Jump to content

Recommended Posts

:welcome:

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

2011/03/15 12:18:42.0891 20672 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/15 12:18:43.0281 20672 ================================================================================

2011/03/15 12:18:43.0281 20672 SystemInfo:

2011/03/15 12:18:43.0281 20672

2011/03/15 12:18:43.0281 20672 OS Version: 6.0.6002 ServicePack: 2.0

2011/03/15 12:18:43.0281 20672 Product type: Workstation

2011/03/15 12:18:43.0281 20672 ComputerName: JULIE-PC

2011/03/15 12:18:43.0281 20672 UserName: Julie

2011/03/15 12:18:43.0281 20672 Windows directory: C:\Windows

2011/03/15 12:18:43.0281 20672 System windows directory: C:\Windows

2011/03/15 12:18:43.0281 20672 Processor architecture: Intel x86

2011/03/15 12:18:43.0281 20672 Number of processors: 2

2011/03/15 12:18:43.0281 20672 Page size: 0x1000

2011/03/15 12:18:43.0281 20672 Boot type: Normal boot

2011/03/15 12:18:43.0281 20672 ================================================================================

2011/03/15 12:18:45.0266 20672 Initialize success

2011/03/15 12:18:57.0734 2512 ================================================================================

2011/03/15 12:18:57.0734 2512 Scan started

2011/03/15 12:18:57.0734 2512 Mode: Manual;

2011/03/15 12:18:57.0734 2512 ================================================================================

2011/03/15 12:18:58.0609 2512 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2011/03/15 12:18:58.0719 2512 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/03/15 12:18:58.0781 2512 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/03/15 12:18:58.0906 2512 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/03/15 12:18:58.0953 2512 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/03/15 12:18:59.0109 2512 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2011/03/15 12:18:59.0266 2512 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

2011/03/15 12:18:59.0328 2512 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/03/15 12:18:59.0375 2512 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys

2011/03/15 12:18:59.0406 2512 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

2011/03/15 12:18:59.0578 2512 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys

2011/03/15 12:18:59.0641 2512 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/03/15 12:18:59.0781 2512 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

2011/03/15 12:18:59.0844 2512 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/03/15 12:18:59.0906 2512 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/03/15 12:19:00.0047 2512 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/03/15 12:19:00.0109 2512 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2011/03/15 12:19:00.0250 2512 AtiPcie (a356e45e8432432c06981ea63a1e0fe8) C:\Windows\system32\DRIVERS\AtiPcie.sys

2011/03/15 12:19:00.0422 2512 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys

2011/03/15 12:19:00.0484 2512 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys

2011/03/15 12:19:00.0609 2512 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/03/15 12:19:00.0812 2512 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2011/03/15 12:19:00.0875 2512 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/03/15 12:19:00.0906 2512 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/03/15 12:19:00.0969 2512 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/03/15 12:19:01.0062 2512 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/03/15 12:19:01.0109 2512 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/03/15 12:19:01.0125 2512 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/03/15 12:19:01.0172 2512 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/03/15 12:19:01.0266 2512 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/03/15 12:19:01.0328 2512 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2011/03/15 12:19:01.0437 2512 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/03/15 12:19:01.0516 2512 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2011/03/15 12:19:01.0625 2512 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/03/15 12:19:01.0766 2512 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys

2011/03/15 12:19:01.0844 2512 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/03/15 12:19:01.0875 2512 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/03/15 12:19:01.0906 2512 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/03/15 12:19:02.0000 2512 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2011/03/15 12:19:02.0203 2512 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2011/03/15 12:19:02.0312 2512 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS

2011/03/15 12:19:02.0359 2512 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS

2011/03/15 12:19:02.0422 2512 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS

2011/03/15 12:19:02.0578 2512 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS

2011/03/15 12:19:02.0656 2512 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS

2011/03/15 12:19:02.0750 2512 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS

2011/03/15 12:19:02.0797 2512 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS

2011/03/15 12:19:02.0859 2512 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS

2011/03/15 12:19:02.0984 2512 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS

2011/03/15 12:19:03.0016 2512 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS

2011/03/15 12:19:03.0125 2512 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/03/15 12:19:03.0156 2512 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS

2011/03/15 12:19:03.0234 2512 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS

2011/03/15 12:19:03.0359 2512 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

2011/03/15 12:19:03.0406 2512 dsunidrv (64fa28c15dd71a80bef3527e1ef07df6) C:\Program Files\DellSupport\Drivers\dsunidrv.sys

2011/03/15 12:19:03.0719 2512 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

2011/03/15 12:19:03.0828 2512 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys

2011/03/15 12:19:03.0953 2512 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/03/15 12:19:04.0031 2512 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2011/03/15 12:19:04.0125 2512 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/03/15 12:19:04.0344 2512 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2011/03/15 12:19:04.0422 2512 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2011/03/15 12:19:04.0500 2512 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/03/15 12:19:04.0734 2512 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/03/15 12:19:04.0859 2512 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/03/15 12:19:04.0906 2512 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/03/15 12:19:04.0969 2512 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2011/03/15 12:19:05.0141 2512 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/03/15 12:19:05.0219 2512 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/03/15 12:19:05.0297 2512 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/03/15 12:19:05.0375 2512 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/03/15 12:19:05.0516 2512 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/03/15 12:19:05.0562 2512 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/03/15 12:19:05.0609 2512 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2011/03/15 12:19:05.0719 2512 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/03/15 12:19:05.0906 2512 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2011/03/15 12:19:05.0969 2512 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2011/03/15 12:19:06.0047 2512 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2011/03/15 12:19:06.0187 2512 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/03/15 12:19:06.0266 2512 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/03/15 12:19:06.0328 2512 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/03/15 12:19:06.0375 2512 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/03/15 12:19:06.0422 2512 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys

2011/03/15 12:19:06.0547 2512 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2011/03/15 12:19:06.0656 2512 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/03/15 12:19:06.0734 2512 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/03/15 12:19:06.0797 2512 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/03/15 12:19:06.0875 2512 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/03/15 12:19:07.0000 2512 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

2011/03/15 12:19:07.0062 2512 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/03/15 12:19:07.0094 2512 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/03/15 12:19:07.0141 2512 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/03/15 12:19:07.0219 2512 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/03/15 12:19:07.0359 2512 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/03/15 12:19:07.0531 2512 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2011/03/15 12:19:07.0641 2512 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/03/15 12:19:07.0781 2512 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/03/15 12:19:07.0812 2512 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/03/15 12:19:07.0844 2512 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/03/15 12:19:07.0906 2512 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/03/15 12:19:07.0984 2512 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\Windows\system32\DRIVERS\mdc8021x.sys

2011/03/15 12:19:08.0266 2512 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/03/15 12:19:08.0344 2512 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/03/15 12:19:08.0422 2512 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/03/15 12:19:08.0500 2512 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/03/15 12:19:08.0641 2512 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/03/15 12:19:08.0687 2512 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/03/15 12:19:08.0781 2512 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/03/15 12:19:08.0844 2512 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys

2011/03/15 12:19:08.0906 2512 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/03/15 12:19:09.0047 2512 MpKsld9f92416 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BABC6A54-2E61-431C-B48A-9E538F20D414}\MpKsld9f92416.sys

2011/03/15 12:19:09.0234 2512 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys

2011/03/15 12:19:09.0281 2512 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/03/15 12:19:09.0344 2512 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/03/15 12:19:09.0406 2512 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2011/03/15 12:19:09.0469 2512 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/03/15 12:19:09.0594 2512 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/03/15 12:19:09.0641 2512 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/03/15 12:19:09.0687 2512 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys

2011/03/15 12:19:09.0719 2512 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/03/15 12:19:09.0812 2512 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/03/15 12:19:09.0969 2512 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/03/15 12:19:10.0094 2512 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/03/15 12:19:10.0187 2512 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/03/15 12:19:10.0250 2512 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/03/15 12:19:10.0375 2512 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2011/03/15 12:19:10.0453 2512 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/03/15 12:19:10.0484 2512 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/03/15 12:19:10.0547 2512 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2011/03/15 12:19:10.0625 2512 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2011/03/15 12:19:10.0781 2512 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2011/03/15 12:19:10.0859 2512 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/03/15 12:19:10.0922 2512 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/03/15 12:19:10.0984 2512 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/03/15 12:19:11.0094 2512 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/03/15 12:19:11.0141 2512 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/03/15 12:19:11.0234 2512 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2011/03/15 12:19:11.0391 2512 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/03/15 12:19:11.0437 2512 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

2011/03/15 12:19:11.0562 2512 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2011/03/15 12:19:11.0625 2512 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/03/15 12:19:11.0750 2512 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2011/03/15 12:19:11.0875 2512 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/03/15 12:19:11.0953 2512 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/03/15 12:19:12.0000 2512 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/03/15 12:19:12.0062 2512 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/03/15 12:19:12.0109 2512 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

2011/03/15 12:19:12.0234 2512 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

2011/03/15 12:19:12.0328 2512 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/03/15 12:19:12.0437 2512 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2011/03/15 12:19:12.0500 2512 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/03/15 12:19:12.0609 2512 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2011/03/15 12:19:12.0641 2512 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

2011/03/15 12:19:12.0687 2512 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/03/15 12:19:12.0797 2512 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/03/15 12:19:13.0000 2512 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/03/15 12:19:13.0062 2512 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/03/15 12:19:13.0187 2512 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2011/03/15 12:19:13.0234 2512 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys

2011/03/15 12:19:13.0328 2512 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/03/15 12:19:13.0453 2512 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/03/15 12:19:13.0562 2512 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/03/15 12:19:13.0687 2512 R300 (554685122b4f973e21d66c2baaf29543) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/03/15 12:19:13.0844 2512 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/03/15 12:19:13.0953 2512 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/03/15 12:19:14.0016 2512 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/03/15 12:19:14.0078 2512 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2011/03/15 12:19:14.0141 2512 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2011/03/15 12:19:14.0281 2512 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/03/15 12:19:14.0406 2512 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys

2011/03/15 12:19:14.0437 2512 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/03/15 12:19:14.0484 2512 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2011/03/15 12:19:14.0562 2512 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys

2011/03/15 12:19:14.0594 2512 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\drivers\rimsptsk.sys

2011/03/15 12:19:14.0641 2512 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\drivers\rixdptsk.sys

2011/03/15 12:19:14.0734 2512 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/03/15 12:19:14.0828 2512 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/03/15 12:19:14.0937 2512 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

2011/03/15 12:19:15.0000 2512 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/03/15 12:19:15.0062 2512 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/03/15 12:19:15.0109 2512 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/03/15 12:19:15.0172 2512 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/03/15 12:19:15.0297 2512 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

2011/03/15 12:19:15.0344 2512 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2011/03/15 12:19:15.0391 2512 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

2011/03/15 12:19:15.0437 2512 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/03/15 12:19:15.0500 2512 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

2011/03/15 12:19:15.0547 2512 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/03/15 12:19:15.0594 2512 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/03/15 12:19:15.0687 2512 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2011/03/15 12:19:15.0797 2512 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/03/15 12:19:15.0906 2512 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys

2011/03/15 12:19:15.0953 2512 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys

2011/03/15 12:19:16.0000 2512 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys

2011/03/15 12:19:16.0156 2512 STHDA (ab2059ae6d9243c502c86824bc40439e) C:\Windows\system32\drivers\stwrt.sys

2011/03/15 12:19:16.0281 2512 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/03/15 12:19:16.0359 2512 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/03/15 12:19:16.0391 2512 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/03/15 12:19:16.0422 2512 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/03/15 12:19:16.0516 2512 SynTP (1f5192248a364d4ab68db063d18a2139) C:\Windows\system32\DRIVERS\SynTP.sys

2011/03/15 12:19:16.0672 2512 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys

2011/03/15 12:19:16.0812 2512 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys

2011/03/15 12:19:16.0859 2512 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys

2011/03/15 12:19:16.0937 2512 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/03/15 12:19:16.0984 2512 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/03/15 12:19:17.0047 2512 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2011/03/15 12:19:17.0109 2512 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2011/03/15 12:19:17.0219 2512 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/03/15 12:19:17.0328 2512 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/03/15 12:19:17.0406 2512 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2011/03/15 12:19:17.0453 2512 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/03/15 12:19:17.0531 2512 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2011/03/15 12:19:17.0594 2512 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

2011/03/15 12:19:17.0672 2512 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/03/15 12:19:17.0766 2512 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/03/15 12:19:17.0859 2512 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/03/15 12:19:17.0906 2512 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/03/15 12:19:18.0000 2512 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/03/15 12:19:18.0266 2512 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/03/15 12:19:18.0359 2512 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/03/15 12:19:18.0406 2512 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2011/03/15 12:19:18.0469 2512 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

2011/03/15 12:19:18.0531 2512 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/03/15 12:19:18.0656 2512 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2011/03/15 12:19:18.0781 2512 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/03/15 12:19:18.0844 2512 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/03/15 12:19:18.0906 2512 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/03/15 12:19:18.0969 2512 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/03/15 12:19:19.0016 2512 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

2011/03/15 12:19:19.0109 2512 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/03/15 12:19:19.0156 2512 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys

2011/03/15 12:19:19.0219 2512 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/03/15 12:19:19.0281 2512 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2011/03/15 12:19:19.0359 2512 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2011/03/15 12:19:19.0484 2512 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/03/15 12:19:19.0562 2512 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/03/15 12:19:19.0625 2512 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/03/15 12:19:19.0641 2512 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/03/15 12:19:19.0687 2512 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/03/15 12:19:19.0766 2512 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/03/15 12:19:19.0953 2512 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2011/03/15 12:19:20.0094 2512 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/03/15 12:19:20.0203 2512 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/03/15 12:19:20.0297 2512 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/03/15 12:19:20.0469 2512 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/03/15 12:19:20.0531 2512 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

2011/03/15 12:19:20.0594 2512 ================================================================================

2011/03/15 12:19:20.0609 2512 Scan finished

2011/03/15 12:19:20.0609 2512 ================================================================================

ATF gave me a message that it had freed 733.203 MBs.

GooredFix appeared to work fine.

TDSSKiller ran fine but did not find anything. I've included the report above.

Web browsing appears to work fine in IE and Firefox but still no search capability in either. I cannot go to www.google.com. I get a "cannot display" screen in IE and "connection has timed out" in Firefox. I get the same error messages when searching from an MSN.com or yahoo.com toolbar. The search bars do give suggestions as I'm entering.

Thanks much for your help!

Link to post
Share on other sites

Please download DDS by sUBs from one of the following links and save it to your desktop.

[*]Disable any script blocking protection (How to Disable your Security Programs)

[*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

[*]When done, DDS.txt will open.

[*]After a few moments, attach.txt will open in a second window.

[*]Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt report in your next reply

Link to post
Share on other sites

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAM.PNG
  • When the scan is complete, click OK, then Show Results to view the results.
  • mbam1.png
  • Then click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6067

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

3/15/2011 2:41:49 PM

mbam-log-2011-03-15 (14-41-49).txt

Scan type: Quick scan

Objects scanned: 158927

Time elapsed: 12 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

MBAM said the "scan completed successfully. No malicious items were detected."

Computer appears to be operating the same as before. I did notice that when I attempted to go to www.google.com in IE I got a message that the "address not valid".

Link to post
Share on other sites

Try this:

open Internet Explorer without add-ons in 2 ways. One way to open is to navigate to start menu-> All Programs-> Accessories-> System Tools-> Internet Explorer (no Add-ons). This opens up IE without ActiveX controls and browser extensions.

Let me know how that worked.

Link to post
Share on other sites

I followed your instructions going through the start menu but it did not make a difference. You mention 2 ways to open without add-ons. Do you want me to try a different way?

I'm not sure if it is relevant but when I try to "manage search providers" from the toolbar it will not let me delete Google. I'm not sure if the following looks right? Thanks again.

Search address:

http://www.google.com/search?q=&sourceid=ie7&rls=com.microsoft:en-us:&ie=&oe=

Link to post
Share on other sites

aswMBR version 0.9.4 Copyright© 2011 AVAST Software

Run date: 2011-03-15 16:36:25

-----------------------------

16:36:25.166 OS Version: Windows 6.0.6002 Service Pack 2

16:36:25.166 Number of processors: 2 586 0x4802

16:36:25.166 ComputerName: JULIE-PC UserName: Julie

16:36:33.901 Initialize success

16:36:44.494 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

16:36:44.510 Disk 0 Vendor: TOSHIBA_MK8034GSX AH301D Size: 76319MB BusType: 3

16:36:46.541 Disk 0 MBR read successfully

16:36:46.557 Disk 0 MBR scan

16:36:48.557 Disk 0 scanning sectors +156299264

16:36:48.619 Disk 0 scanning C:\Windows\system32\drivers

16:36:57.729 Service scanning

16:36:59.588 Disk 0 trace - called modules:

16:36:59.604 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys

16:36:59.619 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x849a5ac8]

16:36:59.619 3 CLASSPNP.SYS[82fa78b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84932030]

16:36:59.635 Scan finished successfully

Link to post
Share on other sites

No luck. The search box in the Firefox navigation toolbar has several options to choose from. Google and Yahoo do not work (they time out). But, amazon, answers, ebay, and wikipedia DO work. I cannot go to google.com or bing.com. After several seconds I get a screen that says "The connection has timed out. The server www.google.com is taking too long to respond."

Link to post
Share on other sites

I have no idea what you have going on with this PC.

check some settings on your system:

  1. Enter your Control Panel and double-click on Network Connections
  2. Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL, or AOL Connection.

[*]Left click on Properties

[*]Double-Click on the Internet Protocol (TCP/IP) item

[*]Select the radio dial that says Obtain DNS Servers Automatically

[*]Press OK twice to get out of the properties screen

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

IPCONFIG /release

IPCONFIG /renew

Type Exit

Restart the computer.

Link to post
Share on other sites

I did my best. I don't use Vista much and it always seems to look a little different. Here's what I found:

Internet Protocol Version 6 (TCP/IPv6)

Internet Protocol Version 4 (TCP/IPv4)

Both of these had "Obtain DNS server address automatically" selected already.

Both lines at the command prompt seemed to work fine.

This is my wife's laptop which I don't use extensively. I noticed that the connection name on the wireless address shows up as fetne2122 (2WIRE512). On my machine it only shows up as 2WIRE512. I'm not sure why it would be different?

A status check shows IPv4 Connectivity as "Internet" and IPv6 Connectivity as "Limited".

Anyway all of the search functions in IE and Firefox continue as before. Thanks.

Link to post
Share on other sites

=========================================================

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Link to post
Share on other sites

I tried to send you a note last night when I called it a day but the server was down. I'd noticed a couple things in the logs you helped me generate:

From DDS:

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

IFEO: image file execution options - svchost.exe

IFEO: OLT.exe - svchost.exe

Hosts: 204.152.194.148 www.google.com

Hosts: 204.152.194.148 google.com

Hosts: 204.152.194.148 google.com.au

Hosts: 204.152.194.148 www.google.com.au

Hosts: 204.152.194.148 google.be

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

From Attach:

==== Hosts File Hijack ======================

.

Hosts: 204.152.194.148 www.google.com

Hosts: 204.152.194.148 google.com

Hosts: 204.152.194.148 google.com.au

Hosts: 204.152.194.148 www.google.com.au

Hosts: 204.152.194.148 google.be

Hosts: 204.152.194.148 www.google.be

Hosts: 204.152.194.148 google.com.br

Hosts: 204.152.194.148 www.google.com.br

Hosts: 204.152.194.148 google.ca

Hosts: 204.152.194.148 www.google.ca

Hosts: 204.152.194.148 google.ch

Hosts: 204.152.194.148 www.google.ch

Hosts: 204.152.194.148 google.de

Hosts: 204.152.194.148 www.google.de

Hosts: 204.152.194.148 google.dk

Hosts: 204.152.194.148 www.google.dk

Hosts: 204.152.194.148 google.fr

Hosts: 204.152.194.148 www.google.fr

Hosts: 204.152.194.148 google.ie

Hosts: 204.152.194.148 www.google.ie

Hosts: 204.152.194.148 google.it

Hosts: 204.152.194.148 www.google.it

Hosts: 204.152.194.148 google.co.jp

Hosts: 204.152.194.148 www.google.co.jp

Hosts: 204.152.194.148 google.nl

Hosts: 204.152.194.148 www.google.nl

Hosts: 204.152.194.148 google.no

Hosts: 204.152.194.148 www.google.no

Hosts: 204.152.194.148 google.co.nz

Hosts: 204.152.194.148 www.google.co.nz

Hosts: 204.152.194.148 google.pl

Hosts: 204.152.194.148 www.google.pl

Hosts: 204.152.194.148 google.se

Hosts: 204.152.194.148 www.google.se

Hosts: 204.152.194.148 google.co.uk

Hosts: 204.152.194.148 www.google.co.uk

Hosts: 204.152.194.148 google.co.za

Hosts: 204.152.194.148 www.google.co.za

Hosts: 204.152.194.148 www.google-analytics.com

Hosts: 204.152.194.148 www.bing.com

Hosts: 204.152.194.148 search.yahoo.com

Hosts: 204.152.194.148 www.search.yahoo.com

Hosts: 204.152.194.148 uk.search.yahoo.com

Hosts: 204.152.194.148 ca.search.yahoo.com

Hosts: 204.152.194.148 de.search.yahoo.com

Hosts: 204.152.194.148 fr.search.yahoo.com

Hosts: 204.152.194.148 au.search.yahoo.com

I did a little research and ended up here - http://support.microsoft.com/kb/972034/en-us

The host file was hidden and read only but I did finally manage to open and change it. My laptop appears to be running fine after that. I hope this is helpful and doesn't screw up your progression of things to go through. My concern would be that whatever changed that file is still lurking around and will do it (or something else) again.

Anyway things appear to be in good shape right now. I did run OTL this morning and will post the logs in 2 other posts. Thanks again.

Link to post
Share on other sites

OTL logfile created on: 3/16/2011 8:25:24 AM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Julie\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.00 Mb Total Physical Memory | 275.00 Mb Available Physical Memory | 31.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 64.46 Gb Total Space | 15.62 Gb Free Space | 24.24% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.54 Gb Free Space | 55.43% Space Free | Partition Type: NTFS

Computer Name: JULIE-PC | User Name: Julie | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Julie\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)

PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)

PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)

PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Julie\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)

SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (MpKsl559ce491) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2BD80A86-15E8-43A4-98CE-9BC17E36FE18}\MpKsl559ce491.sys (Microsoft Corporation)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)

DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)

DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)

DRV - (rimsptsk) -- C:\Windows\system32\drivers\rimsptsk.sys (REDC)

DRV - (rismxdp) -- C:\Windows\system32\drivers\rixdptsk.sys (REDC)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)

DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)

DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)

DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)

DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)

DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)

DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)

DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)

DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)

DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)

DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)

DRV - (dsunidrv) -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys (Gteko Ltd.)

DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\Windows\System32\drivers\mdc8021x.sys (Meetinghouse Data Communications)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msnmember.my.msn.com/default.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/15 17:02:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/15 17:02:45 | 000,000,000 | ---D | M]

[2011/03/15 17:03:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie\AppData\Roaming\Mozilla\Extensions

[2011/03/15 19:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\hzmmutfa.default\extensions

[2011/03/15 19:50:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\hzmmutfa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/03/15 17:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/03/14 23:20:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/03/14 23:18:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/15 23:52:30 | 000,000,763 | -HS- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PRISMSVR.EXE] File not found

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [tgcmd] File not found

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - Startup: C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Qwest QuickNetworking.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: sycamoreeducation.com ([www] https in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553557800} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg

O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{b71ab15b-21ab-11dc-8d96-0019b955dd51}\Shell - "" = AutoRun

O33 - MountPoints2\{b71ab15b-21ab-11dc-8d96-0019b955dd51}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/16 08:23:17 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Julie\Desktop\OTL.exe

[2011/03/15 22:09:57 | 000,000,000 | ---D | C] -- C:\Users\Julie\AppData\Local\Apps

[2011/03/15 17:02:55 | 000,000,000 | ---D | C] -- C:\Users\Julie\AppData\Roaming\Mozilla

[2011/03/15 17:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox

[2011/03/15 16:35:17 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Users\Julie\Desktop\aswMBR.exe

[2011/03/15 14:28:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/03/15 14:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/03/15 14:28:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/03/15 14:20:43 | 007,734,216 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Julie\Desktop\mbam-setup.exe

[2011/03/15 12:18:02 | 000,000,000 | ---D | C] -- C:\Users\Julie\Desktop\tdsskiller

[2011/03/15 11:49:57 | 000,000,000 | ---D | C] -- C:\Users\Julie\Desktop\GooredFix Backups

[2011/03/15 11:49:07 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Julie\Desktop\GooredFix.exe

[2011/03/14 23:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011/03/14 23:20:07 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2011/03/14 23:20:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/03/14 23:20:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/03/14 23:20:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/03/13 16:26:43 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2011/03/13 16:26:42 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll

[2011/03/13 16:26:42 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2011/03/13 16:26:42 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll

[2011/03/06 23:16:54 | 000,000,000 | ---D | C] -- C:\Users\Julie\Documents\tdsskiller[1]

[2011/03/03 09:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\illiminable

[2011/02/24 04:04:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2011/02/24 04:02:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll

[2011/02/24 04:01:45 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe

[2011/02/24 04:01:45 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe

[2011/02/24 04:01:45 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe

[2011/02/24 04:01:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll

[2011/02/24 04:01:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll

[2011/02/24 04:01:39 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll

[2011/02/24 04:01:38 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll

[2011/02/24 04:01:38 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe

[2011/02/24 04:01:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll

[2011/02/24 04:01:37 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll

[2011/02/24 04:01:22 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll

[2011/02/24 04:01:22 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll

[2011/02/24 04:01:21 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll

[2011/02/24 04:01:20 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll

[2011/02/24 04:01:19 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/16 08:23:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Julie\Desktop\OTL.exe

[2011/03/16 08:01:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/03/16 06:50:23 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/03/16 06:50:23 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/03/16 05:01:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/03/16 00:19:01 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE53262C-73B2-4DD6-A141-9E4E66E1B4ED}.job

[2011/03/15 23:52:30 | 000,000,763 | -HS- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/03/15 22:56:00 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/03/15 22:56:00 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/03/15 22:50:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/03/15 22:50:13 | 937,476,096 | -HS- | M] () -- C:\hiberfil.sys

[2011/03/15 17:02:47 | 000,001,750 | ---- | M] () -- C:\Users\Julie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/03/15 17:02:47 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/03/15 16:37:30 | 000,000,512 | ---- | M] () -- C:\Users\Julie\Desktop\MBR.dat

[2011/03/15 16:35:24 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Users\Julie\Desktop\aswMBR.exe

[2011/03/15 14:28:42 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/03/15 14:20:44 | 007,734,216 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Julie\Desktop\mbam-setup.exe

[2011/03/15 13:01:19 | 000,625,664 | ---- | M] () -- C:\Users\Julie\Desktop\dds.scr

[2011/03/15 12:17:11 | 001,263,721 | ---- | M] () -- C:\Users\Julie\Desktop\tdsskiller.zip

[2011/03/15 11:49:10 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Julie\Desktop\GooredFix.exe

[2011/03/15 11:41:37 | 000,014,175 | ---- | M] () -- C:\Users\Julie\Desktop\index.htm

[2011/03/14 23:18:43 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/03/14 23:18:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/03/14 23:18:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/03/14 23:18:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2011/03/06 23:25:11 | 152,705,329 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/03/03 09:13:59 | 000,000,147 | ---- | M] () -- C:\Windows\ka.ini

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/15 17:02:47 | 000,001,750 | ---- | C] () -- C:\Users\Julie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/03/15 17:02:47 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/03/15 16:37:30 | 000,000,512 | ---- | C] () -- C:\Users\Julie\Desktop\MBR.dat

[2011/03/15 14:28:42 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/03/15 13:01:04 | 000,625,664 | ---- | C] () -- C:\Users\Julie\Desktop\dds.scr

[2011/03/15 12:16:57 | 001,263,721 | ---- | C] () -- C:\Users\Julie\Desktop\tdsskiller.zip

[2011/03/15 11:41:24 | 000,014,175 | ---- | C] () -- C:\Users\Julie\Desktop\index.htm

[2011/03/06 23:29:43 | 937,476,096 | -HS- | C] () -- C:\hiberfil.sys

[2011/02/24 04:01:26 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl

[2011/02/24 04:01:25 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs

[2011/02/24 04:01:25 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml

[2009/08/29 10:26:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/08/29 10:26:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2008/11/16 18:39:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2007/12/14 12:32:52 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe

[2007/10/17 20:15:47 | 000,000,021 | ---- | C] () -- C:\Windows\TLCAPPS.INI

[2007/10/17 19:35:35 | 000,069,632 | ---- | C] () -- C:\Windows\System32\Clifford Uninstall.exe

[2007/10/17 17:34:09 | 000,000,314 | ---- | C] () -- C:\Windows\EReg515.dat

[2007/10/17 17:33:04 | 000,000,802 | ---- | C] () -- C:\Windows\disney.ini

[2007/09/18 20:35:41 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL

[2007/05/15 15:09:51 | 000,000,147 | ---- | C] () -- C:\Windows\ka.ini

[2007/03/05 16:01:15 | 000,027,648 | ---- | C] () -- C:\Users\Julie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/02/27 03:37:23 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2007/02/27 03:37:23 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007/02/27 03:37:23 | 000,138,101 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007/02/27 03:37:21 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2007/02/27 03:37:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007/02/26 20:09:36 | 000,000,257 | ---- | C] () -- C:\Windows\wininit.ini

[2007/02/26 19:56:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll

[2007/02/26 19:56:19 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE

[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 07:47:37 | 000,353,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 05:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 05:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2005/02/05 14:46:00 | 000,004,608 | ---- | C] () -- C:\Windows\fgexec.dll

========== LOP Check ==========

[2010/03/05 12:14:40 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\AVG9

[2008/08/29 08:55:31 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/03/15 00:50:43 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\MSNInstaller

[2007/12/06 13:29:51 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\Snapfish

[2010/07/23 15:31:58 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\W Photo Studio

[2010/07/25 23:06:03 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\W Photo Studio Viewer

[2009/08/28 11:28:27 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\Walgreens

[2007/03/11 21:58:46 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\WildTangent

[2011/03/15 22:49:00 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011/03/16 00:19:01 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EE53262C-73B2-4DD6-A141-9E4E66E1B4ED}.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 3/16/2011 8:25:24 AM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Julie\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.00 Mb Total Physical Memory | 275.00 Mb Available Physical Memory | 31.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 64.46 Gb Total Space | 15.62 Gb Free Space | 24.24% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.54 Gb Free Space | 55.43% Space Free | Partition Type: NTFS

Computer Name: JULIE-PC | User Name: Julie | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{11454E49-0630-4019-9EA6-3FEED8C78A1F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{40CCBC6B-FD3F-4C78-BFE7-81723EF344DD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{8C8F76D1-356D-4076-9393-DFF9B69C1EEF}" = lport=2869 | protocol=6 | dir=in | app=system |

"{8F8C7491-A997-4F85-945B-ADFC133A2586}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{06B32B36-2FFD-443B-BCAA-3B05DCD5F50D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{0C81C3BC-2E32-4569-A9C1-1004491C182F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{20264096-B778-4DC0-8698-A12CB8C7618D}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |

"{28BDF703-BD5A-4D99-9AC9-5B69F82832C5}" = protocol=6 | dir=in | app=c:\windows\temp\~osa231.tmp\ossproxy.exe |

"{2E0225EB-017B-4C2A-9517-497014BAF8B9}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |

"{3C09A4DE-0B53-4BE0-8EFF-8DE9C265B50E}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |

"{417C378A-3FB8-4A86-87EF-13C4BAFF7BD9}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |

"{4F8F2AB6-9017-4A81-A3F7-FE3FBD56E58F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{5633EA6C-FE0D-4724-8703-BE41A01B78F8}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |

"{5FE0C248-20E5-4908-9CB8-065C1C6A38AC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{62656C08-820F-4D84-851A-8B5CBF720FD5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

"{68BF2641-95CC-4877-A852-6551DA17D5FE}" = protocol=6 | dir=in | app=c:\windows\temp\~ose209.tmp\ossproxy.exe |

"{6EBFA9BE-AA31-4DB9-8C03-9A3D744C43B9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{9D7EE0CD-01E4-4DF9-83D8-97A6730B39EC}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |

"{A90407F2-A2FF-4DD2-83E5-26E80983CB75}" = protocol=6 | dir=in | app=c:\windows\temp\~os66e0.tmp\ossproxy.exe |

"{E666E011-9842-4DFF-B3CC-E3F3EE90AA89}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |

"{ED6CD487-FA0B-4288-AA47-0703408B1601}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |

"TCP Query User{1B7FABB3-5724-4FE8-A1CB-7A53EB99DBAF}C:\program files\msn\msncorefiles\msn.exe" = protocol=6 | dir=in | app=c:\program files\msn\msncorefiles\msn.exe |

"TCP Query User{913E9525-0A27-4FBC-BF01-AF2E57A601D8}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"TCP Query User{C0E3674E-E1EA-43BA-818B-40EF3DC41DF2}C:\programdata\442040\si442_289.exe" = protocol=6 | dir=in | app=c:\programdata\442040\si442_289.exe |

"TCP Query User{D5CC163A-53A1-446B-A67A-0729BD04DEDA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{10C8B390-2694-4318-BA24-004C397A0E88}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{3183A0DA-5F93-4747-8A9B-B6AB397A8BDB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{B63F8659-DB58-4144-8B11-0A38F0647D8F}C:\program files\msn\msncorefiles\msn.exe" = protocol=17 | dir=in | app=c:\program files\msn\msncorefiles\msn.exe |

"UDP Query User{E26730B2-0337-439A-B955-1BBBBA44DFD6}C:\programdata\442040\si442_289.exe" = protocol=17 | dir=in | app=c:\programdata\442040\si442_289.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series

"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard

"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 24

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4F1CECBC-670F-4DAA-81D6-944B12450917}" = DIGOpt

"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet

"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{65A1FC3C-E496-41A9-98C7-2CEAFE7053B7}" = Better Homes and Gardens HD Suite 7.0 Training Videos

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)

"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{99F0545E-D93D-481D-8088-7F50FD76DE55}" = Scrapbooks Plus Workshop

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A557D4C9-03AA-4806-80A7-227D2C8E4439}" = Better Homes and Gardens Home Designer Suite 7.0

"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio

"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver

"{EAB9C426-6626-7B76-64F3-569FDCA9852D}" = ATI Catalyst Control Center Ex

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"Canon iP2600 series User Registration" = Canon iP2600 series User Registration

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)

"MSMSGS" = MSN Messenger Service 3.6

"MSNINST" = MSN

"QuickTime" = QuickTime

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"UnityWebPlayer" = Unity Web Player

"WildTangent dell Master Uninstall" = Dell Games

"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 3/5/2009 7:18:00 PM | Computer Name = JULIE-PC | Source = Application Hang | ID = 1002

Description = The program msn.exe version 9.60.53.2200 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: fa4 Start Time: 01c99de8730971ac Termination Time: 16

Error - 3/6/2009 5:00:52 AM | Computer Name = JULIE-PC | Source = MsiInstaller | ID = 11316

Description =

Error - 3/9/2009 5:19:15 PM | Computer Name = JULIE-PC | Source = VSS | ID = 8194

Description =

Error - 3/10/2009 11:10:40 PM | Computer Name = JULIE-PC | Source = EventSystem | ID = 4621

Description =

Error - 3/14/2009 9:07:57 AM | Computer Name = JULIE-PC | Source = EventSystem | ID = 4621

Description =

Error - 3/16/2009 11:51:37 PM | Computer Name = JULIE-PC | Source = Application Hang | ID = 1002

Description = The program msn.exe version 9.60.53.2200 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 848 Start Time: 01c9a5d488a93f7b Termination Time: 313

Error - 3/17/2009 12:06:51 AM | Computer Name = JULIE-PC | Source = Application Hang | ID = 1002

Description = The program msn.exe version 9.60.53.2200 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: c24 Start Time: 01c9a6b3ad6b113d Termination Time: 15

Error - 3/21/2009 11:45:33 AM | Computer Name = JULIE-PC | Source = Application Error | ID = 1000

Description = Faulting application msn.exe, version 9.60.53.2200, time stamp 0x48360fd6,

faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception

code 0xc0000374, fault offset 0x000b015d, process id 0xa54, application start time

0x01c9a6b5ce2787c4.

Error - 3/26/2009 12:06:49 PM | Computer Name = JULIE-PC | Source = Application Hang | ID = 1002

Description = The program msn.exe version 9.60.53.2200 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 2d0 Start Time: 01c9ae2c88880ed1 Termination Time: 47

Error - 4/2/2009 12:20:25 AM | Computer Name = JULIE-PC | Source = Application Error | ID = 1000

Description = Faulting application mcupdate.EXE, version 6.0.6001.18115, time stamp

0x489807f1, faulting module mscorwks.dll, version 2.0.50727.3053, time stamp 0x4889dc18,

exception code 0xc0000005, fault offset 0x0007ff92, process id 0x

Link to post
Share on other sites

OTL Fix

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL

    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [RESETHOSTS]
    [purity]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Link to post
Share on other sites

I tried twice. I got a Windows message that "OTL has stopped" and the OTL window said it was "(not responding)" in the title bar. I let it grind away for quite a while. When I clicked ok on the Windows menu I lost everything on my desktop and nothing came back. I used Task Manager to reboot both times and everything looks okay. Minimal Output was still selected. I THINK that I have tried it with LOP & Purity check both ways. I never did have a log pop up and there is nothing new on my desktop after rebooting. Thanks.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.