GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


descriptionsystem restore Emptysystem restore

more_horiz
I have ran norton 360 and it has detected backdoor.tidserv!inf and is telling me to manually remove it. I can only start my computer in safe mode only also system restore does not allow me to set restore points and uninstall program under control panel does not appear. I also tried ComboFix /uninstall under run and system could not find it. Help please

descriptionsystem restore EmptyRe: system restore

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionsystem restore EmptyRe: system restore

more_horiz
OTL logfile created on: 6/6/2010 7:33:39 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\mandi\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 133.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 62.22 Gb Total Space | 42.86 Gb Free Space | 68.89% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 6.07 Gb Free Space | 62.20% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MANDI-PC
Current User Name: mandi
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/06 19:33:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\mandi\Desktop\OTL.exe
PRC - [2010/05/31 23:01:34 | 006,690,864 | ---- | M] () -- C:\Program Files\PCFix\PCFix.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/04/08 09:15:02 | 003,233,752 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2010/03/26 18:51:52 | 000,118,128 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\Navw32.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/01 19:12:38 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/11/01 19:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/06/06 19:33:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\mandi\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (0053741275740157mcinstcleanup) McAfee Application Installer Cleanup (0053741275740157)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe -- (NAV)
SRV - [2010/02/12 20:38:51 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/06/27 07:35:31 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2010/06/06 06:54:20 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100606.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/06/06 06:54:20 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100606.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/06 06:54:19 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/06 06:53:19 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/28 14:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20100528.003\IDSvix86.sys -- (IDSVix86)
DRV - [2010/04/29 12:44:04 | 000,537,136 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20100429.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/26 21:23:54 | 000,116,784 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/26 21:23:21 | 000,325,680 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/26 21:23:21 | 000,043,696 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 18:22:57 | 000,501,888 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 20:40:52 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/02/03 20:40:50 | 000,172,592 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1106000.020\SYMEFA.SYS -- (SymEFA)
DRV - [2010/02/03 20:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1106000.020\SYMDS.SYS -- (SymDS)
DRV - [2009/08/10 17:22:50 | 000,079,052 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2008/05/19 01:26:02 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/03/06 02:58:12 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 11:43:26 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/13 06:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/05/04 16:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/05/04 16:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/05 15:04:16 | 000,017,920 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/01/23 19:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2006/11/02 21:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 21:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 21:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080627

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080627
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A5 BA 2A 01 1A A8 36 4E AE 6B 74 FD 44 F3 3C EA [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\IPSFFPlgn\ [2010/06/06 11:45:03 | 000,000,000 | ---D | M]

[2009/12/03 05:46:25 | 000,000,000 | ---D | M] -- C:\Users\mandi\AppData\Roaming\Mozilla\Extensions
[2010/06/06 15:21:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/06 15:21:00 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {012ABAA5-A81A-4E36-AE6B-74FD44F33CEa} - C:\Windows\System32\dbnmpntw32.dll (AIMP DevTeam)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Norton Download Manager{NAV_prod_1.19_17.6.0.32}] C:\Users\Public\Downloads\Norton\{NAV_prod_1.19_17.6.0.32}\NAVDownloader[1].exe (Symantec Corporation)
O4 - HKCU..\Run: [PCFix] C:\Program Files\PCFix\PCFix.exe ()
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools )
O4 - HKCU..\Run: [RTHDBPL] C:\Users\mandi\AppData\Local\Temp\0.9400984549966545.exe (Lzhllqc)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [N360] C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\4.1.0.32\InstStub.exe (Symantec Corporation)
O4 - HKCU..\RunOnce: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab (Reg Error: Value error.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.158.96.130 24.158.96.131
O18 - Protocol\Filter\x-sdch - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\system32\duser32.dll) - C:\Windows\System32\duser32.dll (AIMP DevTeam)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Creek.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/06 19:33:22 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\mandi\Desktop\OTL.exe
[2010/06/06 18:04:09 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/06/06 18:04:09 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/06/06 18:04:09 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/06/06 18:02:36 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/06/06 18:02:36 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/06/06 18:02:34 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/06/06 18:02:34 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/06/06 18:02:25 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/06/06 18:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/06 18:02:19 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\PC Tools
[2010/06/06 18:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/06/06 15:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/06 15:20:42 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/06/06 14:10:29 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/06/06 07:06:58 | 096,336,928 | ---- | C] (Symantec Corporation) -- C:\Users\mandi\NAV-ESD-17-6-0-32-EN.exe
[2010/06/06 06:53:46 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/06/06 06:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/06/06 06:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/06/06 06:53:08 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\symtdiv.sys
[2010/06/06 06:53:08 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\SymDS.sys
[2010/06/06 06:53:08 | 000,325,680 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\srtsp.sys
[2010/06/06 06:53:08 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\SymEFA.sys
[2010/06/06 06:53:08 | 000,116,784 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\Ironx86.sys
[2010/06/06 06:53:08 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\srtspx.sys
[2010/06/06 06:53:07 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\cchpx86.sys
[2010/06/06 06:52:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2010/06/06 06:52:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1106000.020
[2010/06/06 06:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010/06/06 06:41:11 | 000,309,248 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\dbnmpntw32.dll
[2010/06/05 08:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\GetData
[2010/06/05 07:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/06/05 07:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/06/05 07:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/06/04 05:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ReviverSoft
[2010/06/04 05:41:13 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\Uniblue
[2010/06/04 05:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/06/04 05:26:41 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\PCFix
[2010/06/04 05:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\PCFix
[2010/06/04 05:08:47 | 000,000,000 | ---D | C] -- C:\rei
[2010/06/04 05:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2010/06/03 21:07:43 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\Protection Center
[2010/06/03 21:05:17 | 000,000,000 | ---D | C] -- C:\Windows\PRAGMAmoipibntvm
[2010/06/03 20:31:18 | 000,145,920 | ---- | C] (Artem Izmaylov) -- C:\Windows\System32\d3dim70032.dll
[2010/06/03 20:30:56 | 000,307,712 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\EhStorPwdMgr32.dll
[2010/06/03 20:28:37 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\WinRAR
[2010/06/03 20:28:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010/06/03 20:28:14 | 000,309,248 | ---- | C] (AIMP DevTeam) -- C:\ProgramData\cryptui32.dll
[2010/06/03 20:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\1558801517
[2010/06/03 20:28:04 | 000,000,000 | -HSD | C] -- C:\Users\mandi\AppData\Roaming\SystemProc
[2010/06/03 20:28:02 | 000,145,920 | ---- | C] (Artem Izmaylov) -- C:\Windows\System32\cmicryptinstall32.dll
[2010/06/03 20:27:58 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Local\Apple Computer
[2010/06/03 20:27:54 | 000,307,712 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\dxmasf32.dll
[2010/06/03 20:27:52 | 000,190,464 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\duser32.dll
[2010/06/03 20:19:31 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Local\Apple
[2010/06/02 07:12:14 | 000,352,513 | ---- | C] (Avira GmbH) -- C:\Windows\System32\savapi3.dll
[2010/05/26 06:43:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\mandi\Desktop\*.tmp files -> C:\Users\mandi\Desktop\*.tmp -> ]
[1 C:\Users\mandi\AppData\Roaming\*.tmp files -> C:\Users\mandi\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/06 19:33:44 | 002,621,440 | -HS- | M] () -- C:\Users\mandi\ntuser.dat
[2010/06/06 19:33:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\mandi\Desktop\OTL.exe
[2010/06/06 19:09:53 | 000,001,356 | ---- | M] () -- C:\Users\mandi\AppData\Local\d3d9caps.dat
[2010/06/06 18:02:27 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/06/06 17:31:56 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010/06/06 14:59:58 | 000,004,795 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/06/06 14:58:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/06 14:57:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 14:57:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 14:57:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/06 14:51:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A166B122-62FB-4D88-BC1A-1CBBD39F2C10}.job
[2010/06/06 14:16:19 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/06 14:13:57 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/06/06 14:11:39 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TMContainer00000000000000000001.regtrans-ms
[2010/06/06 14:11:39 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TM.blf
[2010/06/06 08:08:37 | 000,000,830 | ---- | M] () -- C:\Users\mandi\Desktop\Norton Installation Files.lnk
[2010/06/06 08:03:03 | 000,003,782 | -HS- | M] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942P.manifest
[2010/06/06 08:00:45 | 000,000,817 | ---- | M] () -- C:\ProgramData\1859848970
[2010/06/06 07:16:16 | 000,001,715 | ---- | M] () -- C:\Users\mandi\Desktop\youporn.com.lnk
[2010/06/06 07:16:16 | 000,000,031 | ---- | M] () -- C:\Users\mandi\Desktop\troj000.exe
[2010/06/06 07:16:16 | 000,000,031 | ---- | M] () -- C:\Users\mandi\Desktop\spam003.exe
[2010/06/06 07:16:16 | 000,000,031 | ---- | M] () -- C:\Users\mandi\Desktop\spam001.exe
[2010/06/06 07:16:15 | 000,001,723 | ---- | M] () -- C:\Users\mandi\Desktop\pornotube.com.lnk
[2010/06/06 07:16:15 | 000,001,719 | ---- | M] () -- C:\Users\mandi\Desktop\nudetube.com.lnk
[2010/06/06 07:06:59 | 096,336,928 | ---- | M] (Symantec Corporation) -- C:\Users\mandi\NAV-ESD-17-6-0-32-EN.exe
[2010/06/06 07:03:10 | 000,000,331 | -HS- | M] () -- C:\ProgramData\1049320282
[2010/06/06 07:03:01 | 000,000,051 | -HS- | M] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942C.manifest
[2010/06/06 07:02:59 | 000,000,136 | -HS- | M] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942O.manifest
[2010/06/06 07:02:59 | 000,000,011 | -HS- | M] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942S.manifest
[2010/06/06 06:58:55 | 001,827,998 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1106000.020\Cat.DB
[2010/06/06 06:53:19 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/06/06 06:53:19 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/06/06 06:53:19 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/06/06 06:53:17 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/06/06 06:49:00 | 000,002,788 | ---- | M] () -- C:\Windows\GnuHashes.ini
[2010/06/06 06:41:11 | 000,309,248 | ---- | M] (AIMP DevTeam) -- C:\Windows\System32\dbnmpntw32.dll
[2010/06/05 09:17:56 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2010/06/05 08:37:19 | 000,001,031 | ---- | M] () -- C:\Users\mandi\Desktop\Recover My Files.lnk
[2010/06/05 08:09:07 | 000,000,284 | ---- | M] () -- C:\Windows\reimage.ini
[2010/06/05 08:08:55 | 000,000,166 | ---- | M] () -- C:\Windows\System32\Compress.res
[2010/06/05 07:18:52 | 000,000,937 | ---- | M] () -- C:\Users\mandi\Desktop\Norton Download Manager.lnk
[2010/06/05 07:15:57 | 000,001,665 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2010/06/04 05:41:10 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/06/04 05:27:44 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\PC Fix 2010.lnk
[2010/06/04 05:08:48 | 000,001,857 | ---- | M] () -- C:\Users\mandi\Desktop\Reimage Repair.lnk
[2010/06/03 22:05:04 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:35:46 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:35:46 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:35:46 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TM.blf
[2010/06/03 21:32:39 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:32:39 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:32:39 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TM.blf
[2010/06/03 21:06:22 | 000,000,022 | ---- | M] () -- C:\Users\mandi\AppData\Roaming\3e5b0c0d
[2010/06/03 20:31:18 | 000,145,920 | ---- | M] (Artem Izmaylov) -- C:\Windows\System32\d3dim70032.dll
[2010/06/03 20:30:56 | 000,307,712 | ---- | M] (AIMP DevTeam) -- C:\Windows\System32\EhStorPwdMgr32.dll
[2010/06/03 20:28:36 | 000,000,113 | ---- | M] () -- C:\ProgramData\sl1600833992
[2010/06/03 20:28:14 | 000,309,248 | ---- | M] (AIMP DevTeam) -- C:\ProgramData\cryptui32.dll
[2010/06/03 20:28:13 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010/06/03 20:28:02 | 000,145,920 | ---- | M] (Artem Izmaylov) -- C:\Windows\System32\cmicryptinstall32.dll
[2010/06/03 20:27:54 | 000,307,712 | ---- | M] (AIMP DevTeam) -- C:\Windows\System32\dxmasf32.dll
[2010/06/03 20:27:52 | 000,190,464 | ---- | M] (AIMP DevTeam) -- C:\Windows\System32\duser32.dll
[2010/06/02 15:12:00 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/02 15:12:00 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TM.blf
[2010/06/02 10:33:06 | 000,006,144 | ---- | M] () -- C:\Users\mandi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 07:12:14 | 000,352,513 | ---- | M] (Avira GmbH) -- C:\Windows\System32\savapi3.dll
[2010/06/02 07:12:12 | 001,380,403 | ---- | M] () -- C:\Windows\System32\avgsdk.dll
[2010/06/01 05:13:40 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/05/15 05:22:50 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/05/13 01:56:17 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/11 17:32:49 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{6b72ebdf-c6e7-11de-a8c3-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/05/11 17:32:49 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{6b72ebdf-c6e7-11de-a8c3-00219bd38b67}.TM.blf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\mandi\Desktop\*.tmp files -> C:\Users\mandi\Desktop\*.tmp -> ]
[1 C:\Users\mandi\AppData\Roaming\*.tmp files -> C:\Users\mandi\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/06 18:04:10 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/06/06 18:04:10 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/06/06 18:04:10 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/06/06 18:04:09 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/06/06 18:04:09 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/06/06 18:02:36 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/06/06 18:02:34 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/06/06 18:02:34 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/06/06 18:02:27 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/06/06 18:02:25 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/06/06 06:56:51 | 001,827,998 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\Cat.DB
[2010/06/06 06:53:46 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/06/06 06:53:46 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/06/06 06:53:17 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/06/06 06:53:02 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymEFA.inf
[2010/06/06 06:53:02 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymDS.inf
[2010/06/06 06:53:02 | 000,001,754 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\ccHPx86.inf
[2010/06/06 06:53:02 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymNetV.inf
[2010/06/06 06:53:02 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymNet.inf
[2010/06/06 06:53:02 | 000,001,388 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\srtspx.inf
[2010/06/06 06:53:02 | 000,001,382 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\srtsp.inf
[2010/06/06 06:53:02 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\Iron.inf
[2010/06/06 06:52:54 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\symnetv.cat
[2010/06/06 06:52:54 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymEFA.cat
[2010/06/06 06:52:54 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\srtspx.cat
[2010/06/06 06:52:54 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\srtsp.cat
[2010/06/06 06:52:54 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\iron.cat
[2010/06/06 06:52:54 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymDS.cat
[2010/06/06 06:52:54 | 000,007,396 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\cchpx86.cat
[2010/06/06 06:52:54 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymNet.cat
[2010/06/06 06:52:54 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\isolate.ini
[2010/06/06 06:49:00 | 000,002,788 | ---- | C] () -- C:\Windows\GnuHashes.ini
[2010/06/05 09:17:56 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2010/06/05 08:37:19 | 000,001,031 | ---- | C] () -- C:\Users\mandi\Desktop\Recover My Files.lnk
[2010/06/05 08:08:55 | 000,000,166 | ---- | C] () -- C:\Windows\System32\Compress.res
[2010/06/05 07:15:57 | 000,001,665 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2010/06/05 07:12:47 | 000,001,723 | ---- | C] () -- C:\Users\mandi\Desktop\pornotube.com.lnk
[2010/06/05 07:12:47 | 000,001,719 | ---- | C] () -- C:\Users\mandi\Desktop\nudetube.com.lnk
[2010/06/05 07:12:47 | 000,001,715 | ---- | C] () -- C:\Users\mandi\Desktop\youporn.com.lnk
[2010/06/05 07:12:47 | 000,000,031 | ---- | C] () -- C:\Users\mandi\Desktop\troj000.exe
[2010/06/05 07:12:47 | 000,000,031 | ---- | C] () -- C:\Users\mandi\Desktop\spam003.exe
[2010/06/05 07:12:47 | 000,000,031 | ---- | C] () -- C:\Users\mandi\Desktop\spam001.exe
[2010/06/05 07:09:17 | 000,000,937 | ---- | C] () -- C:\Users\mandi\Desktop\Norton Download Manager.lnk
[2010/06/05 07:09:17 | 000,000,830 | ---- | C] () -- C:\Users\mandi\Desktop\Norton Installation Files.lnk
[2010/06/04 05:41:10 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/06/04 05:26:24 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\PC Fix 2010.lnk
[2010/06/04 05:09:12 | 000,000,284 | ---- | C] () -- C:\Windows\reimage.ini
[2010/06/04 05:08:48 | 000,001,857 | ---- | C] () -- C:\Users\mandi\Desktop\Reimage Repair.lnk
[2010/06/03 21:37:48 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:37:48 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:37:48 | 000,065,536 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TM.blf
[2010/06/03 21:35:46 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:35:46 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:35:46 | 000,065,536 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TM.blf
[2010/06/03 21:32:39 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:32:39 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:32:39 | 000,065,536 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TM.blf
[2010/06/03 20:38:02 | 000,000,022 | ---- | C] () -- C:\Users\mandi\AppData\Roaming\3e5b0c0d
[2010/06/03 20:28:58 | 000,000,331 | -HS- | C] () -- C:\ProgramData\1049320282
[2010/06/03 20:28:57 | 000,000,817 | ---- | C] () -- C:\ProgramData\1859848970
[2010/06/03 20:28:36 | 000,000,113 | ---- | C] () -- C:\ProgramData\sl1600833992
[2010/06/03 20:28:13 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/06/03 20:27:53 | 000,003,782 | -HS- | C] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942P.manifest
[2010/06/03 20:27:53 | 000,000,136 | -HS- | C] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942O.manifest
[2010/06/03 20:27:53 | 000,000,051 | -HS- | C] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942C.manifest
[2010/06/03 20:27:53 | 000,000,011 | -HS- | C] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942S.manifest
[2010/06/02 07:12:12 | 001,380,403 | ---- | C] () -- C:\Windows\System32\avgsdk.dll
[2010/05/13 01:56:07 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/05/13 01:56:07 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/05/13 01:56:06 | 000,065,536 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TM.blf
[2009/09/18 08:15:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/09/30 14:07:32 | 000,000,062 | ---- | C] () -- C:\Windows\PrintWorkShop2009.ini
[2008/06/27 09:55:58 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/06/27 09:55:57 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/06/27 09:55:57 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/06/27 09:55:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/06/27 09:55:57 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/06/27 09:55:54 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/06/27 07:21:27 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:2BDCFAD6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AFFC859A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:2D5907B8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:92174436
< End of report >

descriptionsystem restore EmptyRe: system restore

more_horiz
OTL logfile created on: 6/6/2010 7:33:39 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\mandi\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 133.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 62.22 Gb Total Space | 42.86 Gb Free Space | 68.89% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 6.07 Gb Free Space | 62.20% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MANDI-PC
Current User Name: mandi
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/06 19:33:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\mandi\Desktop\OTL.exe
PRC - [2010/05/31 23:01:34 | 006,690,864 | ---- | M] () -- C:\Program Files\PCFix\PCFix.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/04/08 09:15:02 | 003,233,752 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2010/03/26 18:51:52 | 000,118,128 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\Navw32.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/01 19:12:38 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/11/01 19:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/06/06 19:33:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\mandi\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (0053741275740157mcinstcleanup) McAfee Application Installer Cleanup (0053741275740157)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe -- (NAV)
SRV - [2010/02/12 20:38:51 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/06/27 07:35:31 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2010/06/06 06:54:20 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100606.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/06/06 06:54:20 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100606.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/06 06:54:19 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/06 06:53:19 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/28 14:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20100528.003\IDSvix86.sys -- (IDSVix86)
DRV - [2010/04/29 12:44:04 | 000,537,136 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20100429.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/26 21:23:54 | 000,116,784 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/26 21:23:21 | 000,325,680 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/26 21:23:21 | 000,043,696 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 18:22:57 | 000,501,888 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 20:40:52 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NAV\1106000.020\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/02/03 20:40:50 | 000,172,592 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1106000.020\SYMEFA.SYS -- (SymEFA)
DRV - [2010/02/03 20:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1106000.020\SYMDS.SYS -- (SymDS)
DRV - [2009/08/10 17:22:50 | 000,079,052 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2008/05/19 01:26:02 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/03/06 02:58:12 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 11:43:26 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/13 06:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/05/04 16:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/05/04 16:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/05 15:04:16 | 000,017,920 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/01/23 19:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2006/11/02 21:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 21:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 21:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080627

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080627
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A5 BA 2A 01 1A A8 36 4E AE 6B 74 FD 44 F3 3C EA [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\IPSFFPlgn\ [2010/06/06 11:45:03 | 000,000,000 | ---D | M]

[2009/12/03 05:46:25 | 000,000,000 | ---D | M] -- C:\Users\mandi\AppData\Roaming\Mozilla\Extensions
[2010/06/06 15:21:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/06 15:21:00 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {012ABAA5-A81A-4E36-AE6B-74FD44F33CEa} - C:\Windows\System32\dbnmpntw32.dll (AIMP DevTeam)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Norton Download Manager{NAV_prod_1.19_17.6.0.32}] C:\Users\Public\Downloads\Norton\{NAV_prod_1.19_17.6.0.32}\NAVDownloader[1].exe (Symantec Corporation)
O4 - HKCU..\Run: [PCFix] C:\Program Files\PCFix\PCFix.exe ()
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools )
O4 - HKCU..\Run: [RTHDBPL] C:\Users\mandi\AppData\Local\Temp\0.9400984549966545.exe (Lzhllqc)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [N360] C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\4.1.0.32\InstStub.exe (Symantec Corporation)
O4 - HKCU..\RunOnce: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab (Reg Error: Value error.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.158.96.130 24.158.96.131
O18 - Protocol\Filter\x-sdch - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\system32\duser32.dll) - C:\Windows\System32\duser32.dll (AIMP DevTeam)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Creek.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/06 19:33:22 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\mandi\Desktop\OTL.exe
[2010/06/06 18:04:09 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/06/06 18:04:09 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/06/06 18:04:09 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/06/06 18:02:36 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/06/06 18:02:36 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/06/06 18:02:34 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/06/06 18:02:34 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/06/06 18:02:25 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/06/06 18:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/06 18:02:19 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\PC Tools
[2010/06/06 18:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/06/06 15:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/06 15:20:42 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/06/06 14:10:29 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/06/06 07:06:58 | 096,336,928 | ---- | C] (Symantec Corporation) -- C:\Users\mandi\NAV-ESD-17-6-0-32-EN.exe
[2010/06/06 06:53:46 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/06/06 06:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/06/06 06:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/06/06 06:53:08 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\symtdiv.sys
[2010/06/06 06:53:08 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\SymDS.sys
[2010/06/06 06:53:08 | 000,325,680 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\srtsp.sys
[2010/06/06 06:53:08 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\SymEFA.sys
[2010/06/06 06:53:08 | 000,116,784 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\Ironx86.sys
[2010/06/06 06:53:08 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\srtspx.sys
[2010/06/06 06:53:07 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1106000.020\cchpx86.sys
[2010/06/06 06:52:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2010/06/06 06:52:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1106000.020
[2010/06/06 06:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010/06/06 06:41:11 | 000,309,248 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\dbnmpntw32.dll
[2010/06/05 08:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\GetData
[2010/06/05 07:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/06/05 07:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/06/05 07:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/06/04 05:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ReviverSoft
[2010/06/04 05:41:13 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\Uniblue
[2010/06/04 05:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/06/04 05:26:41 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\PCFix
[2010/06/04 05:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\PCFix
[2010/06/04 05:08:47 | 000,000,000 | ---D | C] -- C:\rei
[2010/06/04 05:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2010/06/03 21:07:43 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\Protection Center
[2010/06/03 21:05:17 | 000,000,000 | ---D | C] -- C:\Windows\PRAGMAmoipibntvm
[2010/06/03 20:31:18 | 000,145,920 | ---- | C] (Artem Izmaylov) -- C:\Windows\System32\d3dim70032.dll
[2010/06/03 20:30:56 | 000,307,712 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\EhStorPwdMgr32.dll
[2010/06/03 20:28:37 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Roaming\WinRAR
[2010/06/03 20:28:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010/06/03 20:28:14 | 000,309,248 | ---- | C] (AIMP DevTeam) -- C:\ProgramData\cryptui32.dll
[2010/06/03 20:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\1558801517
[2010/06/03 20:28:04 | 000,000,000 | -HSD | C] -- C:\Users\mandi\AppData\Roaming\SystemProc
[2010/06/03 20:28:02 | 000,145,920 | ---- | C] (Artem Izmaylov) -- C:\Windows\System32\cmicryptinstall32.dll
[2010/06/03 20:27:58 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Local\Apple Computer
[2010/06/03 20:27:54 | 000,307,712 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\dxmasf32.dll
[2010/06/03 20:27:52 | 000,190,464 | ---- | C] (AIMP DevTeam) -- C:\Windows\System32\duser32.dll
[2010/06/03 20:19:31 | 000,000,000 | ---D | C] -- C:\Users\mandi\AppData\Local\Apple
[2010/06/02 07:12:14 | 000,352,513 | ---- | C] (Avira GmbH) -- C:\Windows\System32\savapi3.dll
[2010/05/26 06:43:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\mandi\Desktop\*.tmp files -> C:\Users\mandi\Desktop\*.tmp -> ]
[1 C:\Users\mandi\AppData\Roaming\*.tmp files -> C:\Users\mandi\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/06 19:33:44 | 002,621,440 | -HS- | M] () -- C:\Users\mandi\ntuser.dat
[2010/06/06 19:33:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\mandi\Desktop\OTL.exe
[2010/06/06 19:09:53 | 000,001,356 | ---- | M] () -- C:\Users\mandi\AppData\Local\d3d9caps.dat
[2010/06/06 18:02:27 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/06/06 17:31:56 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010/06/06 14:59:58 | 000,004,795 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/06/06 14:58:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/06 14:57:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 14:57:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 14:57:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/06 14:51:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A166B122-62FB-4D88-BC1A-1CBBD39F2C10}.job
[2010/06/06 14:16:19 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/06 14:13:57 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/06/06 14:11:39 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TMContainer00000000000000000001.regtrans-ms
[2010/06/06 14:11:39 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TM.blf
[2010/06/06 08:08:37 | 000,000,830 | ---- | M] () -- C:\Users\mandi\Desktop\Norton Installation Files.lnk
[2010/06/06 08:03:03 | 000,003,782 | -HS- | M] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942P.manifest
[2010/06/06 08:00:45 | 000,000,817 | ---- | M] () -- C:\ProgramData\1859848970
[2010/06/06 07:16:16 | 000,001,715 | ---- | M] () -- C:\Users\mandi\Desktop\youporn.com.lnk
[2010/06/06 07:16:16 | 000,000,031 | ---- | M] () -- C:\Users\mandi\Desktop\troj000.exe
[2010/06/06 07:16:16 | 000,000,031 | ---- | M] () -- C:\Users\mandi\Desktop\spam003.exe
[2010/06/06 07:16:16 | 000,000,031 | ---- | M] () -- C:\Users\mandi\Desktop\spam001.exe
[2010/06/06 07:16:15 | 000,001,723 | ---- | M] () -- C:\Users\mandi\Desktop\pornotube.com.lnk
[2010/06/06 07:16:15 | 000,001,719 | ---- | M] () -- C:\Users\mandi\Desktop\nudetube.com.lnk
[2010/06/06 07:06:59 | 096,336,928 | ---- | M] (Symantec Corporation) -- C:\Users\mandi\NAV-ESD-17-6-0-32-EN.exe
[2010/06/06 07:03:10 | 000,000,331 | -HS- | M] () -- C:\ProgramData\1049320282
[2010/06/06 07:03:01 | 000,000,051 | -HS- | M] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942C.manifest
[2010/06/06 07:02:59 | 000,000,136 | -HS- | M] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942O.manifest
[2010/06/06 07:02:59 | 000,000,011 | -HS- | M] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942S.manifest
[2010/06/06 06:58:55 | 001,827,998 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1106000.020\Cat.DB
[2010/06/06 06:53:19 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/06/06 06:53:19 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/06/06 06:53:19 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/06/06 06:53:17 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/06/06 06:49:00 | 000,002,788 | ---- | M] () -- C:\Windows\GnuHashes.ini
[2010/06/06 06:41:11 | 000,309,248 | ---- | M] (AIMP DevTeam) -- C:\Windows\System32\dbnmpntw32.dll
[2010/06/05 09:17:56 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2010/06/05 08:37:19 | 000,001,031 | ---- | M] () -- C:\Users\mandi\Desktop\Recover My Files.lnk
[2010/06/05 08:09:07 | 000,000,284 | ---- | M] () -- C:\Windows\reimage.ini
[2010/06/05 08:08:55 | 000,000,166 | ---- | M] () -- C:\Windows\System32\Compress.res
[2010/06/05 07:18:52 | 000,000,937 | ---- | M] () -- C:\Users\mandi\Desktop\Norton Download Manager.lnk
[2010/06/05 07:15:57 | 000,001,665 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2010/06/04 05:41:10 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/06/04 05:27:44 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\PC Fix 2010.lnk
[2010/06/04 05:08:48 | 000,001,857 | ---- | M] () -- C:\Users\mandi\Desktop\Reimage Repair.lnk
[2010/06/03 22:05:04 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:35:46 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:35:46 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:35:46 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TM.blf
[2010/06/03 21:32:39 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:32:39 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:32:39 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TM.blf
[2010/06/03 21:06:22 | 000,000,022 | ---- | M] () -- C:\Users\mandi\AppData\Roaming\3e5b0c0d
[2010/06/03 20:31:18 | 000,145,920 | ---- | M] (Artem Izmaylov) -- C:\Windows\System32\d3dim70032.dll
[2010/06/03 20:30:56 | 000,307,712 | ---- | M] (AIMP DevTeam) -- C:\Windows\System32\EhStorPwdMgr32.dll
[2010/06/03 20:28:36 | 000,000,113 | ---- | M] () -- C:\ProgramData\sl1600833992
[2010/06/03 20:28:14 | 000,309,248 | ---- | M] (AIMP DevTeam) -- C:\ProgramData\cryptui32.dll
[2010/06/03 20:28:13 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010/06/03 20:28:02 | 000,145,920 | ---- | M] (Artem Izmaylov) -- C:\Windows\System32\cmicryptinstall32.dll
[2010/06/03 20:27:54 | 000,307,712 | ---- | M] (AIMP DevTeam) -- C:\Windows\System32\dxmasf32.dll
[2010/06/03 20:27:52 | 000,190,464 | ---- | M] (AIMP DevTeam) -- C:\Windows\System32\duser32.dll
[2010/06/02 15:12:00 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/02 15:12:00 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TM.blf
[2010/06/02 10:33:06 | 000,006,144 | ---- | M] () -- C:\Users\mandi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 07:12:14 | 000,352,513 | ---- | M] (Avira GmbH) -- C:\Windows\System32\savapi3.dll
[2010/06/02 07:12:12 | 001,380,403 | ---- | M] () -- C:\Windows\System32\avgsdk.dll
[2010/06/01 05:13:40 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/05/15 05:22:50 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/05/13 01:56:17 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/11 17:32:49 | 000,524,288 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{6b72ebdf-c6e7-11de-a8c3-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/05/11 17:32:49 | 000,065,536 | -HS- | M] () -- C:\Users\mandi\ntuser.dat{6b72ebdf-c6e7-11de-a8c3-00219bd38b67}.TM.blf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\mandi\Desktop\*.tmp files -> C:\Users\mandi\Desktop\*.tmp -> ]
[1 C:\Users\mandi\AppData\Roaming\*.tmp files -> C:\Users\mandi\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/06 18:04:10 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/06/06 18:04:10 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/06/06 18:04:10 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/06/06 18:04:09 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/06/06 18:04:09 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/06/06 18:02:36 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/06/06 18:02:34 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/06/06 18:02:34 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/06/06 18:02:27 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/06/06 18:02:25 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/06/06 06:56:51 | 001,827,998 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\Cat.DB
[2010/06/06 06:53:46 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/06/06 06:53:46 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/06/06 06:53:17 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/06/06 06:53:02 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymEFA.inf
[2010/06/06 06:53:02 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymDS.inf
[2010/06/06 06:53:02 | 000,001,754 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\ccHPx86.inf
[2010/06/06 06:53:02 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymNetV.inf
[2010/06/06 06:53:02 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymNet.inf
[2010/06/06 06:53:02 | 000,001,388 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\srtspx.inf
[2010/06/06 06:53:02 | 000,001,382 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\srtsp.inf
[2010/06/06 06:53:02 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\Iron.inf
[2010/06/06 06:52:54 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\symnetv.cat
[2010/06/06 06:52:54 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymEFA.cat
[2010/06/06 06:52:54 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\srtspx.cat
[2010/06/06 06:52:54 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\srtsp.cat
[2010/06/06 06:52:54 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\iron.cat
[2010/06/06 06:52:54 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymDS.cat
[2010/06/06 06:52:54 | 000,007,396 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\cchpx86.cat
[2010/06/06 06:52:54 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\SymNet.cat
[2010/06/06 06:52:54 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1106000.020\isolate.ini
[2010/06/06 06:49:00 | 000,002,788 | ---- | C] () -- C:\Windows\GnuHashes.ini
[2010/06/05 09:17:56 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2010/06/05 08:37:19 | 000,001,031 | ---- | C] () -- C:\Users\mandi\Desktop\Recover My Files.lnk
[2010/06/05 08:08:55 | 000,000,166 | ---- | C] () -- C:\Windows\System32\Compress.res
[2010/06/05 07:15:57 | 000,001,665 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2010/06/05 07:12:47 | 000,001,723 | ---- | C] () -- C:\Users\mandi\Desktop\pornotube.com.lnk
[2010/06/05 07:12:47 | 000,001,719 | ---- | C] () -- C:\Users\mandi\Desktop\nudetube.com.lnk
[2010/06/05 07:12:47 | 000,001,715 | ---- | C] () -- C:\Users\mandi\Desktop\youporn.com.lnk
[2010/06/05 07:12:47 | 000,000,031 | ---- | C] () -- C:\Users\mandi\Desktop\troj000.exe
[2010/06/05 07:12:47 | 000,000,031 | ---- | C] () -- C:\Users\mandi\Desktop\spam003.exe
[2010/06/05 07:12:47 | 000,000,031 | ---- | C] () -- C:\Users\mandi\Desktop\spam001.exe
[2010/06/05 07:09:17 | 000,000,937 | ---- | C] () -- C:\Users\mandi\Desktop\Norton Download Manager.lnk
[2010/06/05 07:09:17 | 000,000,830 | ---- | C] () -- C:\Users\mandi\Desktop\Norton Installation Files.lnk
[2010/06/04 05:41:10 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/06/04 05:26:24 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\PC Fix 2010.lnk
[2010/06/04 05:09:12 | 000,000,284 | ---- | C] () -- C:\Windows\reimage.ini
[2010/06/04 05:08:48 | 000,001,857 | ---- | C] () -- C:\Users\mandi\Desktop\Reimage Repair.lnk
[2010/06/03 21:37:48 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:37:48 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:37:48 | 000,065,536 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{0966a046-6f82-11df-ab95-e35c82e37f62}.TM.blf
[2010/06/03 21:35:46 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:35:46 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:35:46 | 000,065,536 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{cf173276-6f81-11df-8934-00219bd38b67}.TM.blf
[2010/06/03 21:32:39 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/06/03 21:32:39 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 21:32:39 | 000,065,536 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{5ca8b3d8-6f81-11df-bf51-00219bd38b67}.TM.blf
[2010/06/03 20:38:02 | 000,000,022 | ---- | C] () -- C:\Users\mandi\AppData\Roaming\3e5b0c0d
[2010/06/03 20:28:58 | 000,000,331 | -HS- | C] () -- C:\ProgramData\1049320282
[2010/06/03 20:28:57 | 000,000,817 | ---- | C] () -- C:\ProgramData\1859848970
[2010/06/03 20:28:36 | 000,000,113 | ---- | C] () -- C:\ProgramData\sl1600833992
[2010/06/03 20:28:13 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/06/03 20:27:53 | 000,003,782 | -HS- | C] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942P.manifest
[2010/06/03 20:27:53 | 000,000,136 | -HS- | C] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942O.manifest
[2010/06/03 20:27:53 | 000,000,051 | -HS- | C] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942C.manifest
[2010/06/03 20:27:53 | 000,000,011 | -HS- | C] () -- C:\Users\mandi\AppData\Roaming\02000000318abe93942S.manifest
[2010/06/02 07:12:12 | 001,380,403 | ---- | C] () -- C:\Windows\System32\avgsdk.dll
[2010/05/13 01:56:07 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TMContainer00000000000000000002.regtrans-ms
[2010/05/13 01:56:07 | 000,524,288 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TMContainer00000000000000000001.regtrans-ms
[2010/05/13 01:56:06 | 000,065,536 | -HS- | C] () -- C:\Users\mandi\ntuser.dat{a5705c30-5e54-11df-82cf-00219bd38b67}.TM.blf
[2009/09/18 08:15:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/09/30 14:07:32 | 000,000,062 | ---- | C] () -- C:\Windows\PrintWorkShop2009.ini
[2008/06/27 09:55:58 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/06/27 09:55:57 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/06/27 09:55:57 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/06/27 09:55:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/06/27 09:55:57 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/06/27 09:55:54 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/06/27 07:21:27 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:2BDCFAD6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AFFC859A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:2D5907B8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:92174436
< End of report >

descriptionsystem restore EmptyRe: system restore

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionsystem restore EmptyRe: system restore

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum