Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Sneeky malware, browser hijack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Sneeky malware, browser hijack

Unread postby Gary R » July 20th, 2011, 5:43 pm

Sounds strange.

If you can't post them, see if you can attach them.

Open the post editor as if you're going to post, then scan down below the text box and look for the Filename box, click on Browse and browse to the OTL.txt file.

Click on Add the file and wait for the file to upload.

repeat for the other log files, then click Submit
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Re: Sneeky malware, browser hijack

Unread postby Seep34 » July 20th, 2011, 5:45 pm

It won't truncate. It won't send. I keep getting a message that the forum rules preclude my sending a message of that length.

I have to go out and take the kids somewhere. Let me know what to do, and I'll try to tackle it again later tonight.

Thanks.

Mory (Seep34)
Seep34
Regular Member
 
Posts: 37
Joined: August 30th, 2010, 10:05 am

Re: Sneeky malware, browser hijack

Unread postby Gary R » July 20th, 2011, 7:26 pm

Did you try attaching ???

See if you can post just the TDSSKiller log.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Sneeky malware, browser hijack

Unread postby Seep34 » July 20th, 2011, 11:38 pm

Hi Gary R.

Just got home. Here's the TDSSKiller log:


2011/07/20 17:09:31.0694 3160 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/20 17:09:32.0149 3160 ================================================================================
2011/07/20 17:09:32.0149 3160 SystemInfo:
2011/07/20 17:09:32.0149 3160
2011/07/20 17:09:32.0150 3160 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/20 17:09:32.0150 3160 Product type: Workstation
2011/07/20 17:09:32.0150 3160 ComputerName: THE_BOOGER
2011/07/20 17:09:32.0150 3160 UserName: Rachel Mindel
2011/07/20 17:09:32.0150 3160 Windows directory: C:\Windows
2011/07/20 17:09:32.0150 3160 System windows directory: C:\Windows
2011/07/20 17:09:32.0150 3160 Running under WOW64
2011/07/20 17:09:32.0150 3160 Processor architecture: Intel x64
2011/07/20 17:09:32.0150 3160 Number of processors: 2
2011/07/20 17:09:32.0150 3160 Page size: 0x1000
2011/07/20 17:09:32.0150 3160 Boot type: Normal boot
2011/07/20 17:09:32.0150 3160 ================================================================================
2011/07/20 17:09:33.0765 3160 Initialize success
2011/07/20 17:09:49.0094 4948 ================================================================================
2011/07/20 17:09:49.0095 4948 Scan started
2011/07/20 17:09:49.0095 4948 Mode: Manual;
2011/07/20 17:09:49.0095 4948 ================================================================================
2011/07/20 17:09:50.0799 4948 70416131 (6c5461eeb3ffa1b1dcf9a07f8c3b3afe) C:\Windows\system32\DRIVERS\70416131.sys
2011/07/20 17:09:50.0866 4948 70416132 (3ec7dfda521b4fb22ce9f76df15db099) C:\Windows\system32\DRIVERS\70416132.sys
2011/07/20 17:09:50.0932 4948 74558331 (6c5461eeb3ffa1b1dcf9a07f8c3b3afe) C:\Windows\system32\DRIVERS\74558331.sys
2011/07/20 17:09:51.0000 4948 74558332 (3ec7dfda521b4fb22ce9f76df15db099) C:\Windows\system32\DRIVERS\74558332.sys
2011/07/20 17:09:51.0100 4948 a2acc (0b8ed3de81ec30ad50873f033b34b39e) C:\PROGRAM FILES (X86)\MAMUTU\a2accx64.sys
2011/07/20 17:09:51.0171 4948 a2injectiondriver (f75ddc4047aa1ac85164445cba7601ef) C:\Program Files (x86)\Mamutu\a2dix64.sys
2011/07/20 17:09:51.0254 4948 a2util (e41d79682a209f72f4f578cfd4a53952) C:\Program Files (x86)\Mamutu\a2util64.sys
2011/07/20 17:09:51.0399 4948 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/07/20 17:09:51.0487 4948 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/07/20 17:09:51.0583 4948 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/07/20 17:09:51.0665 4948 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/07/20 17:09:51.0720 4948 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/07/20 17:09:51.0764 4948 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/07/20 17:09:51.0926 4948 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/07/20 17:09:52.0064 4948 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/07/20 17:09:52.0219 4948 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/07/20 17:09:52.0316 4948 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/07/20 17:09:52.0408 4948 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
2011/07/20 17:09:52.0425 4948 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
2011/07/20 17:09:52.0498 4948 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/07/20 17:09:52.0583 4948 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/07/20 17:09:52.0653 4948 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/07/20 17:09:52.0741 4948 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys
2011/07/20 17:09:52.0789 4948 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys
2011/07/20 17:09:52.0860 4948 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys
2011/07/20 17:09:52.0919 4948 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys
2011/07/20 17:09:52.0958 4948 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys
2011/07/20 17:09:52.0983 4948 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys
2011/07/20 17:09:53.0061 4948 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/20 17:09:53.0102 4948 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/07/20 17:09:53.0321 4948 BCM43XX (f509c4fd2eba6af4fd8794aeb6f3efb7) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/07/20 17:09:53.0488 4948 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/07/20 17:09:53.0560 4948 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/20 17:09:53.0623 4948 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/20 17:09:53.0653 4948 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/07/20 17:09:53.0734 4948 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/07/20 17:09:53.0769 4948 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/07/20 17:09:53.0791 4948 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/20 17:09:53.0820 4948 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/07/20 17:09:53.0853 4948 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/07/20 17:09:53.0929 4948 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/20 17:09:53.0987 4948 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/20 17:09:54.0065 4948 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/20 17:09:54.0108 4948 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/07/20 17:09:54.0252 4948 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/20 17:09:54.0271 4948 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
2011/07/20 17:09:54.0365 4948 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/20 17:09:54.0393 4948 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/20 17:09:54.0515 4948 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/07/20 17:09:54.0676 4948 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/07/20 17:09:54.0775 4948 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/07/20 17:09:54.0908 4948 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/20 17:09:55.0135 4948 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/07/20 17:09:55.0225 4948 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/07/20 17:09:55.0275 4948 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/07/20 17:09:55.0377 4948 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
2011/07/20 17:09:55.0411 4948 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/07/20 17:09:55.0475 4948 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/07/20 17:09:55.0526 4948 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/07/20 17:09:55.0617 4948 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/20 17:09:55.0663 4948 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/07/20 17:09:55.0704 4948 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/07/20 17:09:55.0743 4948 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/20 17:09:55.0793 4948 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/07/20 17:09:56.0001 4948 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/20 17:09:56.0057 4948 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/20 17:09:56.0201 4948 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/20 17:09:56.0384 4948 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/07/20 17:09:56.0504 4948 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/20 17:09:56.0650 4948 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/07/20 17:09:56.0703 4948 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/20 17:09:56.0780 4948 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/20 17:09:56.0919 4948 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/07/20 17:09:56.0957 4948 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/07/20 17:09:57.0015 4948 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/07/20 17:09:57.0133 4948 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/07/20 17:09:57.0184 4948 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/07/20 17:09:57.0277 4948 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/20 17:09:57.0315 4948 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/07/20 17:09:57.0965 4948 igfx (7b0a679638e9380c0d8d42c7d43f8169) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/20 17:09:58.0149 4948 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/07/20 17:09:58.0248 4948 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
2011/07/20 17:09:58.0329 4948 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
2011/07/20 17:09:58.0358 4948 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/20 17:09:58.0426 4948 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/20 17:09:58.0590 4948 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/20 17:09:58.0630 4948 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/20 17:09:58.0713 4948 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/07/20 17:09:58.0884 4948 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/07/20 17:09:58.0962 4948 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/20 17:09:59.0004 4948 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/07/20 17:09:59.0072 4948 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/07/20 17:09:59.0101 4948 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/20 17:09:59.0146 4948 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/20 17:09:59.0207 4948 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/20 17:09:59.0288 4948 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/07/20 17:09:59.0385 4948 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/20 17:09:59.0422 4948 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/20 17:09:59.0449 4948 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/20 17:09:59.0473 4948 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/20 17:09:59.0507 4948 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/07/20 17:09:59.0651 4948 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/07/20 17:09:59.0738 4948 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/07/20 17:09:59.0801 4948 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/07/20 17:09:59.0872 4948 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/20 17:09:59.0908 4948 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/20 17:09:59.0981 4948 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/20 17:10:00.0013 4948 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/20 17:10:00.0100 4948 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/07/20 17:10:00.0139 4948 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/20 17:10:00.0179 4948 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/20 17:10:00.0224 4948 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/20 17:10:00.0292 4948 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/20 17:10:00.0358 4948 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/20 17:10:00.0429 4948 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/20 17:10:00.0523 4948 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2011/07/20 17:10:00.0554 4948 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/07/20 17:10:00.0640 4948 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/07/20 17:10:00.0709 4948 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/07/20 17:10:00.0785 4948 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/20 17:10:00.0812 4948 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/20 17:10:00.0839 4948 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/07/20 17:10:00.0923 4948 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/07/20 17:10:00.0989 4948 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/20 17:10:01.0057 4948 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/07/20 17:10:01.0098 4948 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/07/20 17:10:01.0190 4948 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/20 17:10:01.0289 4948 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/07/20 17:10:01.0389 4948 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/20 17:10:01.0420 4948 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/20 17:10:01.0471 4948 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/20 17:10:01.0495 4948 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/07/20 17:10:01.0569 4948 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/20 17:10:01.0618 4948 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/20 17:10:01.0809 4948 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
2011/07/20 17:10:01.0996 4948 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/07/20 17:10:02.0096 4948 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/07/20 17:10:02.0140 4948 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/20 17:10:02.0219 4948 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/07/20 17:10:02.0320 4948 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/07/20 17:10:02.0351 4948 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/07/20 17:10:02.0373 4948 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/07/20 17:10:02.0403 4948 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/07/20 17:10:02.0543 4948 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/20 17:10:02.0587 4948 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/07/20 17:10:02.0643 4948 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/07/20 17:10:02.0712 4948 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/07/20 17:10:02.0759 4948 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
2011/07/20 17:10:02.0798 4948 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/07/20 17:10:02.0841 4948 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/07/20 17:10:03.0083 4948 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/20 17:10:03.0148 4948 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/07/20 17:10:03.0230 4948 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/20 17:10:03.0405 4948 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/07/20 17:10:03.0470 4948 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/07/20 17:10:03.0501 4948 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/20 17:10:03.0522 4948 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/20 17:10:03.0574 4948 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/20 17:10:03.0629 4948 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/20 17:10:03.0675 4948 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/20 17:10:03.0731 4948 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/20 17:10:03.0769 4948 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/20 17:10:03.0814 4948 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/07/20 17:10:03.0847 4948 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/20 17:10:03.0899 4948 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/07/20 17:10:04.0050 4948 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/20 17:10:04.0178 4948 RTL8169 (170a66dfaaa22358e08d6f4b38c8f3df) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/07/20 17:10:04.0302 4948 RTSTOR (aa3987386cf7d9005c42bc974634bd56) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/07/20 17:10:04.0394 4948 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/07/20 17:10:04.0414 4948 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/07/20 17:10:04.0495 4948 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/20 17:10:04.0554 4948 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/20 17:10:04.0591 4948 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/20 17:10:04.0632 4948 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/07/20 17:10:04.0663 4948 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/07/20 17:10:04.0692 4948 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/07/20 17:10:04.0788 4948 setup_9.0.0.722_03.07.2011_17-11drv (8423db42808e94847ec4e53efda6bee2) C:\Windows\system32\DRIVERS\7455833.sys
2011/07/20 17:10:04.0826 4948 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/07/20 17:10:04.0858 4948 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/20 17:10:04.0892 4948 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/20 17:10:04.0916 4948 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/07/20 17:10:04.0955 4948 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/07/20 17:10:04.0986 4948 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/07/20 17:10:05.0043 4948 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/07/20 17:10:05.0140 4948 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/07/20 17:10:05.0220 4948 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/07/20 17:10:05.0273 4948 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/20 17:10:05.0320 4948 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/20 17:10:05.0448 4948 STHDA (0c7bda7e9a329a071c080eb5210fe019) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/07/20 17:10:05.0505 4948 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/20 17:10:05.0534 4948 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/07/20 17:10:05.0558 4948 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/07/20 17:10:05.0587 4948 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/07/20 17:10:05.0711 4948 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/20 17:10:05.0913 4948 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/07/20 17:10:06.0012 4948 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/20 17:10:06.0075 4948 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/20 17:10:06.0125 4948 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/07/20 17:10:06.0158 4948 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/07/20 17:10:06.0198 4948 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/20 17:10:06.0242 4948 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/20 17:10:06.0312 4948 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/20 17:10:06.0392 4948 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/20 17:10:06.0438 4948 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/20 17:10:06.0465 4948 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/07/20 17:10:06.0524 4948 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/20 17:10:06.0578 4948 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/20 17:10:06.0614 4948 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/07/20 17:10:06.0638 4948 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/07/20 17:10:06.0676 4948 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/07/20 17:10:06.0700 4948 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/20 17:10:06.0820 4948 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
2011/07/20 17:10:06.0912 4948 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2011/07/20 17:10:07.0003 4948 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/20 17:10:07.0048 4948 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/07/20 17:10:07.0133 4948 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/20 17:10:07.0187 4948 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/20 17:10:07.0230 4948 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/07/20 17:10:07.0277 4948 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/20 17:10:07.0319 4948 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/20 17:10:07.0369 4948 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/20 17:10:07.0415 4948 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/20 17:10:07.0501 4948 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/20 17:10:07.0545 4948 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/20 17:10:07.0573 4948 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/07/20 17:10:07.0597 4948 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
2011/07/20 17:10:07.0646 4948 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/07/20 17:10:07.0710 4948 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/07/20 17:10:07.0794 4948 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/07/20 17:10:07.0858 4948 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/07/20 17:10:07.0908 4948 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/07/20 17:10:08.0001 4948 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/20 17:10:08.0042 4948 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/20 17:10:08.0147 4948 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/07/20 17:10:08.0212 4948 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/20 17:10:08.0326 4948 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/20 17:10:08.0418 4948 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/20 17:10:08.0477 4948 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/20 17:10:08.0543 4948 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/07/20 17:10:08.0754 4948 {55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
2011/07/20 17:10:08.0872 4948 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
2011/07/20 17:10:08.0908 4948 Boot (0x1200) (420d3eb4caacf17363405d94d17b4afd) \Device\Harddisk0\DR0\Partition0
2011/07/20 17:10:08.0946 4948 Boot (0x1200) (75f6997bc08dff289b07ab5856efeb03) \Device\Harddisk0\DR0\Partition1
2011/07/20 17:10:08.0951 4948 ================================================================================
2011/07/20 17:10:08.0951 4948 Scan finished
2011/07/20 17:10:08.0951 4948 ================================================================================
2011/07/20 17:10:08.0964 4256 Detected object count: 0
2011/07/20 17:10:08.0964 4256 Actual detected object count: 0


Mory (Seep34)
Seep34
Regular Member
 
Posts: 37
Joined: August 30th, 2010, 10:05 am

Re: Sneeky malware, browser hijack

Unread postby Seep34 » July 20th, 2011, 11:43 pm

Gary R.: The TDSSKiller log passed muster. I'll try the Extras.txt. Looks like this will go, too. Mory (Seep34)

OTL Extras logfile created on: 7/20/2011 4:15:05 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Malky\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 55.00% Memory free
8.03 Gb Paging File | 5.94 Gb Available in Paging File | 73.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.05 Gb Total Space | 129.00 Gb Free Space | 45.25% Space Free | Partition Type: NTFS
Drive D: | 13.04 Gb Total Space | 1.74 Gb Free Space | 13.34% Space Free | Partition Type: NTFS

Computer Name: THE_BOOGER | User Name: Rachel Mindel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-976231018-1287267316-1729043825-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 53 AD 16 E4 13 FB CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11079D4D-2E77-4CCE-B2FE-68064FE2224F}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{285C21E7-C88B-4EE5-9843-4018CAFF02FF}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{87E93F65-1785-4147-AAE9-0016EE663E2D}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D2C55F-2981-4FC9-BD43-0075F1738E4A}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\acrobat.com\acrobat.com.exe |
"{0AAC57DC-CD35-42DC-B677-1E713179B156}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1243B503-E798-4B16-92BD-1F7A8259820C}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{156B7FD6-012D-4F1F-A53D-5547A0919F14}" = protocol=17 | dir=in | app=c:\windows\system32\lxbvcoms.exe |
"{1FD03A93-1130-41E9-8E7E-FB690C45AF02}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3141A3BB-FC02-4CD7-B0B9-C961A26FEB31}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3FC90DE0-C0D3-436B-85BE-68E6A5C22DA8}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast5\avastui.exe |
"{4135AB0F-A382-43C7-B4D7-53D79E623322}" = protocol=17 | dir=in | app=c:\users\rachel mindel\appdata\local\temp\7zs81e7.tmp\symnrt.exe |
"{45966827-31CA-4A66-8A33-F78A3E501578}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{4A4A88F9-E5C6-42BD-8F42-60AC868F0100}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4C9FBA10-04A5-4CBF-802D-E7571F6C09F1}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{5E1311D0-D7CD-4B07-AA32-05CC04FA7381}" = protocol=6 | dir=in | app=c:\users\rachel mindel\appdata\local\temp\7zs81e7.tmp\symnrt.exe |
"{5F2C0633-79CD-4A00-B5EB-B2CBE0472B13}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{618979BC-8043-4227-927C-A5064564E99B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{72163229-1B3F-48AD-AB0D-C1C20901102F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{72B24BB6-CE37-47DE-B8E7-3F8FB3689CCB}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{87A80513-B2CE-4FB8-9381-5163CAA6285B}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{8828DDC1-371C-42FE-8B0D-ECA50D2669A1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{928D9798-8795-4F85-B2CF-55E22766C612}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast5\avastui.exe |
"{94D016CB-4E79-42DC-AF38-D582891A722D}" = protocol=6 | dir=in | app=c:\windows\system32\lxbvcoms.exe |
"{96FB22F8-8906-4865-82A0-8CB2007005DA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{99BBB6AC-3B73-473B-BDD4-0E105051847B}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{9C7E241E-985B-478E-8580-3402C825C20D}" = protocol=6 | dir=in | app=c:\program files\superantispyware\superantispyware.exe |
"{9F88926E-24C9-46BB-AAB4-8F32DB03900B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbvpswx.exe |
"{A8CF07EB-92A7-4E0B-B93E-26771CAE053B}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbvcoms.exe |
"{AA759A94-B6BF-464E-AE45-D5DB12F56050}" = protocol=17 | dir=in | app=c:\program files\superantispyware\superantispyware.exe |
"{B253B807-EA86-4DC4-90B0-FA75A58A7ABD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B3A5E0F5-CE9B-4608-8DEB-77C9AC226B57}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbvpswx.exe |
"{B8AD5CE7-CD8A-4DDF-A157-A487E2110F92}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{CC1995E2-58D6-48EB-A2BB-C5166773DD1E}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{D399399E-6A62-46AD-A04A-06A9C2F5B96D}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DE54CD8E-A48D-4CA0-AB93-B1A71AC8FCDF}" = protocol=17 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"{E0EA77E9-4A22-4DEB-82EE-E313762204A9}" = protocol=6 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"{F5316716-BB6F-48A2-96B8-81035AFE764D}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\acrobat.com\acrobat.com.exe |
"{F7E46C96-6A6D-4861-8D64-D167B731AEB9}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbvcoms.exe |
"{FF204FF6-0340-4E79-9CCE-CA5287EE986C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"TCP Query User{959B5FE3-D666-48EE-ABFE-A914E78F297D}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{A6BAB49C-5E65-46B1-ACBA-4B9D4989CCDC}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{290D9CCE-DF9A-4B0A-AB7A-294766E6AFC7}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{DDA66203-CC12-4B3A-BEB2-F378C20DE9EF}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{387D9916-BD27-480f-8CF0-3228832BBAA2}" = HP Deskjet D4300 Printer Driver Software 10.0 Rel .3
"{39107B20-EA1C-4974-881C-607300BB3C99}" = MobileMe Control Panel
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Blue Coat K9 Web Protection" = Blue Coat K9 Web Protection 4.2.48
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"Lexmark 2200 Series" = Lexmark 2200 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07620C4F-0964-4086-A872-C9C12E418E52}" = DJ_SF_03_D4300_Software
"{09801D34-8DE8-406A-BFD7-747AF74F5E6E}" = WhiteBoardMeeting
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20FA8AEE-E785-4F79-98EB-2067A8F395F4}" = Monopoly
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24EFA94F-F3D6-4386-8824-B54712C9DC88}" = D4300_Help
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{266F34CA-580F-4615-80FE-BDFBD56B748F}" = School Tycoon
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{36E90C09-EB23-4EAC-8B47-12C0CA5DBD3A}" = HP User Guides 0126
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42C7C4D8-033E-44F9-BF34-43808A0686CC}" = D4300
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669A032D-4E28-3D11-BB26-8AD5D51EFE87}" = Google Talk Plugin
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B0A7592-2AE0-48EA-A327-6EB7DAB25E4A}" = DJ_SF_03_D4300_Software_Min
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A044C900-5DE1-4986-B0B8-D6A40271A929}" = Sound Effects
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E60A3FF1-856E-4DD2-BFC6-FD9B976FE1C5}" = DJ_SF_03_D4300_ProductContext
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aleks 3.12" = Aleks 3.12
"AnVir Task Manager Free" = AnVir Task Manager Free
"avast" = avast! Free Antivirus
"Backyard Soccer MLS Edition" = Backyard Soccer MLS Edition
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"DX-Ball 1.09" = DX-Ball 1.09
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FBLayouts" = FBLayouts Plugin
"FormatFactory" = FormatFactory 2.20
"FreshDevices - FreshDiagnose_is1" = FreshDiagnose
"FreshDevices - FreshUI_is1" = FreshUI
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hoyle Word Games 2" = Hoyle Word Games 2
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Mamutu_is1" = Mamutu 3.0
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"oovootb" = ooVoo Toolbar (Remove Toolbar Only)
"Picasa 3" = Picasa 3
"PriceGong" = PriceGong 2.1.0
"Revo Uninstaller" = Revo Uninstaller 1.92
"Snood 4_is1" = Snood 4
"StepMania" = StepMania (remove only)
"Voozie Maker" = Voozie Maker
"WildTangent hp Master Uninstall" = HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-976231018-1287267316-1729043825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DFA7BC3-7BD9-4736-9216-716898C068F6}" = Snapfish Quick Uploader plugin
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"MixPad" = MixPad Audio Mixer
"Move Media Player" = Move Media Player
"NetAssistant" = NetAssistant for Firefox
"WavePad" = WavePad Sound Editor

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
Seep34
Regular Member
 
Posts: 37
Joined: August 30th, 2010, 10:05 am

Re: Sneeky malware, browser hijack

Unread postby Seep34 » July 20th, 2011, 11:54 pm

OK, Gary R., we're cooking now! I'll try to send the OTL.Txt as an attachment....

Ooops; got this friendly message: The attachment’s file size is too large, the maximum upload size is 2 MB.
Please note this is set in php.ini and cannot be overridden.


OK. So it's a big file. Can't paste into the message and can't attach it. Should I try to split it in some way? I need your guidance.

Mory (Seep34)
Seep34
Regular Member
 
Posts: 37
Joined: August 30th, 2010, 10:05 am

Re: Sneeky malware, browser hijack

Unread postby Seep34 » July 20th, 2011, 11:58 pm

Gary R.:

I'm showing the document to be 2,254 KB. Let me see if there's a logical place to split the file; if not, in an illogical place will do...

Mory
Seep34
Regular Member
 
Posts: 37
Joined: August 30th, 2010, 10:05 am

Re: Sneeky malware, browser hijack

Unread postby Seep34 » July 21st, 2011, 12:05 am

Gary R.,

Here goes. I'm splitting the OTL.Txt file into two documents. I'll try to attach the first part now. This part is 48.98 KB.

Mory (Seep34)
You do not have the required permissions to view the files attached to this post.
Seep34
Regular Member
 
Posts: 37
Joined: August 30th, 2010, 10:05 am

Re: Sneeky malware, browser hijack

Unread postby Seep34 » July 21st, 2011, 12:07 am

Oh. Looks like I'll have to sheer off another slice to bring the attachment to under 200 KB.
Seep34
Regular Member
 
Posts: 37
Joined: August 30th, 2010, 10:05 am

Re: Sneeky malware, browser hijack

Unread postby Seep34 » July 21st, 2011, 12:17 am

OK, Gary R., part two (not second half) will hopefully attach well.

Mory (Seep34)
You do not have the required permissions to view the files attached to this post.
Seep34
Regular Member
 
Posts: 37
Joined: August 30th, 2010, 10:05 am

Re: Sneeky malware, browser hijack

Unread postby Seep34 » July 21st, 2011, 12:37 am

Hi Gary,

I'll try to attach the third part of the OTL.Txt file, now.

Mory (Seep34)

Sorry. This last part will have to wait until tomorrow. I've run out of gas & better get to bed.

Mory (Seep34)
Seep34
Regular Member
 
Posts: 37
Joined: August 30th, 2010, 10:05 am

Re: Sneeky malware, browser hijack

Unread postby Gary R » July 21st, 2011, 1:17 am

No need to send the rest, I've got enough to be going on with.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Sneeky malware, browser hijack

Unread postby Gary R » July 21st, 2011, 1:38 am

I've no idea at this point why OTL is trying to show me every file on your computer, which is why the log is so long. Don't bother sending me the rest, we'll deal with the things I've found so far and go from there.

OK, lets start trying to clean up your computer.

First

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

AnVir Task Manager Free
Mamutu 3.0


Don't use Revo to remove them, it really isn't necessary.

These programs are not malicious, but you've got so many overlapping defensive programs on your machine that there's a strong probability that you'll get conflict issues. These 2 really aren't adding to your security in any meaningful way.

If you want an "advanced" task manager, let me know and I'll recommend one at the end of the cleanup.


Next
  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF [2010/10/24 09:41:52 | 000,000,000 | ---D | M]
[2011/06/19 12:28:33 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Rachel Mindel\AppData\Roaming\mozilla\Firefox\Profiles\jswapa5i.default\extensions\{1a184095-bed1-41ab-9d6d-ab4ada3b3037}
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll ()
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll ()
O4 - HKU\S-1-5-21-976231018-1287267316-1729043825-1000..\Run: [oovoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\.DEFAULT..\RunOnce: []  File not found
O4 - HKU\S-1-5-18..\RunOnce: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: []  File not found
O4 - HKU\S-1-5-20..\RunOnce: []  File not found
O4 - Startup: C:\Users\Rachel Mindel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_03.07.2011_17-11.lnk = C:\Users\Rachel Mindel\Desktop\Virus Removal Tool1\setup_9.0.0.722_03.07.2011_17-11\startup.exe ()
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-976231018-1287267316-1729043825-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-976231018-1287267316-1729043825-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O33 - MountPoints2\{9cdda105-f08b-11de-ad21-00269e18b768}\Shell - "" = AutoRun
O33 - MountPoints2\{9cdda105-f08b-11de-ad21-00269e18b768}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (sdnclean64.exe) -  File not found
DRV:[b]64bit:[/b] - [2009/10/22 13:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\74558332.sys -- (74558332)
DRV:[b]64bit:[/b] - [2009/10/22 13:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\70416132.sys -- (70416132)
DRV:[b]64bit:[/b] - [2009/10/09 23:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\7455833.sys -- 
DRV:[b]64bit:[/b] - [2009/09/25 17:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\74558331.sys -- (74558331)
DRV:[b]64bit:[/b] - [2009/09/25 17:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\70416131.sys -- (70416131)

:Files
c:\users\rachel mindel\appdata\local\temp\7zs81e7.tmp\symnrt.exe
c:\program files (x86)\limewire
C:\program files (x86)\oovoo
C:\Program Files (x86)\oovootb
C:\Program Files (x86)\PriceGong
ipconfig /flushdns /c

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11079D4D-2E77-4CCE-B2FE-68064FE2224F}"=-
"{285C21E7-C88B-4EE5-9843-4018CAFF02FF}"=-
"{87E93F65-1785-4147-AAE9-0016EE663E2D}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4135AB0F-A382-43C7-B4D7-53D79E623322}"=-
"{4C9FBA10-04A5-4CBF-802D-E7571F6C09F1}"=-
"{5E1311D0-D7CD-4B07-AA32-05CC04FA7381}"=-
"{99BBB6AC-3B73-473B-BDD4-0E105051847B}"=-
"TCP Query User{959B5FE3-D666-48EE-ABFE-A914E78F297D}C:\program files (x86)\oovoo\oovoo.exe"=-
"TCP Query User{A6BAB49C-5E65-46B1-ACBA-4B9D4989CCDC}C:\program files (x86)\oovoo\oovoo.exe"=-
"UDP Query User{290D9CCE-DF9A-4B0A-AB7A-294766E6AFC7}C:\program files (x86)\oovoo\oovoo.exe"=-
"UDP Query User{DDA66203-CC12-4B3A-BEB2-F378C20DE9EF}C:\program files (x86)\oovoo\oovoo.exe"=-

:Commands
[emptytemp]
[emptyflash]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

I see you have Malwarebytes Anti-Malware installed ....

  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.
    • Click the Updates tab.
      • Click Check for Updates and allow the programme to download the latest definitions.
    • Click the Scanner tab.
      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.
        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.
      • Post the log in your next reply please.

You can also access the log by doing the following
  • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL log (you should be able to just post it, if not please attach it)
  • MBAM log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Sneeky malware, browser hijack

Unread postby Seep34 » July 21st, 2011, 10:16 am

Good morning, Gary R.,

Last night, as I searched the hundreds of lines of the OTL.Txt file trying to figure out where I split the file, my eyes glazed over, everything blurred, and I had to call it quits for the night.

The huge size of the OTL.Txt file is probably my fault. Before running OTL.exe, I selected the options you recommended, included the code, and then was unsure about some of the other settings. I moved two buttons to "all"--figuring that we'd want to see more than 30 days (the default) since I didn't know when the various infections actually occurred--and that's probably what resulted in the humongous output file. I tried to include with my posting, but that's one of the (at least) two times that I was tossed out and had to log back into the forum. I think that it was my first attempt to send the OTL.Txt file, which was blown out due to it's over-the-limit size.

Even though you say you have enough to go on, I'd feel that I had more closure on that piece if I could at least give you the ending of the OTL.Txt file (where I was able to cut the output at a clear break). A bit later I'll try to move through the next set of directions that you've given me.

Here is the end of the original OTL.Txt file (the middle, with all files listed, is omitted):

========== LOP Check ==========

[2010/10/24 14:36:02 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\AnVi
[2010/07/04 13:25:45 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\BlamGames
[2010/04/22 20:57:35 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\Boolat Games
[2010/06/22 22:44:48 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\Facebook
[2010/06/06 13:34:01 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\Fuzzy Games
[2010/04/04 10:26:05 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\iWin
[2010/08/29 16:05:54 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\LimeWire
[2010/07/01 22:49:39 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\MPEG Streamclip
[2009/10/09 13:29:26 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\My Games
[2010/10/31 14:16:15 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\NCH Swift Sound
[2010/10/24 09:42:08 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\NetAssistant
[2009/09/13 12:58:03 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\ooVoo Details
[2009/09/07 14:18:26 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\PlayFirst
[2011/07/04 10:55:48 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\QuickScan
[2011/05/15 20:51:50 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\Shape games
[2010/01/04 23:18:27 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\Template
[2011/07/06 12:10:55 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\uTorrent
[2011/03/14 23:04:35 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\VoozieMaker
[2009/09/04 16:41:23 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\WildTangent
[2010/04/19 21:14:33 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\WildTangent Janes Realty2
[2011/07/06 12:55:55 | 000,000,000 | ---D | M] -- C:\Users\Malky\AppData\Roaming\WinPatrol
[2010/04/21 17:09:02 | 000,000,000 | ---D | M] -- C:\Users\Nechama Deena\AppData\Roaming\Boolat Games
[2010/04/25 12:40:00 | 000,000,000 | ---D | M] -- C:\Users\Nechama Deena\AppData\Roaming\Fuzzy Games
[2010/06/16 19:42:30 | 000,000,000 | ---D | M] -- C:\Users\Nechama Deena\AppData\Roaming\VoozieMaker
[2010/03/04 20:11:31 | 000,000,000 | ---D | M] -- C:\Users\Nechama Deena\AppData\Roaming\WildTangent
[2010/04/20 20:35:07 | 000,000,000 | ---D | M] -- C:\Users\Nechama Deena\AppData\Roaming\WildTangent Janes Realty2
[2010/03/29 12:05:45 | 000,000,000 | ---D | M] -- C:\Users\Rachel Mindel\AppData\Roaming\BlamGames
[2010/08/03 15:07:14 | 000,000,000 | ---D | M] -- C:\Users\Rachel Mindel\AppData\Roaming\ooVoo Details
[2010/05/27 08:15:56 | 000,000,000 | ---D | M] -- C:\Users\Rachel Mindel\AppData\Roaming\VoozieMaker
[2010/03/29 12:00:34 | 000,000,000 | ---D | M] -- C:\Users\Rachel Mindel\AppData\Roaming\WildTangent
[2011/07/06 11:41:20 | 000,000,000 | ---D | M] -- C:\Users\Rachel Mindel\AppData\Roaming\WinPatrol
[2011/07/20 15:47:10 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/07/20 15:48:07 | 4193,456,128 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/12 20:43:04 | 000,000,178 | ---- | M] () -- C:\lxbk.log
[2006/12/02 03:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/07/20 15:48:04 | 212,070,399 | -HS- | M] () -- C:\pagefile.sys
[2011/02/02 09:39:18 | 000,000,785 | ---- | M] () -- C:\Picasa 3.lnk
[2011/07/06 11:08:50 | 000,030,012 | ---- | M] () -- C:\Report 2011-07-06 11.06.55.txt
[2010/05/26 22:55:48 | 000,000,326 | ---- | M] () -- C:\rkill.log
[2011/07/17 21:02:26 | 000,000,041 | ---- | M] () -- C:\Tm.queue


< MD5 for: AGP440.SYS >
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/01/13 12:52:31 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=35137384FFB6FB4B4C3063CEB5DB34BE -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_37d5e5fef5f86cf7\atapi.sys
[2009/01/13 12:52:31 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=B388797CAAB36D523840347CC6A39B96 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_398211faf34b271a\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/18 01:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 22:46:54 | 000,128,056 | ---- | M] (NVIDIA Corporation) MD5=2C040B7ADA5B06F6FACADAC8514AA034 -- C:\Windows\SysNative\drivers\nvraid.sys
[2008/01/20 22:46:54 | 000,128,056 | ---- | M] (NVIDIA Corporation) MD5=2C040B7ADA5B06F6FACADAC8514AA034 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2011/06/29 23:25:52 | 009,703,936 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys

< %PROGRAMFILES%\*. >
[2009/01/13 12:38:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites
[2009/01/13 12:42:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/02/24 21:47:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Aleks 3.12
[2011/07/15 10:52:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AnVir Task Manager Free
[2011/07/17 11:52:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/07/06 11:41:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BillP Studios
[2011/07/17 11:52:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/03/09 23:41:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cat Daddy Games
[2011/07/20 14:20:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/06/16 07:52:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2011/06/16 07:52:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ConduitEngine
[2010/07/01 23:07:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Convert AVI to MP4
[2009/01/13 12:53:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2009/09/07 12:04:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\directx
[2010/05/04 18:45:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DX-Ball
[2009/11/05 21:48:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
[2010/05/26 11:30:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Eusing Free Registry Cleaner
[2010/07/22 16:53:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FBLayouts
[2010/02/08 02:32:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FreeTime
[2010/11/29 00:53:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FreshDevices
[2011/06/05 17:46:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2009/07/20 06:28:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2009/01/13 11:39:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard Company
[2009/09/20 22:48:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hp
[2010/04/25 12:40:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2009/09/07 12:00:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Infogrames Interactive
[2011/03/09 23:41:25 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2009/07/20 05:52:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2011/06/29 23:29:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2009/09/20 23:15:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iPhone Configuration Utility
[2010/03/25 19:19:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Iteral
[2009/11/01 12:04:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/01/01 02:23:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2009/01/13 12:56:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JunoPreloader
[2009/11/12 20:51:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lexmark 2200 Series
[2009/10/22 19:23:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LimeWire
[2011/07/01 19:16:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/20 15:16:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mamutu
[2011/06/29 23:27:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011/06/16 04:04:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/12/16 04:02:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2009/11/05 20:25:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
[2010/11/09 04:03:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/08/16 23:54:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2006/11/02 11:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2009/01/13 12:56:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN
[2009/09/10 18:57:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/06/21 22:20:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\muvee Technologies
[2009/01/13 12:57:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NetZeroPreloader
[2010/10/25 15:58:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton Security Scan
[2010/08/16 23:52:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NOS
[2009/09/04 15:10:23 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2010/08/03 15:05:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ooVoo
[2009/09/13 12:52:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\oovootb
[2010/10/24 09:41:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PriceGong
[2009/09/09 19:01:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/07/20 05:50:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2006/11/02 11:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2009/09/29 20:08:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Safari
[2011/03/09 23:35:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sierra On-Line
[2009/12/30 19:16:58 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2009/01/13 12:39:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sling Media
[2009/09/04 15:19:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SMINST
[2010/04/25 19:17:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Snood 4
[2010/10/24 09:43:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sound Effects
[2009/09/15 21:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StepMania
[2006/11/02 11:36:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2011/07/06 14:52:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VS Revo Group
[2010/05/24 03:26:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar
[2008/01/20 23:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration
[2008/01/20 23:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/06/16 04:01:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/10/15 03:25:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2006/11/02 11:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/05/24 03:26:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery
[2010/05/27 09:08:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/05/24 03:26:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/03/09 23:35:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WON
[2010/10/24 09:41:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents >

< End of report >

Thanks for your patience.

Mory (Seep34)
Seep34
Regular Member
 
Posts: 37
Joined: August 30th, 2010, 10:05 am

Re: Sneeky malware, browser hijack

Unread postby Seep34 » July 24th, 2011, 6:36 pm

Hi Gary R.

Back on the job.

Eliminated AnVir Task Manager Free and Mamutu 3.0. I'm moving on to the other instructions.

Mory (seep34)
Seep34
Regular Member
 
Posts: 37
Joined: August 30th, 2010, 10:05 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 138 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware