [2011/02/17 13:31:38 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
    [2011/02/17 13:31:38 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
    [2011/02/17 13:31:38 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
    [2011/02/17 13:31:38 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
    [2011/02/17 13:27:51 | 000,000,060 | ---- | C] () -- C:\Windows\EPNX510.ini
    [2011/02/16 16:57:40 | 000,001,458 | ---- | C] () -- C:\Users\Gayle\Desktop\Nikon Manual.lnk
    [2011/02/09 16:57:07 | 000,002,525 | ---- | C] () -- C:\Users\Public\Desktop\OverDrive Media Console.lnk
    [2011/02/09 16:29:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2011/02/01 22:43:00 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/01 22:40:22 | 000,001,009 | ---- | C] () -- C:\Users\Gayle\Desktop\SpywareBlaster.lnk
    [2011/02/01 22:16:34 | 001,294,538 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\Cat.DB
    [2011/02/01 22:16:33 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2011/02/01 22:16:33 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2011/02/01 22:16:31 | 000,002,474 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
    [2011/02/01 22:16:20 | 000,003,374 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymEFA.inf
    [2011/02/01 22:16:20 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymDS.inf
    [2011/02/01 22:16:20 | 000,001,446 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymNet.inf
    [2011/02/01 22:16:20 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtsp64.inf
    [2011/02/01 22:16:20 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtspx64.inf
    [2011/02/01 22:16:20 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\Iron.inf
    [2011/02/01 22:16:15 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\iron.cat
    [2011/02/01 22:16:15 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtspx64.cat
    [2011/02/01 22:16:15 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymEFA64.cat
    [2011/02/01 22:16:15 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\symnet64.cat
    [2011/02/01 22:16:15 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\srtsp64.cat
    [2011/02/01 22:16:15 | 000,007,454 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\SymDS64.cat
    [2011/02/01 22:16:15 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1205000.07D\isolate.ini
    [2010/11/24 08:59:25 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2010/11/24 08:59:25 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010/11/24 08:59:25 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2010/11/24 08:59:25 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2010/11/24 08:59:25 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/01/31 04:03:54 | 000,000,000 | ---D | M] -- C:\Users\Gayle\AppData\Roaming\Auslogics
    [2011/02/23 13:16:31 | 000,000,000 | ---D | M] -- C:\Users\Gayle\AppData\Roaming\Dropbox
    [2011/02/17 14:40:39 | 000,000,000 | ---D | M] -- C:\Users\Gayle\AppData\Roaming\Epson
    [2011/02/16 16:50:19 | 000,000,000 | ---D | M] -- C:\Users\Gayle\AppData\Roaming\Foxit Software
    [2011/02/09 16:57:56 | 000,000,000 | ---D | M] -- C:\Users\Gayle\AppData\Roaming\OverDrive
    [2011/01/29 11:26:43 | 000,000,000 | ---D | M] -- C:\Users\Gayle\AppData\Roaming\PCDr
    [2011/01/29 00:47:52 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2009/07/13 21:08:49 | 000,020,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/03/02 14:55:20 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

    < End of report >
     
    BOBBO,
    #30
  12. 2011/03/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good :)

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #31
  13. 2011/03/02
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here's the checkup.txt result:

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Disabled!
    Norton AntiVirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.2.152.26
    Adobe Reader X (10.0.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Norton ccSvcHst.exe
    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    ``````````End of Log````````````
     
    BOBBO,
    #32
  14. 2011/03/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good. Go on...
     
    broni,
    #33
  15. 2011/03/03
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Downloaded and ran Temp File Cleaner successfully.

    Downloaded and ran ESET Online Scanner. Result:

    Files scanned: 106058
    Infected files: 0
    Cleaned files: 0
    Total scan time: 00:30.03
     
    BOBBO,
    #34
  16. 2011/03/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
    broni,
    #35
  17. 2011/03/03
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    I ran the OTL.exe program with the commands you sent pasted into it, and after a reboot I don't find any log. There are so many icons on my desktop now, I'm not sure what the name of it should be. There is one OTL file there, but the time stamp in it says 8:30:40 Run 2. That's from an earlier run, isn't it?

    LATER: This morning I ran OTL again and this time after a reboot I got this Notepad report:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Gayle
    ->Temp folder emptied: 11064 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1824 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Gayle
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.22.2 log created on 03032011_091441

    Files\Folders moved on Reboot...
    C:\Users\Gayle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
    Last edited: 2011/03/03
    BOBBO,
    #36
  18. 2011/03/03
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    I ran the OTL cleanup operation and deleted all the remaining desktop icons that we were using. Everything seems to be working OK now, and a while ago I downloaded and installed Win7 Service Pack 1 and that was successful, too. So it appears that you can now slap a "Resolved" notice on this thread.

    I thank you for all your help. And my wife thanks you.
     
    BOBBO,
    #37
  19. 2011/03/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)

    Good luck and stay safe :)
     
    broni,
    #38
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...