Solved Can't turn on Windows Automatic Updates

jamo1133 · 2011/03/20

[Resolved] Can't turn on Windows Automatic Updates

My daughters laptop starting having issues last week when an error msg popped up saying corrupt files were found , run chkdsk (or something like that). Since then I cannot run Windows Updates. Automatic update is turned off and I am unable to turn it on and I cannot open the windows update page. I noticed she had installed bit-torrent and frostwire which I immediately uninstalled. I also uninstalled AVG free edition and installed Microsoft Security Essentials. MS Essentials found about 8 different severe items and they were all removed. I tried running system restore several times and each time a msg saying "unspecified error occured, system not restored ". I tried running system restore in safe mode and after about three hours I cancelled out of it. I ran all of the recommended scans. The GMER scan finished with the msg "GMER hasn't found any system modification ". Having trouble getting at the MBAM log - I'm getting access denied trying to access documents and settings folder. I will post as soon as I can

MBRCHECK:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1440
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 129):
0x01C1F000 \SystemRoot\system32\ntoskrnl.exe
0x02137000 \SystemRoot\system32\hal.dll
0x0060F000 \SystemRoot\system32\kdcom.dll
0x00619000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00654000 \SystemRoot\system32\PSHED.dll
0x00668000 \SystemRoot\system32\CLFS.SYS
0x006C5000 \SystemRoot\system32\CI.dll
0x00804000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EC000 \SystemRoot\system32\drivers\acpi.sys
0x00942000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094B000 \SystemRoot\system32\drivers\msisadrv.sys
0x00955000 \SystemRoot\system32\drivers\pci.sys
0x00985000 \SystemRoot\System32\drivers\partmgr.sys
0x0099A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x0099E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009AA000 \SystemRoot\system32\drivers\volmgr.sys
0x00777000 \SystemRoot\System32\drivers\volmgrx.sys
0x009BE000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A02000 \SystemRoot\system32\drivers\iastor.sys
0x00B1F000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B66000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B7A000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00C0B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E05000 \SystemRoot\system32\drivers\ndis.sys
0x00C92000 \SystemRoot\system32\drivers\msrpc.sys
0x00CE2000 \SystemRoot\system32\drivers\NETIO.SYS
0x01005000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01185000 \SystemRoot\system32\drivers\volsnap.sys
0x011C9000 \SystemRoot\System32\Drivers\spldr.sys
0x011D1000 \SystemRoot\System32\Drivers\mup.sys
0x00FC8000 \SystemRoot\System32\drivers\ecache.sys
0x011E3000 \SystemRoot\system32\drivers\disk.sys
0x00D3B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00FF4000 \SystemRoot\system32\drivers\crcdisk.sys
0x02321000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0232E000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02401000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02E20000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02F03000 \SystemRoot\System32\drivers\watchdog.sys
0x02F13000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02F1F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02F65000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03009000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03207000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x0337F000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x033CF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x030F6000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x033E5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x033F1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03132000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0314E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03200000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0315B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03164000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03177000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02F76000 \SystemRoot\system32\DRIVERS\storport.sys
0x031B0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x031BD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x031E0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02337000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x031EC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02FD3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02368000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02380000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03205000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02393000 \SystemRoot\system32\DRIVERS\ks.sys
0x02FF1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x023C7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x00D75000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x023D7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x00B86000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x00DBD000 \SystemRoot\system32\DRIVERS\portcls.sys
0x009D1000 \SystemRoot\system32\DRIVERS\drmk.sys
0x03000000 \SystemRoot\system32\drivers\ksthunk.sys
0x04201000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x04232000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x0423C000 \SystemRoot\System32\Drivers\Null.SYS
0x04245000 \SystemRoot\System32\drivers\vga.sys
0x04253000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04278000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04281000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0428A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04295000 \SystemRoot\System32\Drivers\Npfs.SYS
0x042A6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04407000 \SystemRoot\System32\drivers\tcpip.sys
0x0457D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x045A9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x045C6000 \SystemRoot\system32\DRIVERS\smb.sys
0x042AF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x042F3000 \SystemRoot\system32\drivers\afd.sys
0x045E1000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x0435E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x045EC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0437C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04397000 \SystemRoot\system32\drivers\nsiproxy.sys
0x043A3000 \SystemRoot\System32\Drivers\dfsc.sys
0x043C0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02200000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x043CE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x045FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04801000 \SystemRoot\system32\DRIVERS\OA013Vid.sys
0x0484E000 \SystemRoot\system32\DRIVERS\OA013Ufd.sys
0x04876000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x048A0000 \SystemRoot\System32\drivers\Dxapi.sys
0x048AC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x00690000 \SystemRoot\System32\cdd.dll
0x048BF000 \SystemRoot\system32\drivers\luafv.sys
0x048E1000 \SystemRoot\system32\drivers\spsys.sys
0x0497B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0498F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x049C3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x049CE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x15C02000 \SystemRoot\system32\drivers\HTTP.sys
0x15CA5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x15CCE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x15CEC000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x15CFC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x15D16000 \SystemRoot\System32\DRIVERS\srv2.sys
0x15D48000 \SystemRoot\System32\DRIVERS\srv.sys
0x1600C000 \SystemRoot\system32\drivers\peauth.sys
0x160C2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x160CD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x160DD000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x160E6000 \SystemRoot\System32\Drivers\fastfat.SYS
0x1611B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77C80000 \Windows\System32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
448 C:\Windows\System32\smss.exe
516 csrss.exe
552 C:\Windows\System32\wininit.exe
572 csrss.exe
608 C:\Windows\System32\services.exe
620 C:\Windows\System32\lsass.exe
628 C:\Windows\System32\lsm.exe
708 C:\Windows\System32\winlogon.exe
824 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
944 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
420 C:\Windows\System32\svchost.exe
520 C:\Windows\System32\svchost.exe
652 C:\Windows\System32\svchost.exe
624 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\stacsv64.exe
1048 C:\Windows\System32\audiodg.exe
1092 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\SLsvc.exe
1184 C:\Windows\System32\svchost.exe
1256 C:\Program Files\Dell\DellDock\DockLogin.exe
1332 C:\Windows\System32\svchost.exe
1460 C:\Windows\System32\WLTRYSVC.EXE
1480 C:\Windows\System32\wlanext.exe
1488 C:\Windows\System32\BCMWLTRY.EXE
1616 C:\Windows\System32\spoolsv.exe
1664 C:\Windows\System32\svchost.exe
2008 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
2024 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2044 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1364 C:\Windows\System32\svchost.exe
680 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2056 C:\Windows\System32\svchost.exe
2104 C:\Windows\System32\svchost.exe
2136 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2248 C:\Windows\System32\SearchIndexer.exe
2556 C:\Windows\System32\taskeng.exe
2652 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2832 C:\Windows\System32\dwm.exe
2848 C:\Windows\System32\taskeng.exe
2980 C:\Windows\explorer.exe
852 C:\Program Files\DellTPad\Apoint.exe
2524 C:\Windows\System32\WLTRAY.EXE
1684 C:\Program Files\Dell\QuickSet\quickset.exe
2676 C:\Program Files\IDT\WDM\sttray64.exe
2636 C:\Windows\System32\igfxtray.exe
2956 C:\Program Files\Microsoft Security Client\msseces.exe
1800 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
3076 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3084 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3184 C:\Program Files\Dell\DellDock\DellDock.exe
3336 WmiPrvSE.exe
3472 C:\Program Files\DellTPad\ApMsgFwd.exe
3644 C:\Program Files\DellTPad\hidfind.exe
3676 C:\Program Files\DellTPad\ApntEx.exe
3960 C:\Program Files\iPod\bin\iPodService.exe
4044 C:\Windows\System32\svchost.exe
3224 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
784 dllhost.exe
2308 dllhost.exe
1748 C:\Users\Kelly\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0003DEM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B

Done!

DDS.TXT

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Kelly at 18:54:48.09 on Sun 03/20/2011
Internet Explorer: 9.0.8112.16421
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4057.2649 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kelly\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll
mURLSearchHooks: H - No File
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
StartupFolder: C:\Users\Kelly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CNETTE~1.LNK - C:\Users\Kelly\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
StartupFolder: C:\Users\Kelly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB-X64: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} -
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-8-31 53488]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-8-31 89600]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-8-31 172032]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
R3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;C:\Windows\System32\drivers\OA013Ufd.sys [2009-3-6 159840]
R3 OA013Vid;Creative Camera OA013 Function Driver;C:\Windows\System32\drivers\OA013Vid.sys [2009-3-9 311456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2011-3-2 91456]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2010-1-25 10240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-5-28 17456]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-2 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-03-20 02:23:38 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-20 02:14:18 7947600 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{F96364DC-A7FA-4628-8801-1E6B9257B18A}\mpengine.dll
2011-03-17 01:21:01 -------- d-----w- C:\Windows\pss
2011-03-17 00:03:10 601424 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{8390D992-F9B4-492B-9814-097640D2ACAC}\gapaengine.dll
2011-03-16 23:58:46 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-03-16 23:58:39 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-03-16 15:51:28 -------- d-----w- C:\Program Files\iPod
2011-03-16 15:51:27 -------- d-----w- C:\Program Files\iTunes
2011-03-16 14:24:54 -------- d-sh--w- C:\found.000
2011-03-12 16:46:57 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A63CF4B2-D994-4EE4-B3B5-C6639AECC298}\mpengine.dll
2011-03-12 04:59:26 -------- d-----w- C:\Users\Kelly\AppData\Roaming\FrostWire
2011-03-12 04:59:26 -------- d-----w- C:\Program Files (x86)\ToggleEN
2011-03-12 04:59:00 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-03-12 04:58:55 -------- d-----w- C:\Program Files (x86)\FrostWire
2011-03-08 23:20:07 2425344 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-08 23:20:07 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-08 23:20:06 731136 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-08 23:20:06 677888 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-08 23:20:04 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-08 23:20:04 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-08 23:20:04 416768 ----a-w- C:\Windows\System32\sbe.dll
2011-03-08 23:20:04 322560 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-08 23:20:04 226816 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-08 23:20:04 210944 ----a-w- C:\Windows\System32\sbeio.dll
2011-03-08 23:20:04 177664 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-08 23:20:04 153088 ----a-w- C:\Windows\SysWow64\sbeio.dll
2011-03-06 08:03:25 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-03-03 03:55:01 -------- d-----w- C:\Program Files (x86)\Motorola
2011-03-03 03:55:01 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2011-03-03 03:53:41 -------- d-----w- C:\Program Files\Motorola Inc
2011-03-03 03:53:41 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2011-02-21 16:45:10 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
.
==================== Find3M ====================
.
2011-02-03 02:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-02 22:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-20 16:46:10 900480 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-20 16:17:15 366592 ----a-w- C:\Windows\System32\winspool.drv
2011-01-20 16:17:03 625152 ----a-w- C:\Windows\System32\dxgi.dll
2011-01-20 16:16:53 287232 ----a-w- C:\Windows\System32\d3d10core.dll
2011-01-20 16:16:52 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-01-20 16:16:52 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-01-20 16:16:52 1268224 ----a-w- C:\Windows\System32\d3d10.dll
2011-01-20 16:16:47 748544 ----a-w- C:\Windows\System32\stobject.dll
2011-01-20 16:16:40 47104 ----a-w- C:\Windows\System32\cdd.dll
2011-01-20 16:16:10 3548672 ----a-w- C:\Windows\System32\mf.dll
2011-01-20 16:16:08 35840 ----a-w- C:\Windows\System32\printfilterpipelineprxy.dll
2011-01-20 16:14:49 278528 ----a-w- C:\Windows\System32\mfplat.dll
2011-01-20 16:14:49 195072 ----a-w- C:\Windows\System32\mfps.dll
2011-01-20 16:08:16 478720 ----a-w- C:\Windows\SysWow64\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
2011-01-20 16:07:42 258048 ----a-w- C:\Windows\SysWow64\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- C:\Windows\SysWow64\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- C:\Windows\SysWow64\mf.dll
2011-01-20 16:04:54 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- C:\Windows\SysWow64\mfplat.dll
2011-01-20 15:01:50 3068416 ----a-w- C:\Windows\System32\xpsservices.dll
2011-01-20 15:01:09 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-20 14:59:59 1032192 ----a-w- C:\Windows\System32\printfilterpipelinesvc.exe
2011-01-20 14:58:38 1461760 ----a-w- C:\Windows\System32\OpcServices.dll
2011-01-20 14:57:44 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-20 14:57:28 231936 ----a-w- C:\Windows\System32\XpsRasterService.dll
2011-01-20 14:42:00 1257984 ----a-w- C:\Windows\System32\MFH264Dec.dll
2011-01-20 14:41:29 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
2011-01-20 14:40:17 345088 ----a-w- C:\Windows\System32\mfreadwrite.dll
2011-01-20 14:40:14 34304 ----a-w- C:\Windows\System32\mfpmp.exe
2011-01-20 14:40:11 377344 ----a-w- C:\Windows\System32\mfmp4src.dll
2011-01-20 14:37:06 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-01-20 14:35:30 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
2011-01-20 14:28:38 1554432 ----a-w- C:\Windows\SysWow64\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-20 14:25:25 847360 ----a-w- C:\Windows\SysWow64\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- C:\Windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- C:\Windows\SysWow64\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2011-01-20 14:06:15 834048 ----a-w- C:\Windows\System32\d2d1.dll
2011-01-20 14:02:46 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-01-20 14:02:44 1147904 ----a-w- C:\Windows\System32\FntCache.dll
2011-01-20 13:47:51 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-01-12 03:46:48 275432 ----a-w- C:\Windows\System32\drivers\fltMgr.sys
2011-01-08 09:03:01 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-08 08:47:50 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-08 06:45:51 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-08 06:28:49 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-12-31 14:16:41 2757632 ----a-w- C:\Windows\System32\win32k.sys
2010-12-28 16:08:18 466944 ----a-w- C:\Windows\System32\odbc32.dll
2010-12-28 15:55:03 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll
2010-12-20 23:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 18:55:10.23 ===============

jamo1133 · 2011/03/20

MBAM log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6108

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

3/20/2011 3:52:48 PM
mbam-log-2011-03-20 (15-52-48).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 328585
Time elapsed: 56 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2011/03/20

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

You posted DDS.txt twice.
I still need Attach.txt log.

When done....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

jamo1133 · 2011/03/20

Opps here you go

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 8/30/2009 9:34:39 PM
System Uptime: 3/20/2011 6:14:55 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0K138P
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 363.013 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 6.776 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Advanced Audio FX Engine
AIM 7
AIM Toolbar
Apple Application Support
Apple Software Update
Ask Toolbar
Banctec Service Agreement
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CNET TechTracker
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Conduit Engine
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Video Chat
Dell Webcam Central
Download Updater (AOL LLC)
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 24
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MotoConnect
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PowerDVD DX
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Search Toolbar
Secunia PSI
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spelling Dictionaries Support For Adobe Reader 9
ToggleEN Toolbar
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VoiceOver Kit
Vz In Home Agent
Windows Live OneCare safety scanner
Windows Live Sync
Windows Live Upload Tool
.
==== End Of File ===========================

broni · 2011/03/20

Go on with Combofix.

jamo1133 · 2011/03/20

ComboFix 11-03-19.04 - Kelly 03/20/2011 20:20:51.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4057.2611 [GMT -4:00]
Running from: c:\users\Kelly\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\users\Kelly\ntuser.pol
.
.
((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 )))))))))))))))))))))))))))))))
.
.
2011-03-21 00:18 . 2011-03-21 00:18 -------- d-----w- C:\32788R22FWJFW
2011-03-18 01:14 . 2011-03-18 05:01 -------- d-----w- c:\program files (x86)\Windows Live Safety Center
2011-03-17 00:03 . 2010-11-30 14:43 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8390D992-F9B4-492B-9814-097640D2ACAC}\gapaengine.dll
2011-03-16 23:58 . 2011-03-16 23:58 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-03-16 23:58 . 2011-03-16 23:59 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-16 15:51 . 2011-03-16 15:51 -------- d-----w- c:\program files\iPod
2011-03-16 15:51 . 2011-03-16 15:51 -------- d-----w- c:\program files\iTunes
2011-03-16 14:24 . 2011-03-16 14:24 -------- d-----w- C:\found.000
2011-03-12 16:46 . 2011-02-23 14:34 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A63CF4B2-D994-4EE4-B3B5-C6639AECC298}\mpengine.dll
2011-03-12 15:21 . 2011-03-12 15:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-12 04:59 . 2011-03-16 17:20 -------- d-----w- c:\users\Kelly\AppData\Roaming\FrostWire
2011-03-12 04:59 . 2011-03-12 04:59 -------- d-----w- c:\program files (x86)\ToggleEN
2011-03-12 04:59 . 2011-03-12 04:59 -------- d-----w- c:\program files (x86)\Ask.com
2011-03-12 04:58 . 2011-03-16 16:07 -------- d-----w- c:\program files (x86)\FrostWire
2011-03-08 23:20 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll
2011-03-08 23:20 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-08 23:20 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 23:20 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-08 23:20 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll
2011-03-08 23:20 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll
2011-03-08 23:20 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-03-08 23:20 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-08 23:20 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-08 23:20 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
2011-03-08 23:20 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-08 23:20 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-06 08:03 . 2011-03-06 08:03 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-03-03 03:55 . 2011-03-03 03:55 -------- d-----w- c:\program files (x86)\Motorola
2011-03-03 03:53 . 2011-03-03 03:53 -------- d-----w- c:\program files\Motorola Inc
2011-03-03 03:53 . 2011-03-03 03:53 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-02-21 16:45 . 2011-02-21 16:47 -------- d-----w- c:\program files (x86)\Bing Bar Installer
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 02:40 . 2010-11-19 01:49 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 22:11 . 2009-10-18 01:34 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:46 . 2011-02-09 17:42 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:17 . 2011-02-09 17:42 366592 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:17 . 2011-02-09 17:42 625152 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:16 . 2011-02-09 17:42 287232 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:16 . 2011-02-09 17:42 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:16 . 2011-02-09 17:42 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:16 . 2011-02-09 17:42 1268224 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:16 . 2011-02-09 17:42 748544 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:16 . 2011-02-09 17:42 47104 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:16 . 2011-02-09 17:42 3548672 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:16 . 2011-02-09 17:42 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:14 . 2011-02-09 17:42 278528 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:14 . 2011-02-09 17:42 195072 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:08 . 2011-02-09 17:42 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2011-01-20 16:08 . 2011-02-09 17:42 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 17:42 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 17:42 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2011-01-20 16:08 . 2011-02-09 17:42 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 17:42 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2011-01-20 16:07 . 2011-02-09 17:42 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2011-01-20 16:06 . 2011-02-09 17:42 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2011-01-20 16:04 . 2011-02-09 17:42 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2011-01-20 16:04 . 2011-02-09 17:42 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2011-01-20 15:01 . 2011-02-09 17:42 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 15:01 . 2011-02-09 17:42 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:59 . 2011-02-09 17:42 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:58 . 2011-02-09 17:42 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:57 . 2011-02-09 17:42 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:57 . 2011-02-09 17:42 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:42 . 2011-02-09 17:42 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:41 . 2011-02-09 17:42 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:40 . 2011-02-09 17:42 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:40 . 2011-02-09 17:42 34304 ----a-w- c:\windows\system32\mfpmp.exe
2011-01-20 14:40 . 2011-02-09 17:42 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:37 . 2011-02-09 17:42 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:35 . 2011-02-09 17:42 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 14:28 . 2011-02-09 17:42 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 17:42 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-20 14:25 . 2011-02-09 17:42 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 17:42 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 17:42 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 17:42 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 17:42 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 17:42 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 17:42 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 17:42 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 17:42 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2011-01-20 14:06 . 2011-02-09 17:42 834048 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 14:02 . 2011-02-09 17:42 1555968 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 14:02 . 2011-02-09 17:42 1147904 ----a-w- c:\windows\system32\FntCache.dll
2011-01-20 13:47 . 2011-02-09 17:42 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-01-20 13:44 . 2011-02-09 17:42 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-01-12 03:46 . 2009-12-03 00:54 275432 ----a-w- c:\windows\system32\drivers\fltMgr.sys
2011-01-08 09:03 . 2011-02-09 17:41 48128 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 08:47 . 2011-02-09 17:41 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-08 06:45 . 2011-02-09 17:41 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 06:28 . 2011-02-09 17:41 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-31 14:16 . 2011-02-09 17:43 2757632 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 16:08 . 2011-01-12 19:06 466944 ----a-w- c:\windows\system32\odbc32.dll
2010-12-28 15:55 . 2011-01-12 19:06 413696 ----a-w- c:\windows\SysWow64\odbc32.dll
.
.
------- Sigcheck -------
.
[7] 2008-10-16 . 0DF8A7A5E072A6BA0AF1E563518255C0 . 54296 . . [7.2.6001.788] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_8683d52d1ee055aa\wuauclt.exe
[7] 2008-01-21 . 44E38EB04F48FCD1D0D230C10A3EED39 . 45568 . . [7.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6001.18000_none_fc7174b1ecdd9336\wuauclt.exe
[7] 2008-01-21 . 44E38EB04F48FCD1D0D230C10A3EED39 . 45568 . . [7.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6002.18005_none_fe5cedbde9ff5e82\wuauclt.exe
[7] 2006-11-02 . 82979850A3E9B7581E28852139EB9D01 . 44032 . . [6.0.6000.16386] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_6.0.6000.16386_none_08ca3670650bd993\wuauclt.exe
.
c:\windows\system32\wuauclt.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\ToggleEN\tbTogg.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D} "= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b} "= "c:\program files (x86)\ToggleEN\tbTogg.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager "= "c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"DellSupportCenter "= "c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\users\Kelly\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-3-3 2621952]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-04-29 91456]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;c:\windows\system32\DRIVERS\OA013Ufd.sys [x]
S3 OA013Vid;Creative Camera OA013 Function Driver;c:\windows\system32\DRIVERS\OA013Vid.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-21 c:\windows\Tasks\User_Feed_Synchronization-{3F7E7710-3F72-4622-8AFC-9E3A1933B054}.job
- c:\windows\system32\msfeedssync.exe [2011-03-17 01:28]
.
2011-03-21 c:\windows\Tasks\User_Feed_Synchronization-{9D4BAC18-BA84-4D07-B669-24BDF7179207}.job
- c:\windows\system32\msfeedssync.exe [2011-03-17 01:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"Apoint "= "c:\program files\DellTPad\Apoint.exe" [2009-04-06 305664]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"QuickSet "= "c:\program files\Dell\QuickSet\QuickSet.exe" [2009-03-23 3215440]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs "=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray64.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@= "Shockwave Flash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=" "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@= "FlashBroker "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue "=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue "=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-03-20 20:28:20
ComboFix-quarantined-files.txt 2011-03-21 00:28
.
Pre-Run: 389,616,877,568 bytes free
Post-Run: 389,513,924,608 bytes free
.
- - End Of File - - 021D8F4C1BA00CA34C9B48B1B8D9CF48

jamo1133 · 2011/03/20

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/20/2011 at 20:39:08.
Operating System: Windows (TM) Vista Home Premium

Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\runonce.exe

Rkill completed on 03/20/2011 at 20:39:15.

broni · 2011/03/20

Uninstall Ask Toolbar, typical foistware.

===================================================================

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
FCopy::
c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_8683d52d1ee055aa\wuauclt.exe | c:\windows\system32\wuauclt.exe

Folder::
c:\users\Kelly\AppData\Roaming\FrostWire
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

jamo1133 · 2011/03/20

ComboFix 11-03-19.04 - Kelly 03/20/2011 21:01:46.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4057.2340 [GMT -4:00]
Running from: c:\users\Kelly\Desktop\ComboFix.exe
Command switches used :: c:\users\Kelly\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kelly\AppData\Roaming\FrostWire
c:\users\Kelly\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.3.windows.exe
c:\users\Kelly\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.3.windows.exe.torrent
c:\users\Kelly\AppData\Roaming\FrostWire\.AppSpecialShare\hostiles.txt.27.zip
c:\users\Kelly\AppData\Roaming\FrostWire\.AppSpecialShare\hostiles.txt.27.zip.torrent
c:\users\Kelly\AppData\Roaming\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\.certs
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\.keystore
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\.lock
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\active\43378CC08A31934FECB1C93EEAA2953979FFB384.dat
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\active\43378CC08A31934FECB1C93EEAA2953979FFB384.dat.bak
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\active\8189409705391A6D78A28DA381B60E1D4ED5E874.dat
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\active\8189409705391A6D78A28DA381B60E1D4ED5E874.dat.bak
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\azureus.config
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\azureus.config.bak
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\azureus.statistics
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\azureus.statistics.bak
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\dht\addresses.dat
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\dht\contacts.dat
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\dht\diverse.dat
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\dht\general.dat
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\dht\version.dat
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\downloads.config
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\downloads.config.bak
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\ipfilter.cache
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\logs\debug_1.log
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\logs\save\1299948811214_debug_1.log
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\logs\save\1300130279729_debug_1.log
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\logs\save\1300291063096_debug_1.log
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\net\pm_19262.dat
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\net\pm_default.dat
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\tmp\AZU6186505897500286931.tmp
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\tmp\AZU7741195448376182558.tmp
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\torrents\frostwire-4.21.3.windows.exe.torrent
c:\users\Kelly\AppData\Roaming\FrostWire\azureus\torrents\hostiles.txt.27.zip.torrent
c:\users\Kelly\AppData\Roaming\FrostWire\createtimes.cache
c:\users\Kelly\AppData\Roaming\FrostWire\downloads.dat
c:\users\Kelly\AppData\Roaming\FrostWire\fileurns.bak
c:\users\Kelly\AppData\Roaming\FrostWire\fileurns.cache
c:\users\Kelly\AppData\Roaming\FrostWire\filters.props
c:\users\Kelly\AppData\Roaming\FrostWire\frostwire.props
c:\users\Kelly\AppData\Roaming\FrostWire\gnutella.net
c:\users\Kelly\AppData\Roaming\FrostWire\hostiles.dat
c:\users\Kelly\AppData\Roaming\FrostWire\hostiles.txt
c:\users\Kelly\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\banners\220x500frostwire_tshirt_blue_pink1.jpg
c:\users\Kelly\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\banners\220x500frostwire_tshirt_blue_pink2.jpg
c:\users\Kelly\AppData\Roaming\FrostWire\installation.props
c:\users\Kelly\AppData\Roaming\FrostWire\installer.dat
c:\users\Kelly\AppData\Roaming\FrostWire\intent.props
c:\users\Kelly\AppData\Roaming\FrostWire\library.dat
c:\users\Kelly\AppData\Roaming\FrostWire\mojito.props
c:\users\Kelly\AppData\Roaming\FrostWire\overlays.dat
c:\users\Kelly\AppData\Roaming\FrostWire\overlays\default_now_on_android.png
c:\users\Kelly\AppData\Roaming\FrostWire\overlays\frostclick_default_overlay.jpg
c:\users\Kelly\AppData\Roaming\FrostWire\questions.props
c:\users\Kelly\AppData\Roaming\FrostWire\responses.cache
c:\users\Kelly\AppData\Roaming\FrostWire\seenMessages.dat
c:\users\Kelly\AppData\Roaming\FrostWire\spam.dat
c:\users\Kelly\AppData\Roaming\FrostWire\tables.props
c:\users\Kelly\AppData\Roaming\FrostWire\themes\frostwirePro_theme.fwtp
c:\users\Kelly\AppData\Roaming\FrostWire\themes\frostwirePro_theme\theme.txt
c:\users\Kelly\AppData\Roaming\FrostWire\themes\frostwirePro_theme\version.txt
c:\users\Kelly\AppData\Roaming\FrostWire\version.xml
c:\users\Kelly\AppData\Roaming\FrostWire\xml\data\audio.sxml2
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_8683d52d1ee055aa\wuauclt.exe --> c:\windows\system32\wuauclt.exe
.
((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 )))))))))))))))))))))))))))))))
.
.
2011-03-21 01:05 . 2011-03-21 01:05 -------- d-----w- c:\users\Kelly\AppData\Local\temp
2011-03-21 01:05 . 2011-03-21 01:05 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-03-21 01:05 . 2011-03-21 01:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-21 01:01 . 2008-10-16 21:09 54296 ----a-w- c:\windows\system32\wuauclt.exe
2011-03-21 00:29 . 2011-02-23 14:34 7947600 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB8F98E8-D406-4F2D-AD8B-0CF8355782EC}\mpengine.dll
2011-03-18 01:14 . 2011-03-18 05:01 -------- d-----w- c:\program files (x86)\Windows Live Safety Center
2011-03-17 00:03 . 2010-11-30 14:43 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8390D992-F9B4-492B-9814-097640D2ACAC}\gapaengine.dll
2011-03-16 23:58 . 2011-03-16 23:58 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-03-16 23:58 . 2011-03-16 23:59 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-16 15:51 . 2011-03-16 15:51 -------- d-----w- c:\program files\iPod
2011-03-16 15:51 . 2011-03-16 15:51 -------- d-----w- c:\program files\iTunes
2011-03-16 14:24 . 2011-03-16 14:24 -------- d-----w- C:\found.000
2011-03-12 16:46 . 2011-02-23 14:34 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A63CF4B2-D994-4EE4-B3B5-C6639AECC298}\mpengine.dll
2011-03-12 15:21 . 2011-03-12 15:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-12 04:59 . 2011-03-12 04:59 -------- d-----w- c:\program files (x86)\ToggleEN
2011-03-12 04:58 . 2011-03-16 16:07 -------- d-----w- c:\program files (x86)\FrostWire
2011-03-08 23:20 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll
2011-03-08 23:20 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-08 23:20 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 23:20 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-08 23:20 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll
2011-03-08 23:20 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll
2011-03-08 23:20 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-03-08 23:20 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-08 23:20 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-08 23:20 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
2011-03-08 23:20 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-08 23:20 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-06 08:03 . 2011-03-06 08:03 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-03-03 03:55 . 2011-03-03 03:55 -------- d-----w- c:\program files (x86)\Motorola
2011-03-03 03:53 . 2011-03-03 03:53 -------- d-----w- c:\program files\Motorola Inc
2011-03-03 03:53 . 2011-03-03 03:53 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-02-21 16:45 . 2011-02-21 16:47 -------- d-----w- c:\program files (x86)\Bing Bar Installer
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 02:40 . 2010-11-19 01:49 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 22:11 . 2009-10-18 01:34 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:46 . 2011-02-09 17:42 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:17 . 2011-02-09 17:42 366592 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:17 . 2011-02-09 17:42 625152 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:16 . 2011-02-09 17:42 287232 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:16 . 2011-02-09 17:42 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:16 . 2011-02-09 17:42 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:16 . 2011-02-09 17:42 1268224 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:16 . 2011-02-09 17:42 748544 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:16 . 2011-02-09 17:42 47104 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:16 . 2011-02-09 17:42 3548672 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:16 . 2011-02-09 17:42 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:14 . 2011-02-09 17:42 278528 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:14 . 2011-02-09 17:42 195072 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:08 . 2011-02-09 17:42 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2011-01-20 16:08 . 2011-02-09 17:42 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 17:42 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 17:42 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2011-01-20 16:08 . 2011-02-09 17:42 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 17:42 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2011-01-20 16:07 . 2011-02-09 17:42 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2011-01-20 16:06 . 2011-02-09 17:42 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2011-01-20 16:04 . 2011-02-09 17:42 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2011-01-20 16:04 . 2011-02-09 17:42 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2011-01-20 15:01 . 2011-02-09 17:42 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 15:01 . 2011-02-09 17:42 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:59 . 2011-02-09 17:42 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:58 . 2011-02-09 17:42 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:57 . 2011-02-09 17:42 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:57 . 2011-02-09 17:42 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:42 . 2011-02-09 17:42 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:41 . 2011-02-09 17:42 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:40 . 2011-02-09 17:42 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:40 . 2011-02-09 17:42 34304 ----a-w- c:\windows\system32\mfpmp.exe
2011-01-20 14:40 . 2011-02-09 17:42 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:37 . 2011-02-09 17:42 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:35 . 2011-02-09 17:42 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 14:28 . 2011-02-09 17:42 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 17:42 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-20 14:25 . 2011-02-09 17:42 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 17:42 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 17:42 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 17:42 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 17:42 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 17:42 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 17:42 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 17:42 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 17:42 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2011-01-20 14:06 . 2011-02-09 17:42 834048 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 14:02 . 2011-02-09 17:42 1555968 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 14:02 . 2011-02-09 17:42 1147904 ----a-w- c:\windows\system32\FntCache.dll
2011-01-20 13:47 . 2011-02-09 17:42 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-01-20 13:44 . 2011-02-09 17:42 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-01-12 03:46 . 2009-12-03 00:54 275432 ----a-w- c:\windows\system32\drivers\fltMgr.sys
2011-01-08 09:03 . 2011-02-09 17:41 48128 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 08:47 . 2011-02-09 17:41 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-08 06:45 . 2011-02-09 17:41 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 06:28 . 2011-02-09 17:41 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-31 14:16 . 2011-02-09 17:43 2757632 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 16:08 . 2011-01-12 19:06 466944 ----a-w- c:\windows\system32\odbc32.dll
2010-12-28 15:55 . 2011-01-12 19:06 413696 ----a-w- c:\windows\SysWow64\odbc32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-21_00.26.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-31 01:34 . 2011-03-21 00:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-31 01:34 . 2011-03-20 23:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-20 23:29 . 2011-03-20 23:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-20 23:29 . 2011-03-21 00:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-31 07:35 . 2011-03-21 00:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-31 07:35 . 2011-03-20 23:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\ToggleEN\tbTogg.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D} "= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b} "= "c:\program files (x86)\ToggleEN\tbTogg.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager "= "c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"DellSupportCenter "= "c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\users\Kelly\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-3-3 2621952]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-04-29 91456]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;c:\windows\system32\DRIVERS\OA013Ufd.sys [x]
S3 OA013Vid;Creative Camera OA013 Function Driver;c:\windows\system32\DRIVERS\OA013Vid.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-21 c:\windows\Tasks\User_Feed_Synchronization-{3F7E7710-3F72-4622-8AFC-9E3A1933B054}.job
- c:\windows\system32\msfeedssync.exe [2011-03-17 01:28]
.
2011-03-21 c:\windows\Tasks\User_Feed_Synchronization-{9D4BAC18-BA84-4D07-B669-24BDF7179207}.job
- c:\windows\system32\msfeedssync.exe [2011-03-17 01:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "c:\program files\DellTPad\Apoint.exe" [2009-04-06 305664]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"SysTrayApp "= "%ProgramFiles%\IDT\WDM\sttray64.exe" [BU]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@= "Shockwave Flash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=" "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@= "FlashBroker "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue "=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue "=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-03-20 21:07:42
ComboFix-quarantined-files.txt 2011-03-21 01:07
ComboFix2.txt 2011-03-21 00:28
.
Pre-Run: 388,509,212,672 bytes free
Post-Run: 387,431,276,544 bytes free
.
- - End Of File - - 863B9E5AEC4B37320CBB6D91F3DAEC97

broni · 2011/03/20

Can you check, if you still have issue with Windows updates?

jamo1133 · 2011/03/20

Automatic updating is turned on, but when I "check for updates" nothing happens

broni · 2011/03/20

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

jamo1133 · 2011/03/20

something is being blocked when I click on TDSSKiller, can't figure it out

broni · 2011/03/20

When you try to download, or run it?
What does exactly happen?

jamo1133 · 2011/03/20

I should probaby be more specific, I can't download the program

broni · 2011/03/20

Uploaded it for you here: http://www.filedropper.com/tdsskiller_1

jamo1133 · 2011/03/20

2011/03/20 21:47:56.0741 1632 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/20 21:47:56.0819 1632 ================================================================================
2011/03/20 21:47:56.0819 1632 SystemInfo:
2011/03/20 21:47:56.0819 1632
2011/03/20 21:47:56.0819 1632 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/20 21:47:56.0819 1632 Product type: Workstation
2011/03/20 21:47:56.0819 1632 ComputerName: KELLY-PC
2011/03/20 21:47:56.0819 1632 UserName: Kelly
2011/03/20 21:47:56.0819 1632 Windows directory: C:\Windows
2011/03/20 21:47:56.0819 1632 System windows directory: C:\Windows
2011/03/20 21:47:56.0819 1632 Running under WOW64
2011/03/20 21:47:56.0819 1632 Processor architecture: Intel x64
2011/03/20 21:47:56.0819 1632 Number of processors: 2
2011/03/20 21:47:56.0819 1632 Page size: 0x1000
2011/03/20 21:47:56.0819 1632 Boot type: Normal boot
2011/03/20 21:47:56.0819 1632 ================================================================================
2011/03/20 21:47:57.0163 1632 Initialize success
2011/03/20 21:48:09.0424 3524 ================================================================================
2011/03/20 21:48:09.0424 3524 Scan started
2011/03/20 21:48:09.0424 3524 Mode: Manual;
2011/03/20 21:48:09.0424 3524 ================================================================================
2011/03/20 21:48:09.0783 3524 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/03/20 21:48:09.0845 3524 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/03/20 21:48:09.0955 3524 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/03/20 21:48:10.0017 3524 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/03/20 21:48:10.0157 3524 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/03/20 21:48:10.0267 3524 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/03/20 21:48:10.0329 3524 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/03/20 21:48:10.0376 3524 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/03/20 21:48:10.0438 3524 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2011/03/20 21:48:10.0516 3524 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/03/20 21:48:10.0547 3524 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/03/20 21:48:10.0594 3524 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/03/20 21:48:10.0719 3524 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/03/20 21:48:10.0781 3524 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/03/20 21:48:10.0844 3524 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/20 21:48:10.0875 3524 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
2011/03/20 21:48:11.0031 3524 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
2011/03/20 21:48:11.0125 3524 BCM43XX (d32f962b71fee6bdaaee630bb2c17280) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/03/20 21:48:11.0374 3524 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/03/20 21:48:11.0437 3524 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/20 21:48:11.0483 3524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/20 21:48:11.0515 3524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/03/20 21:48:11.0561 3524 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/03/20 21:48:11.0593 3524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/03/20 21:48:11.0624 3524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/20 21:48:11.0639 3524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/03/20 21:48:11.0702 3524 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/03/20 21:48:11.0764 3524 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/20 21:48:11.0811 3524 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/20 21:48:11.0873 3524 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/03/20 21:48:11.0936 3524 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/03/20 21:48:12.0076 3524 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/20 21:48:12.0123 3524 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/03/20 21:48:12.0170 3524 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/20 21:48:12.0201 3524 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/03/20 21:48:12.0295 3524 CtClsFlt (fc1f55ba03832fbb0daf965f746c47bb) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/03/20 21:48:12.0388 3524 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/03/20 21:48:12.0529 3524 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/03/20 21:48:12.0622 3524 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/03/20 21:48:12.0700 3524 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/20 21:48:12.0809 3524 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
2011/03/20 21:48:12.0856 3524 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/03/20 21:48:12.0934 3524 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/03/20 21:48:13.0028 3524 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/03/20 21:48:13.0090 3524 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
2011/03/20 21:48:13.0168 3524 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/03/20 21:48:13.0231 3524 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/03/20 21:48:13.0262 3524 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/20 21:48:13.0324 3524 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/03/20 21:48:13.0355 3524 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/03/20 21:48:13.0402 3524 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/20 21:48:13.0433 3524 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/03/20 21:48:13.0511 3524 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/20 21:48:13.0558 3524 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/20 21:48:13.0605 3524 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/20 21:48:13.0699 3524 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/20 21:48:13.0777 3524 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/03/20 21:48:13.0808 3524 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/03/20 21:48:13.0855 3524 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/20 21:48:13.0917 3524 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/03/20 21:48:13.0979 3524 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/03/20 21:48:14.0042 3524 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/03/20 21:48:14.0089 3524 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/20 21:48:14.0151 3524 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\drivers\iastor.sys
2011/03/20 21:48:14.0213 3524 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/03/20 21:48:14.0541 3524 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/03/20 21:48:14.0853 3524 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/03/20 21:48:14.0915 3524 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/03/20 21:48:14.0962 3524 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/20 21:48:15.0009 3524 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/20 21:48:15.0103 3524 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/20 21:48:15.0165 3524 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/20 21:48:15.0196 3524 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/03/20 21:48:15.0259 3524 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/03/20 21:48:15.0305 3524 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/20 21:48:15.0352 3524 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/03/20 21:48:15.0399 3524 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/03/20 21:48:15.0430 3524 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/20 21:48:15.0477 3524 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/20 21:48:15.0539 3524 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/20 21:48:15.0586 3524 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/03/20 21:48:15.0633 3524 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/20 21:48:15.0680 3524 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/20 21:48:15.0711 3524 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/20 21:48:15.0758 3524 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/20 21:48:15.0789 3524 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/03/20 21:48:15.0851 3524 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/03/20 21:48:15.0898 3524 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/03/20 21:48:15.0945 3524 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/03/20 21:48:15.0976 3524 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/20 21:48:16.0023 3524 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
2011/03/20 21:48:16.0054 3524 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/20 21:48:16.0085 3524 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/20 21:48:16.0117 3524 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/03/20 21:48:16.0163 3524 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/03/20 21:48:16.0226 3524 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/03/20 21:48:16.0257 3524 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/03/20 21:48:16.0304 3524 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/20 21:48:16.0351 3524 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/20 21:48:16.0397 3524 MRxDAV (0bc481e4396997c78bf7c52c450aecfd) C:\Windows\system32\drivers\mrxdav.sys
2011/03/20 21:48:16.0491 3524 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/20 21:48:16.0538 3524 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/20 21:48:16.0585 3524 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/20 21:48:16.0616 3524 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
2011/03/20 21:48:16.0647 3524 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/03/20 21:48:16.0709 3524 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/03/20 21:48:16.0756 3524 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/03/20 21:48:16.0787 3524 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/20 21:48:16.0834 3524 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/20 21:48:16.0881 3524 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/03/20 21:48:16.0928 3524 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/03/20 21:48:16.0975 3524 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/20 21:48:17.0006 3524 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/03/20 21:48:17.0053 3524 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/03/20 21:48:17.0115 3524 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/20 21:48:17.0177 3524 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/03/20 21:48:17.0240 3524 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/20 21:48:17.0302 3524 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/20 21:48:17.0333 3524 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/20 21:48:17.0365 3524 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/03/20 21:48:17.0380 3524 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/20 21:48:17.0443 3524 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/20 21:48:17.0521 3524 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/03/20 21:48:17.0567 3524 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/03/20 21:48:17.0614 3524 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/03/20 21:48:17.0645 3524 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/20 21:48:17.0723 3524 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/03/20 21:48:17.0817 3524 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/03/20 21:48:17.0848 3524 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/03/20 21:48:17.0879 3524 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/03/20 21:48:17.0911 3524 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/03/20 21:48:18.0004 3524 OA013Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA013Ufd.sys
2011/03/20 21:48:18.0035 3524 OA013Vid (650bcc8ff8ed939f3f79d1e8a1cf0595) C:\Windows\system32\DRIVERS\OA013Vid.sys
2011/03/20 21:48:18.0160 3524 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2011/03/20 21:48:18.0238 3524 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/03/20 21:48:18.0285 3524 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/03/20 21:48:18.0363 3524 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/03/20 21:48:18.0394 3524 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/03/20 21:48:18.0425 3524 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/03/20 21:48:18.0488 3524 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/03/20 21:48:18.0628 3524 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/20 21:48:18.0659 3524 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/03/20 21:48:18.0722 3524 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/20 21:48:18.0784 3524 PSI (3c726075a01c05b2d35c7334fb638be3) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/03/20 21:48:18.0847 3524 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/03/20 21:48:18.0909 3524 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/03/20 21:48:18.0971 3524 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/03/20 21:48:19.0018 3524 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/20 21:48:19.0159 3524 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/20 21:48:19.0221 3524 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/20 21:48:19.0268 3524 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/20 21:48:19.0455 3524 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/20 21:48:19.0502 3524 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/20 21:48:19.0549 3524 rdbss (4cf4588cb13dc0b430427958c973c3bc) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/20 21:48:19.0595 3524 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/20 21:48:19.0642 3524 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/03/20 21:48:19.0658 3524 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/20 21:48:19.0736 3524 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/03/20 21:48:19.0814 3524 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/20 21:48:19.0892 3524 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/03/20 21:48:19.0954 3524 RTSTOR (39e74e264338934dbf11f8db79a3e116) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/03/20 21:48:20.0017 3524 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/03/20 21:48:20.0095 3524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/20 21:48:20.0141 3524 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/03/20 21:48:20.0188 3524 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/03/20 21:48:20.0204 3524 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/03/20 21:48:20.0266 3524 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/03/20 21:48:20.0297 3524 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/20 21:48:20.0313 3524 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/20 21:48:20.0360 3524 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/03/20 21:48:20.0422 3524 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/03/20 21:48:20.0438 3524 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/03/20 21:48:20.0500 3524 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/03/20 21:48:20.0563 3524 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/03/20 21:48:20.0625 3524 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2011/03/20 21:48:20.0672 3524 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/20 21:48:20.0703 3524 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/20 21:48:20.0843 3524 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/03/20 21:48:20.0937 3524 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/20 21:48:20.0984 3524 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/03/20 21:48:21.0046 3524 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/03/20 21:48:21.0109 3524 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/03/20 21:48:21.0218 3524 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/03/20 21:48:21.0327 3524 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/20 21:48:21.0405 3524 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/20 21:48:21.0467 3524 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/03/20 21:48:21.0499 3524 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/03/20 21:48:21.0561 3524 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/20 21:48:21.0592 3524 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/20 21:48:21.0701 3524 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/20 21:48:21.0733 3524 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/20 21:48:21.0779 3524 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/20 21:48:21.0811 3524 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/03/20 21:48:21.0857 3524 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/20 21:48:21.0920 3524 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/20 21:48:21.0967 3524 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/03/20 21:48:21.0998 3524 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/03/20 21:48:22.0045 3524 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/03/20 21:48:22.0076 3524 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/20 21:48:22.0123 3524 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
2011/03/20 21:48:22.0201 3524 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/20 21:48:22.0232 3524 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/03/20 21:48:22.0279 3524 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/20 21:48:22.0325 3524 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/20 21:48:22.0357 3524 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/03/20 21:48:22.0372 3524 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2011/03/20 21:48:22.0419 3524 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/20 21:48:22.0466 3524 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/20 21:48:22.0528 3524 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/20 21:48:22.0606 3524 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/20 21:48:22.0637 3524 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/03/20 21:48:22.0669 3524 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/03/20 21:48:22.0700 3524 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/03/20 21:48:22.0762 3524 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/03/20 21:48:22.0793 3524 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/03/20 21:48:22.0840 3524 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/03/20 21:48:22.0903 3524 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/03/20 21:48:22.0965 3524 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/20 21:48:22.0981 3524 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/20 21:48:23.0027 3524 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/03/20 21:48:23.0090 3524 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/20 21:48:23.0277 3524 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/20 21:48:23.0339 3524 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/20 21:48:23.0371 3524 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/20 21:48:23.0433 3524 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/20 21:48:23.0511 3524 ================================================================================
2011/03/20 21:48:23.0511 3524 Scan finished
2011/03/20 21:48:23.0511 3524 ================================================================================

jamo1133 · 2011/03/20

Windows Security Alert just popped up - Automatic updating is turned off again, I'm calling it a night, I willl check back in tomorrow pm. Thanks for you help so far.

broni · 2011/03/20

It's clean.

Previously, you said:

Automatic update is turned off and I am unable to turn it on
Click to expand...

That seems to be fixed, correct?

================================================================

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

jamo1133 · 2011/03/21

I am still having trouble turning automatic updates on, it's on when the computer starts but eventually I get the security warning that it is off. Here are the logs you requested (in two posts)

OTL logfile created on: 3/21/2011 5:39:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kelly\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 360.46 Gb Free Space | 79.91% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.78 Gb Free Space | 46.28% Space Free | Partition Type: NTFS

Computer Name: KELLY-PC | User Name: Kelly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/21 17:30:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kelly\Desktop\OTL.exe
PRC - [2011/03/16 10:40:52 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
PRC - [2011/03/03 20:26:06 | 002,621,952 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

========== Modules (SafeList) ==========

MOD - [2011/03/21 17:30:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kelly\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/16 01:32:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/04/06 14:03:00 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/04/06 14:02:30 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/21 14:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/04/29 12:30:44 | 000,091,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/31 03:08:06 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/23 10:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/05/28 07:04:52 | 000,017,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/01/25 20:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/06 14:47:28 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2009/04/06 14:25:22 | 000,069,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2009/04/06 14:18:52 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/06 14:03:18 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/09 18:00:00 | 000,311,456 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA013Vid.sys -- (OA013Vid)
DRV:64bit: - [2009/03/06 08:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA013Ufd.sys -- (OA013Ufd)
DRV:64bit: - [2008/12/30 22:00:22 | 000,172,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/12/21 14:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/16 13:22:04 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1807438966-11834772-2809961464-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1807438966-11834772-2809961464-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search "
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20101030191112771&tb_oid=31-10-2010&tb_mrud=31-10-2010 "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=ZUGO&form=ZGAPHP "
FF - prefs.js..extensions.enabledItems: ga-IE@dictionaries.addons.mozilla.org:4.5
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6102
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c2760d7&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= "

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/18 22:33:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/02/21 12:47:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/21 12:47:38 | 000,000,000 | ---D | M]

[2010/01/23 17:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Extensions
[2010/01/23 17:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/02/15 14:44:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\63aw7k6e.default\extensions
[2010/06/27 21:43:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\63aw7k6e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/15 14:44:08 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\63aw7k6e.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/10/30 15:11:22 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\63aw7k6e.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/02/15 14:44:08 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\63aw7k6e.default\extensions\engine@conduit.com
[2010/08/18 13:09:12 | 000,000,000 | ---D | M] (Litreoir GaelSpell do Mhozilla) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\63aw7k6e.default\extensions\ga-IE@dictionaries.addons.mozilla.org
[2011/02/01 01:05:06 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\63aw7k6e.default\extensions\searchtoolbar@zugo.com
[2010/10/30 15:11:04 | 000,001,490 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\63aw7k6e.default\searchplugins\AOL Search.xml
[2011/02/01 01:05:07 | 000,001,919 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\63aw7k6e.default\searchplugins\bing-zugo.xml
[2011/02/15 20:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/18 21:49:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/23 18:07:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2010/11/18 22:33:47 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/30 15:11:04 | 000,001,490 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2011/03/20 21:05:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1807438966-11834772-2809961464-1000\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1807438966-11834772-2809961464-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1807438966-11834772-2809961464-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Users\Kelly\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O4 - Startup: C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1807438966-11834772-2809961464-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1807438966-11834772-2809961464-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1807438966-11834772-2809961464-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1807438966-11834772-2809961464-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1807438966-11834772-2809961464-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1807438966-11834772-2809961464-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1807438966-11834772-2809961464-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1807438966-11834772-2809961464-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Kelly\Pictures\2010-06-13 phone pics 2010\phone pics 2010 051.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kelly\Pictures\2010-06-13 phone pics 2010\phone pics 2010 051.jpg
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/21 17:30:50 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Kelly\Desktop\OTL.exe
[2011/03/20 21:49:51 | 000,000,000 | ---D | C] -- C:\Users\Kelly\Desktop\Scans
[2011/03/20 21:18:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/20 21:07:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/20 21:07:44 | 000,000,000 | ---D | C] -- C:\Users\Kelly\AppData\Local\temp
[2011/03/20 21:00:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/20 20:18:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/20 20:18:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/20 20:18:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/20 20:18:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/20 20:18:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/17 21:14:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2011/03/16 21:21:01 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/03/16 19:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/03/16 19:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/03/16 11:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/16 11:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/16 11:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/16 10:24:54 | 000,000,000 | ---D | C] -- C:\found.000
[2011/03/12 11:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/03/12 00:59:32 | 000,000,000 | ---D | C] -- C:\Users\Kelly\Documents\FrostWire
[2011/03/12 00:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ToggleEN
[2011/03/12 00:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire
[2011/03/06 04:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/03/02 23:55:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2011/03/02 23:55:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2011/03/02 23:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2011/03/02 23:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2011/03/02 23:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Driver Installer
[2011/02/21 12:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010/01/25 12:55:46 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Kelly\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2011/03/21 17:45:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9D4BAC18-BA84-4D07-B669-24BDF7179207}.job
[2011/03/21 17:45:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3F7E7710-3F72-4622-8AFC-9E3A1933B054}.job
[2011/03/21 17:30:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kelly\Desktop\OTL.exe
[2011/03/21 17:21:20 | 000,724,954 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/21 17:21:20 | 000,619,802 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/21 17:21:20 | 000,109,772 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/21 17:14:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/21 17:14:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/21 17:13:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/21 17:13:44 | 4255,502,336 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/20 21:05:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/03/20 20:13:46 | 004,297,576 | R--- | M] () -- C:\Users\Kelly\Desktop\ComboFix.exe
[2011/03/19 22:39:00 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/19 22:32:51 | 000,001,112 | ---- | M] () -- C:\Users\Kelly\Desktop\CNET TechTracker.lnk
[2011/03/19 22:32:51 | 000,001,092 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
[2011/03/19 22:16:46 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Fix*it Center.lnk
[2011/03/19 16:58:11 | 507,749,073 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/16 21:33:29 | 000,000,975 | ---- | M] () -- C:\Users\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/16 21:29:10 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2011/03/16 21:29:10 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2011/03/16 21:29:10 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2011/03/16 21:29:10 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2011/03/16 21:28:53 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/03/16 21:28:48 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/03/16 20:00:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/03/16 19:58:50 | 000,739,958 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/16 19:35:27 | 000,000,000 | ---- | M] () -- C:\Users\Kelly\AppData\Local\prvlcl.dat
[2011/03/16 11:51:57 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/12 13:23:45 | 000,021,504 | ---- | M] () -- C:\Users\Kelly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/12 12:30:01 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/02 23:54:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf

========== Files Created - No Company Name ==========

[2011/03/20 20:18:43 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/20 20:18:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/20 20:18:43 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/20 20:18:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/20 20:18:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/20 20:13:45 | 004,297,576 | R--- | C] () -- C:\Users\Kelly\Desktop\ComboFix.exe
[2011/03/19 22:32:51 | 000,001,092 | ---- | C] () -- C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
[2011/03/19 19:28:45 | 4255,502,336 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/19 16:58:11 | 507,749,073 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/03/16 21:28:53 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/03/16 21:28:48 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/03/16 19:58:50 | 000,739,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/16 19:58:43 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/03/16 19:52:00 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/03/16 11:51:57 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/02 23:54:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2010/09/01 09:37:21 | 000,000,000 | ---- | C] () -- C:\Users\Kelly\AppData\Local\prvlcl.dat
[2010/08/07 17:30:29 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/21 18:14:56 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/04/21 18:14:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/04/21 18:14:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/04/21 17:22:50 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/04/21 17:22:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/12/02 20:54:32 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/02 20:54:01 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/02 20:53:36 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/12 11:41:47 | 000,000,414 | ---- | C] () -- C:\Users\Kelly\AppData\Roaming\wklnhst.dat
[2009/09/11 21:52:40 | 000,001,356 | ---- | C] () -- C:\Users\Kelly\AppData\Local\d3d9caps.dat
[2009/09/10 17:42:07 | 000,021,504 | ---- | C] () -- C:\Users\Kelly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 05:04:18 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/08/31 03:23:08 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/04/24 23:58:05 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2010/11/19 21:46:36 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG10
[2010/06/13 17:59:58 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG9
[2010/11/27 11:49:47 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\AVG
[2010/11/18 21:43:14 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\AVG10
[2010/05/27 22:52:50 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\AVG9
[2011/03/16 20:14:24 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\BitTorrent
[2010/11/18 22:28:30 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\CBS Interactive
[2009/10/12 11:42:55 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Template
[2011/03/21 17:13:07 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/21 17:45:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3F7E7710-3F72-4622-8AFC-9E3A1933B054}.job
[2011/03/21 17:45:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9D4BAC18-BA84-4D07-B669-24BDF7179207}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/04 23:51:14 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2011/03/20 21:07:42 | 000,026,285 | ---- | M] () -- C:\ComboFix.txt
[2009/08/31 05:26:16 | 000,003,636 | RH-- | M] () -- C:\dell.sdr
[2011/03/21 17:13:44 | 4255,502,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/30 15:11:08 | 000,000,697 | -H-- | M] () -- C:\IPH.PH
[2010/05/25 20:22:24 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2009/09/09 17:34:28 | 000,000,865 | ---- | M] () -- C:\net_save.dna
[2011/03/21 17:13:42 | 274,145,279 | -HS- | M] () -- C:\pagefile.sys
[2011/03/20 20:39:15 | 000,000,437 | ---- | M] () -- C:\rkill.log
[2011/03/20 21:49:43 | 000,058,050 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_20.03.2011_21.47.56_log.txt
[2009/11/01 19:49:14 | 000,000,030 | ---- | M] () -- C:\wizard.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/12/03 21:21:08 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/05/25 22:03:03 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/03/16 21:33:29 | 000,000,286 | -HS- | M] () -- C:\Users\Kelly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/03/20 20:13:46 | 004,297,576 | R--- | M] () -- C:\Users\Kelly\Desktop\ComboFix.exe
[2011/03/21 17:30:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kelly\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2010/10/20 23:23:26 | 000,000,698 | ---- | M] () -- C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/09/09 17:26:07 | 000,000,402 | -HS- | M] () -- C:\Users\Kelly\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/08/08 18:18:43 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Log in or Sign up

Solved Can't turn on Windows Automatic Updates

jamo1133 Inactive Thread Starter

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Can't turn on Windows Automatic Updates

jamo1133 Inactive Thread Starter

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

jamo1133 Inactive Thread Starter

broni Moderator Malware Analyst

jamo1133 Inactive Thread Starter

Share This Page

Useful Searches