Vista Antivirus 2011 back as Vista Total Security 2011

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages
1
2
3
→

You cannot start a new topic
This topic is locked

Vista Antivirus 2011 back as Vista Total Security 2011 rkill stopped no processes, ran Malwarbytes as admin. but it's bac

#1 leenyd

Member

Group: Members
Posts: 32
Joined: 25-June 10

Posted 11 April 2011 - 10:51 AM

Hello,

This is my son's college computer. He picked up Vista Antivirus 2011. It did not let him on the internet. It wouldn't let him run Symantec Anti-Virus or Malwarebytes. Yesterday, I ran rkill in all it's forms, only rkill.com and rkill.scr would run. In the black box, letters would quickly run across the screen, but the log always said that no processes were stopped.

So I activated the administrator account to see if it would work there. Rkill still acted the same, but I could now get on the internet to download, update, and run Malwarebytes. Three hours later it had picked up 6 items. My son desperately needs this computer right now, so he asked for it back so that as soon as Malwarebytes finished, he could get back to work. He soon called and said that the virus was back, but now it had morphed to Vista Total Security 2011. Now he said that in addition to the fake scans and security alerts, his computer has forgotten where everything is. He had to find the program and open it with itself before it would open. I think he means that when he clicks on an icon an "open with" pops up.

So I have the computer back again. I have run all the scans in the Preparation Guide, with a few problems:

1. When I click in the control panel to enable the firewall, the Windows Security Screen pops up and says that Vista Total Security 2011 reports that it (the firewall) is temporarily turned off. Then it says "show me the firewall programs on this computer." There is a "Turn On" butter. Should I push it? I'm leary of pushing any buttons right now.

2. I couldn't find script-blocking in his Symantec Antivirus. I even typed it into the help box of the program and nothing came up.

3. Also, I am working off my computer and downloading the files from the Preparation Guide onto a stick and moving them onto his computer. Interestingly, when I drag the icons from the stick they have the Vista Total Security 2011 Shield on top of them when they're on his desktop. The icon on his desktop for Malwarebytes also has this shield on it.

We would very much appreciate help removing this virus from his computer. I promise to run whatever scans/programs you ask immediately and get right back to you so we can solve this as quickly as possible.

Thank you so much for your help!

Here is the DDS.txt file:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jude at 10:10:50.80 on Mon 04/11/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.955 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\dlcxcoms.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Jude\AppData\Local\vfv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Real\realplayer\Update\realsched.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Users\Jude\AppData\Roaming\Microsoft\conhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Albright Messenger\acnas.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SafeConnect\scClient.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\Users\Jude\AppData\Roaming\dwm.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Jude\Documents\Desktop\dds.scr
C:\Windows\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070712
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070712
uInternet Settings,ProxyServer = http=127.0.0.1:54303
uInternet Settings,ProxyOverride = <local>;*.local
uWinlogon: Shell=explorer.exe,c:\users\jude\appdata\roaming\dwm.exe
uWindows: Load=c:\users\jude\appdata\local\temp\csrss.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [conhost] c:\users\jude\appdata\roaming\microsoft\conhost.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [<NO NAME>]
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [acnas] c:\program files\albright messenger\acnas.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware 2\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgentLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jude\appdata\roaming\mozilla\firefox\profiles\1cl3fa3p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 54303
FF - prefs.js: network.proxy.type - 1
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: XULRunner: {1F704A7B-CECD-4FEA-895A-D97C0A3D224B} - c:\users\jude\appdata\local\{1F704A7B-CECD-4FEA-895A-D97C0A3D224B}
.
============= SERVICES / DRIVERS ===============
.
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 BthFilterHelper;Bluetooth Feature Support;c:\program files\csr\vista profile pack\BthFilterHelper.exe [2006-11-7 127488]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-19 21504]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
R2 SCManager;SafeConnect Manager;c:\program files\safeconnect\scmanager.sys servicestart --> c:\program files\safeconnect\scManager.sys servicestart [?]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-11-28 1962136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-12 179712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-18 102448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-23 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\drivers\BthFilt.sys [2007-7-12 13824]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-5 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-7-11 30192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-11 06:43:00 178176 ----a-w- c:\users\jude\appdata\roaming\dwm.exe
2011-04-11 06:42:39 269312 --sha-w- c:\users\jude\appdata\local\vfv.exe
2011-04-08 06:19:22 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{50b1ef58-fbd4-4833-bbd4-bd72e634eed1}\mpengine.dll
2011-04-06 23:54:40 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-04-06 23:54:16 -------- d-----w- c:\program files\common files\xing shared
2011-04-06 23:53:48 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-04-06 23:53:32 100864 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-04-05 22:31:18 -------- d-----w- c:\windows\en
2011-04-05 22:30:35 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-04-05 22:16:34 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-05 22:16:34 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-05 22:16:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-05 22:15:05 469256 ----a-w- c:\program files\common files\windows live\.cache\e78855401cbf3de07\InstallManager_WLE_WLE.exe
2011-04-05 22:13:47 94040 ----a-w- c:\program files\common files\windows live\.cache\b9ec9ce01cbf3de06\DSETUP.dll
2011-04-05 22:13:47 525656 ----a-w- c:\program files\common files\windows live\.cache\b9ec9ce01cbf3de06\DXSETUP.exe
2011-04-05 22:13:47 1691480 ----a-w- c:\program files\common files\windows live\.cache\b9ec9ce01cbf3de06\dsetup32.dll
2011-04-05 22:13:40 525656 ----a-w- c:\program files\common files\windows live\.cache\b68eeb201cbf3de05\DXSETUP.exe
2011-04-05 22:13:39 94040 ----a-w- c:\program files\common files\windows live\.cache\b68eeb201cbf3de05\DSETUP.dll
2011-04-05 22:13:39 1691480 ----a-w- c:\program files\common files\windows live\.cache\b68eeb201cbf3de05\dsetup32.dll
2011-04-05 22:12:38 -------- d-----w- c:\users\jude\appdata\local\Windows Live
2011-04-05 22:10:51 754688 ----a-w- c:\windows\system32\webservices.dll
2011-03-24 07:19:58 -------- d-----w- c:\program files\Windows Portable Devices
2011-03-23 23:40:42 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-03-23 23:40:39 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-03-23 23:40:39 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-03-23 23:38:54 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-03-23 23:38:49 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-03-23 23:38:49 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-03-23 23:38:48 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-03-23 23:38:48 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-03-23 23:38:48 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-03-23 23:38:47 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-03-23 23:34:40 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-03-23 23:34:38 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-03-23 23:34:38 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-03-23 14:41:38 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-23 14:40:11 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-03-23 14:40:11 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-23 14:40:11 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-03-23 14:40:10 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 14:40:10 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 14:40:10 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-03-23 14:40:09 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-03-23 14:40:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-03-23 14:40:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-03-23 14:40:06 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 14:40:06 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-03-23 14:40:05 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-03-23 14:28:53 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-03-22 23:49:12 -------- d-----w- c:\windows\pss
2011-03-22 22:17:59 -------- d-----w- c:\windows\system32\eu-ES
2011-03-22 22:17:59 -------- d-----w- c:\windows\system32\ca-ES
2011-03-22 22:17:54 -------- d-----w- c:\windows\system32\vi-VN
2011-03-22 20:53:47 -------- d-----w- c:\windows\system32\EventProviders
2011-03-22 20:17:59 335872 ----a-w- c:\windows\system32\NVWRSES.dll
2011-03-22 20:13:54 -------- d-----w- c:\users\jude\Tracing
2011-03-22 20:08:54 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-03-22 20:08:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-03-22 20:06:16 -------- d-----w- c:\program files\Microsoft
2011-03-22 19:53:14 -------- d-----w- c:\program files\common files\Windows Live
2011-03-22 19:49:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-22 19:49:01 129536 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-03-22 19:49:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-22 19:39:43 675152 ----a-w- c:\windows\system32\gpprefcl.dll
.
==================== Find3M ====================
.
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
.
============= FINISH: 10:13:08.19 ===============

Attached File(s)

Attach.txt (7.36K)
Number of downloads: 0
ark.txt (3.32K)
Number of downloads: 2

#2 B-boy/StyLe/

Bleeping Freestyler

Group: Malware Response Team
Posts: 2,760
Joined: 28-September 09
Gender:Male
Location:Bulgaria

Posted 11 April 2011 - 05:38 PM

Hello leenyd ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Backup Your Registry with ERUNT

Please use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php
For version with the Installer:
Use the setup program to install ERUNT on your computer
For the zipped version:
Unzip all the files into a folder of your choice.

Open Erunt.exe. Follow the prompts leaving the values at default.

Note: to restore your registry, go to the folder and start ERDNT.exe

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Processes
killallprocesses
:files
C:\Users\Jude\AppData\Local\vfv.exe
C:\Users\Jude\AppData\Roaming\Microsoft\conhost.exe
C:\Users\Jude\AppData\Roaming\dwm.exe
c:\users\jude\appdata\local\temp\csrss.exe
c:\users\jude\appdata\local\{1F704A7B-CECD-4FEA-895A-D97C0A3D224B}
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-
"ProxyOverride"=-
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe"
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"Load"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"conhost"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{1F704A7B-CECD-4FEA-895A-D97C0A3D224B}]
:Commands
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.

Run Scan with Malwarebytes

I see you have Malwarebytes' Anti-Malware installed on your computer.
Please start the application by double-click on it's icon.
Once the program has loaded go to the UPDATE tab and check for updates.
When the update is complete, select the Scanner tab
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please save it to a convenient location and post the results in your next reply.

Regards,
Georgi

I'll be unavailable for the next 2 days. (26 and 27 may).
I will reply at Monday (28 may). Sorry for the inconvenience!

#3 leenyd

Member

Group: Members
Posts: 32
Joined: 25-June 10

Posted 11 April 2011 - 05:57 PM

Hello Georgi,

Thank you so much for responding!

I have one questions before I start. On thhe page where I download Erunt, it says the program is not for Vista. My son's computer is runnin Vista Business. Should I go ahead and use this program?

Thanks.

#4 B-boy/StyLe/

Bleeping Freestyler

Group: Malware Response Team
Posts: 2,760
Joined: 28-September 09
Gender:Male
Location:Bulgaria

Posted 11 April 2011 - 06:00 PM

Well, I just realized that I forgot to give you a download link for OTL...

Here we go...

We need to run an OTL Fix

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Processes
killallprocesses
:files
C:\Users\Jude\AppData\Local\vfv.exe
C:\Users\Jude\AppData\Roaming\Microsoft\conhost.exe
C:\Users\Jude\AppData\Roaming\dwm.exe
c:\users\jude\appdata\local\temp\csrss.exe
c:\users\jude\appdata\local\{1F704A7B-CECD-4FEA-895A-D97C0A3D224B}
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-
"ProxyOverride"=-
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe"
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"Load"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"conhost"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{1F704A7B-CECD-4FEA-895A-D97C0A3D224B}]
:Commands
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.

Regards,
Georgi

I'll be unavailable for the next 2 days. (26 and 27 may).
I will reply at Monday (28 may). Sorry for the inconvenience!

#5 leenyd

Member

Group: Members
Posts: 32
Joined: 25-June 10

Posted 11 April 2011 - 06:05 PM

Thank you for the link for OTL.

Can I use Erunt for Vista?

Leenyd

#6 B-boy/StyLe/

Bleeping Freestyler

Group: Malware Response Team
Posts: 2,760
Joined: 28-September 09
Gender:Male
Location:Bulgaria

Posted 11 April 2011 - 06:08 PM

leenyd, on 11 April 2011 - 05:57 PM, said:

I have one questions before I start. On thhe page where I download Erunt, it says the program is not for Vista. My son's computer is runnin Vista Business. Should I go ahead and use this program?

Hi leenyd,

Yes, please. There shouldn't have any problems with that. Erunt IS compatible with Vista:

Posted Image

Also take a look here => http://www.larshederer.homepage.t-online.de/erunt/faq.htm

Regards,
Georgi

I'll be unavailable for the next 2 days. (26 and 27 may).
I will reply at Monday (28 may). Sorry for the inconvenience!

#7 leenyd

Member

Group: Members
Posts: 32
Joined: 25-June 10

Posted 11 April 2011 - 06:11 PM

Thanks.

I'll start on this right away.

Leenyd

#8 leenyd

Member

Group: Members
Posts: 32
Joined: 25-June 10

Posted 11 April 2011 - 06:37 PM

Hello,

I've backed up the memory successfully, but I'm having trouble using OTL.

I downloaded OTL onto my flash drive, and I copied the wording that you gave me into notepad, and copied the txt file onto the flash drive.

Then I copied OTL onto my son's computer, opened it, opened the .txt file on my flash drive, copied the working into OTL and hit run fix.

Then his computer blue screens with "a problem has ocurred . . ." and starts a memory dump. It tried it twice and it did it both times. I tried to write the number down quickly because the computer restarts, so I think it said 0X00000FA.

Should I go on his computer as administrator? Would that help? Also, I saw that Erunt recommended disabling UAC in Vista, so I did that. Might that be a problem?

Thanks.

Leenyd

#9 leenyd

Member

Group: Members
Posts: 32
Joined: 25-June 10

Posted 11 April 2011 - 06:46 PM

I tried it as administrator and it seemed to work properly this time. Yeah! Here's the log.

========== PROCESSES ==========
All processes killed
========== FILES ==========
C:\Users\Jude\AppData\Local\vfv.exe moved successfully.
C:\Users\Jude\AppData\Roaming\Microsoft\conhost.exe moved successfully.
C:\Users\Jude\AppData\Roaming\dwm.exe moved successfully.
c:\users\jude\appdata\local\temp\csrss.exe moved successfully.
c:\users\jude\appdata\local\{1F704A7B-CECD-4FEA-895A-D97C0A3D224B}\chrome\content folder moved successfully.
c:\users\jude\appdata\local\{1F704A7B-CECD-4FEA-895A-D97C0A3D224B}\chrome folder moved successfully.
c:\users\jude\appdata\local\{1F704A7B-CECD-4FEA-895A-D97C0A3D224B} folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride not found.
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon\\"Shell"|"Explorer.exe" /E : value set successfully!
Registry value HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows\\Load deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\conhost not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{1F704A7B-CECD-4FEA-895A-D97C0A3D224B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F704A7B-CECD-4FEA-895A-D97C0A3D224B}\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.22.3 log created on 04112011_194130

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#10 B-boy/StyLe/

Bleeping Freestyler

Group: Malware Response Team
Posts: 2,760
Joined: 28-September 09
Gender:Male
Location:Bulgaria

Posted 11 April 2011 - 06:58 PM

Hi leenyd,

Great work. :cool:

One important thing !!! :exclame:

Since we are going to use a USB flash drive to transport files and logs back and forth we should disinfect the both computers to avoid re-infection.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Please run it on both computers (the clean and the infected one).

Next please proceed with the Malwarebytes scan as described above.
Don't forget to update it first.

Finally I need a fresh OTL log.

We need to run an OTL Custom Scan

Double click

OTL should now start. Change the following settings:
- Click on Scan All Users checkbox given at the top.

Copy and Paste the following code into the Posted Image

textbox.

netsvcs
%SYSTEMDRIVE%\*.*
%USERPROFILE%\AppData\Roaming\*.*
%USERPROFILE%\AppData\Roaming\Microsoft\*.*
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Local\Microsoft\*.*
%systemroot%\system32\*.dll /lockedfiles

Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

Since we have a different time zone I will get some sleep now.
I wish you a nice evening!

Regards,
Georgi

I'll be unavailable for the next 2 days. (26 and 27 may).
I will reply at Monday (28 may). Sorry for the inconvenience!

#11 leenyd

Member

Group: Members
Posts: 32
Joined: 25-June 10

Posted 11 April 2011 - 07:25 PM

Hello,

Here is the Malwarebytes quick scan log. I hope it's okay that I hit "remove selected" when it was done. Next I'll do the OTL custom scan.

Thanks.

Here's the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6337

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

4/11/2011 8:17:23 PM
mbam-log-2011-04-11 (20-17-00).txt

Scan type: Quick scan
Objects scanned: 178362
Time elapsed: 17 minute(s), 11 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\Users\administrator\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent.Gen) -> 2852 -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent.Gen) -> Value: conhost -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jude\AppData\Local\vfv.exe" -a "firefox.exe) Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jude\AppData\Local\vfv.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jude\AppData\Local\vfv.exe" -a "iexplore.exe) Good: (iexplore.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\administrator\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Jude\AppData\Local\Temp\0.6321476440433029.exe (Trojan.Agent.Gen) -> No action taken.

#12 leenyd

Member

Group: Members
Posts: 32
Joined: 25-June 10

Posted 11 April 2011 - 08:06 PM

Hello,

Here is the Malwarebytes log after I hit "remove selected." Also here is the OTL custom scan and the extra.txt file. Thank you so much for your help. Good night. I'll see you tomorrow.

Thanks again.

Leenyd

MALWAREBYTES:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6337

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

4/11/2011 8:25:12 PM
mbam-log-2011-04-11 (20-25-12).txt

Scan type: Quick scan
Objects scanned: 178362
Time elapsed: 17 minute(s), 11 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\Users\administrator\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent.Gen) -> 2852 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent.Gen) -> Value: conhost -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jude\AppData\Local\vfv.exe" -a "firefox.exe) Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jude\AppData\Local\vfv.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jude\AppData\Local\vfv.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\administrator\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Jude\AppData\Local\Temp\0.6321476440433029.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

OTL LOG:
OTL logfile created on: 4/11/2011 8:39:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Administrator\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.71 Gb Total Space | 33.40 Gb Free Space | 30.45% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.40 Gb Free Space | 70.02% Space Free | Partition Type: NTFS
Drive F: | 7.47 Gb Total Space | 0.91 Gb Free Space | 12.23% Space Free | Partition Type: FAT32

Computer Name: DEEPTHOUGHT | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/11 19:00:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011/04/11 02:41:16 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2011/04/11 02:41:15 | 000,174,432 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/05/26 12:19:00 | 001,913,544 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/08/23 09:43:14 | 000,030,720 | ---- | M] () -- C:\Program Files\Albright Messenger\acnas.exe
PRC - [2007/04/17 10:02:00 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/04/17 10:01:56 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/04/16 08:49:16 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2007/04/16 08:49:08 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/04/16 08:49:08 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/16 08:49:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/04/03 02:49:10 | 000,017,920 | ---- | M] ( ) -- C:\DELL\E-Center\EULALauncher.exe
PRC - [2007/04/03 02:49:08 | 000,021,504 | ---- | M] ( ) -- C:\DELL\E-Center\Eula.exe
PRC - [2007/03/08 17:43:44 | 000,218,688 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2007/02/20 14:01:12 | 001,125,088 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/02/20 13:58:04 | 000,387,808 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/02/15 18:31:30 | 000,066,560 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2007/02/12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 14:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/28 06:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/28 06:34:26 | 000,122,008 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/11/22 17:12:36 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/11/07 19:26:52 | 000,127,488 | ---- | M] (CSR, plc) -- C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
PRC - [2006/11/03 18:07:04 | 000,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe
PRC - [2006/10/20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

========== Modules (SafeList) ==========

MOD - [2011/04/11 19:00:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/11 02:41:15 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/07/06 18:13:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/17 10:01:56 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/02/20 13:58:04 | 000,387,808 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
SRV - [2007/02/16 14:07:40 | 000,488,448 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/02/12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/02/01 10:21:22 | 001,466,368 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2006/11/28 06:34:26 | 000,122,008 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/07 19:26:52 | 000,127,488 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe -- (BthFilterHelper)
SRV - [2006/11/03 18:07:04 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)
SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

========== Driver Services (SafeList) ==========

DRV - [2011/04/10 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110410.002\navex15.sys -- (NAVEX15)
DRV - [2011/04/10 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110410.002\naveng.sys -- (NAVENG)
DRV - [2010/06/17 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/17 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/21 03:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/21 03:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/08/23 13:20:03 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/05/05 13:51:10 | 000,013,824 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthFilt.sys -- (BTHFILT)
DRV - [2007/04/17 10:02:02 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/04/16 09:03:04 | 000,056,576 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2007/04/16 08:49:08 | 000,147,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/02/15 18:31:24 | 000,121,344 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/02/01 05:22:44 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/01/16 11:22:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\csrbcxp.sys -- (CSRBC)
DRV - [2006/12/19 15:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/22 16:17:06 | 000,274,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/22 16:17:06 | 000,247,144 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/22 16:17:06 | 000,025,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/26 12:01:34 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/10/26 12:01:34 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/10/06 14:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/08/28 16:00:44 | 000,019,968 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2005/11/03 14:19:42 | 000,027,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/11/03 14:19:30 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMOUKE.sys -- (LMouKE)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070712
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070712
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55980

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/06 19:54:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/06 19:53:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/06 19:54:40 | 000,000,000 | ---D | M]

[2010/10/23 18:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/23 18:59:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [acnas] C:\Program Files\Albright Messenger\acnas.exe ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/04/11 20:08:48 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/11 19:40:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/04/11 19:27:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/11 19:17:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/10 23:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/04/10 21:06:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\rkill
[2011/04/10 21:04:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011/04/10 21:00:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2011/04/10 20:57:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\PowerDVD DX
[2011/04/10 20:56:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\CiscoCAA
[2011/04/10 20:55:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Google
[2011/04/10 20:55:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2011/04/10 20:55:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Real
[2011/04/10 20:55:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Dell
[2011/04/10 20:54:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Symantec
[2011/04/10 20:53:42 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/04/10 20:53:42 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2011/04/10 20:53:42 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/04/10 20:53:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2011/04/10 20:52:56 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2011/04/10 20:52:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2011/04/10 20:52:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2011/04/10 20:52:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2011/04/10 20:52:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2011/04/10 20:52:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2011/04/10 20:52:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2011/04/10 20:52:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2011/04/10 20:52:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2011/04/10 20:52:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2011/04/10 20:52:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2011/04/10 20:52:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2011/04/10 20:52:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2011/04/10 20:52:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2011/04/10 20:52:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2011/04/10 20:52:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2011/04/10 20:52:05 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2011/04/10 20:52:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2011/04/10 20:52:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help
[2011/04/10 20:52:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2011/04/10 20:52:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2011/04/10 20:52:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2011/04/10 20:52:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple Computer
[2011/04/10 20:52:01 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2011/04/10 20:52:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2011/04/10 20:52:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2011/04/10 20:52:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2011/04/10 20:52:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2011/04/10 20:52:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/04/10 20:52:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2011/04/10 20:52:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2011/04/10 20:52:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2011/04/10 20:52:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2011/04/10 20:52:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2011/04/10 20:52:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/04/10 20:52:01 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2011/04/06 19:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/04/06 19:53:48 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/04/06 19:53:23 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/04/06 19:53:23 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/04/06 19:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/04/06 19:53:17 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/04/05 18:31:18 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/04/05 18:16:34 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/04/05 18:16:34 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011/04/05 18:16:34 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/04/05 18:10:51 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2011/03/24 03:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/03/23 19:40:42 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011/03/23 19:40:39 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/03/23 19:40:39 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/03/23 19:38:54 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/03/23 19:38:49 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/03/23 19:38:48 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/03/23 19:38:48 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/03/23 19:38:48 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/03/23 19:38:47 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/03/23 19:37:29 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011/03/23 19:37:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/03/23 19:37:16 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011/03/23 19:37:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2011/03/23 19:37:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2011/03/23 19:37:10 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/03/23 19:37:09 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/03/23 19:37:09 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/03/23 19:37:09 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2011/03/23 19:37:09 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/03/23 19:37:09 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/03/23 19:37:09 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/03/23 19:34:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/03/23 19:34:38 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/03/23 10:42:18 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/03/23 10:42:17 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/03/23 10:42:17 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/03/23 10:42:16 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/03/23 10:42:14 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/03/23 10:42:14 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/03/23 10:42:14 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/03/23 10:42:13 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/03/23 10:42:13 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/03/23 10:42:12 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/03/23 10:42:11 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/03/23 10:42:06 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/03/23 10:42:05 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/03/23 10:41:38 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/03/23 10:40:11 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/03/23 10:40:11 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/03/23 10:40:11 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/03/23 10:40:10 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/23 10:40:10 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/03/23 10:40:09 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/03/23 10:40:08 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/03/23 10:40:08 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/03/23 10:40:06 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/03/23 10:40:06 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/23 10:40:05 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/03/23 10:39:29 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/03/23 10:28:53 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/03/22 19:49:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/03/22 18:17:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/03/22 18:17:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/03/22 18:17:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/03/22 16:53:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/03/22 16:18:00 | 000,322,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nViewSetup.exe
[2011/03/22 16:18:00 | 000,303,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSTR.dll
[2011/03/22 16:18:00 | 000,303,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSSL.dll
[2011/03/22 16:18:00 | 000,299,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSSK.dll
[2011/03/22 16:18:00 | 000,294,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSSV.dll
[2011/03/22 16:18:00 | 000,290,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSTH.dll
[2011/03/22 16:18:00 | 000,167,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSZHT.dll
[2011/03/22 16:18:00 | 000,163,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSZHC.dll
[2011/03/22 16:17:59 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSES.dll
[2011/03/22 16:17:59 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSEL.dll
[2011/03/22 16:17:59 | 000,327,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSFR.dll
[2011/03/22 16:17:59 | 000,327,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSESM.dll
[2011/03/22 16:17:59 | 000,323,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSPT.dll
[2011/03/22 16:17:59 | 000,323,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSIT.dll
[2011/03/22 16:17:59 | 000,319,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSPTB.dll
[2011/03/22 16:17:59 | 000,319,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSNL.dll
[2011/03/22 16:17:59 | 000,315,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSRU.dll
[2011/03/22 16:17:59 | 000,315,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSHU.dll
[2011/03/22 16:17:59 | 000,311,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSDE.dll
[2011/03/22 16:17:59 | 000,303,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSFI.dll
[2011/03/22 16:17:59 | 000,299,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSNO.dll
[2011/03/22 16:17:59 | 000,294,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSPL.dll
[2011/03/22 16:17:59 | 000,294,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSDA.dll
[2011/03/22 16:17:59 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSENU.dll
[2011/03/22 16:17:59 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSENG.dll
[2011/03/22 16:17:59 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSCS.dll
[2011/03/22 16:17:59 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSAR.dll
[2011/03/22 16:17:59 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSHE.dll
[2011/03/22 16:17:59 | 000,212,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSJA.dll
[2011/03/22 16:17:59 | 000,196,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVWRSKO.dll
[2011/03/22 16:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2011/03/22 16:08:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/03/22 16:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/03/22 16:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/03/22 16:06:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/03/22 16:05:22 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/03/22 16:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/03/22 15:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/03/22 15:49:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/03/22 15:49:02 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/03/22 15:49:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/03/22 15:49:00 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/03/22 15:49:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/03/22 15:48:59 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/03/22 15:48:59 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/03/22 15:48:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/03/22 15:48:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/03/22 15:48:58 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/03/22 15:48:57 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/03/22 15:48:56 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/03/22 15:48:56 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/03/22 15:48:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/03/22 15:48:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/03/22 15:48:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/03/22 15:48:53 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/03/22 15:44:26 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/03/22 15:44:26 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/03/22 15:44:25 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/03/22 15:44:25 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/03/22 15:44:25 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2011/03/22 15:44:24 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/03/22 15:44:24 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/03/22 15:44:24 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/03/22 15:44:23 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/03/22 15:44:22 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/03/22 15:44:22 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/03/22 15:44:21 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/03/22 15:44:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/03/22 15:44:21 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/03/22 15:44:20 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/03/22 15:44:19 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/03/22 15:44:18 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/03/22 15:44:15 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/03/22 15:44:15 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/03/22 15:44:14 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011/03/22 15:44:14 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/03/22 15:44:14 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/03/22 15:44:14 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011/03/22 15:39:43 | 000,675,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2007/08/13 13:36:21 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2007/08/13 13:34:00 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2007/08/13 13:33:58 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2007/08/13 13:33:52 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2006/10/11 17:52:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2006/10/11 17:51:16 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2006/10/11 17:41:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/11 20:39:50 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/11 20:39:50 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/11 20:35:33 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/04/11 20:34:04 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\AppData\Local\WavXMapDrive.bat
[2011/04/11 20:33:25 | 000,002,485 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2011/04/11 20:33:21 | 000,218,771 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/11 20:33:03 | 000,003,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/11 20:33:03 | 000,003,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/11 20:33:02 | 000,218,771 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/11 20:33:02 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/11 20:32:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/11 20:32:23 | 2145,353,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/11 20:31:26 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/04/11 20:17:26 | 000,003,540 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\6E7E.FA3
[2011/04/11 20:06:08 | 000,132,597 | ---- | M] () -- C:\Users\Administrator\Desktop\Flash_Disinfector.exe
[2011/04/11 20:01:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/11 19:33:32 | 260,329,982 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/11 19:29:43 | 000,011,282 | -HS- | M] () -- C:\ProgramData\4m70c0v8j8c47425h2b46
[2011/04/11 19:00:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/04/11 02:41:10 | 000,000,579 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk
[2011/04/10 21:04:06 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/10 20:55:06 | 000,000,945 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/10 20:45:03 | 000,010,362 | -HS- | M] () -- C:\ProgramData\sv24unw18034m5f8c31w3380qikks0ugb36
[2011/04/10 16:20:43 | 000,405,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/06 19:54:30 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/04/06 19:53:48 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/04/06 19:53:23 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/04/06 19:53:23 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/04/06 19:53:17 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/03/24 03:19:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/03/24 03:18:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/22 19:10:05 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/11 20:35:09 | 000,132,597 | ---- | C] () -- C:\Users\Administrator\Desktop\Flash_Disinfector.exe
[2011/04/11 19:39:42 | 000,003,540 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\6E7E.FA3
[2011/04/11 02:42:59 | 000,011,282 | -HS- | C] () -- C:\ProgramData\4m70c0v8j8c47425h2b46
[2011/04/10 21:04:06 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/10 20:57:11 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\WavXMapDrive.bat
[2011/04/10 20:55:06 | 000,000,945 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/10 20:53:48 | 000,000,951 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/04/10 20:53:40 | 000,000,946 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/04/10 20:52:53 | 000,000,917 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/04/10 20:52:02 | 000,000,258 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/04/10 20:52:02 | 000,000,240 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/04/10 19:21:48 | 2145,353,728 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/10 16:10:12 | 000,010,362 | -HS- | C] () -- C:\ProgramData\sv24unw18034m5f8c31w3380qikks0ugb36
[2011/04/06 19:54:30 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/04/05 18:29:40 | 000,001,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/04/05 18:28:59 | 000,001,229 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/04/05 18:27:27 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/04/05 18:26:11 | 000,002,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/03/24 03:19:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/03/24 03:18:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/22 16:21:36 | 000,218,771 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/03/22 16:21:36 | 000,218,771 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/03/22 16:18:00 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2011/03/22 16:18:00 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2011/03/22 16:18:00 | 001,507,328 | ---- | C] () -- C:\Windows\System32\nView.dll
[2011/03/22 16:18:00 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2011/03/22 16:18:00 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2011/03/22 16:18:00 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2011/03/22 16:18:00 | 000,267,296 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe
[2011/03/22 16:18:00 | 000,073,728 | ---- | C] () -- C:\Windows\System32\nView.cpl
[2011/03/22 16:17:58 | 000,053,768 | ---- | C] () -- C:\Windows\default.tvp
[2011/03/22 16:17:58 | 000,033,032 | ---- | C] () -- C:\Windows\finance.tvp
[2011/03/22 16:17:58 | 000,032,846 | ---- | C] () -- C:\Windows\advanced.tvp
[2011/03/22 16:17:58 | 000,031,186 | ---- | C] () -- C:\Windows\dcc.tvp
[2011/03/22 16:17:58 | 000,029,892 | ---- | C] () -- C:\Windows\cad.tvp
[2011/03/22 15:48:57 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/08/15 11:55:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/15 11:55:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/15 11:53:22 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/08/13 03:08:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/13 14:09:47 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/02/25 16:01:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/12/26 16:49:01 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/08/13 13:37:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2007/08/13 13:37:26 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2007/08/13 13:36:22 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2007/08/13 13:33:57 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2007/08/06 11:09:31 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2007/07/30 11:44:30 | 000,001,563 | ---- | C] () -- C:\Windows\eReg.dat
[2007/07/26 21:21:32 | 000,118,784 | ---- | C] () -- C:\Windows\bwUnin-7.2.0.137-8876480SL.exe
[2007/07/11 20:49:39 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/07/11 20:49:38 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2007/07/11 20:48:46 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/07/11 20:44:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2007/07/11 20:42:33 | 001,736,704 | ---- | C] () -- C:\Windows\System32\Tsp1.dll
[2007/07/11 20:41:51 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2007/07/11 20:41:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2007/07/11 20:36:20 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll
[2007/04/10 15:58:16 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll
[2007/04/10 15:58:10 | 000,266,240 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll
[2007/04/10 15:57:14 | 000,241,664 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll
[2007/04/10 15:57:08 | 000,233,472 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll
[2007/04/10 15:57:02 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll
[2007/04/10 15:56:54 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll
[2007/04/10 15:56:44 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll
[2007/04/10 15:56:38 | 000,241,664 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll
[2007/04/10 15:56:26 | 000,212,992 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll
[2007/04/10 15:56:18 | 000,217,088 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll
[2007/04/10 15:52:02 | 000,237,568 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll
[2007/02/16 12:09:12 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2007/02/16 12:08:52 | 000,077,824 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2007/02/16 12:08:34 | 000,077,824 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2007/02/16 12:08:14 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2007/02/16 12:07:56 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2007/02/16 12:07:36 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2007/02/16 12:07:16 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2007/02/16 12:06:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2007/02/16 12:06:38 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2007/02/16 12:06:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2007/02/15 18:29:54 | 000,262,144 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2007/01/02 10:14:20 | 000,835,584 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2006/11/10 00:45:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:43 | 000,405,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/20 20:07:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2006/10/20 20:06:42 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2006/10/20 20:03:26 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2006/10/20 19:57:38 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2006/10/20 19:56:50 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2006/10/20 19:55:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2006/10/20 19:54:42 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2006/10/20 19:48:36 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2006/10/20 19:46:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2006/09/22 07:42:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 06:13:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2006/08/14 12:02:10 | 000,072,192 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006/04/24 15:09:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2006/03/19 20:03:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2004/09/10 13:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2004/09/10 13:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2000/01/28 00:00:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\wrkgadm.exe
[2000/01/28 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/10 00:41:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/07/12 04:14:50 | 000,004,209 | RH-- | M] () -- C:\dell.sdr
[2010/10/22 02:35:26 | 000,000,096 | ---- | M] () -- C:\dlcx.log
[2011/04/11 20:32:23 | 2145,353,728 | -HS- | M] () -- C:\hiberfil.sys
[2007/07/11 20:38:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/07/11 20:42:05 | 000,000,000 | ---- | M] () -- C:\Log.txt
[2007/07/11 20:38:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/11 20:32:20 | 2459,156,480 | -HS- | M] () -- C:\pagefile.sys
[2011/04/10 21:07:59 | 000,000,366 | ---- | M] () -- C:\rkill.log

< %USERPROFILE%\AppData\Roaming\*.* >
[2011/04/11 20:17:26 | 000,003,540 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\6E7E.FA3

< %USERPROFILE%\AppData\Roaming\Microsoft\*.* >

< %USERPROFILE%\AppData\Local\*.* >
[2011/04/10 20:56:24 | 000,107,728 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/04/11 20:30:58 | 002,031,673 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2011/04/11 20:34:04 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\AppData\Local\WavXMapDrive.bat

< %USERPROFILE%\AppData\Local\Microsoft\*.* >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/03/21 15:33:40 | 000,065,536 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< End of report >

EXTRA TEXT LOG:OTL Extras logfile created on: 4/11/2011 8:39:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Administrator\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.71 Gb Total Space | 33.40 Gb Free Space | 30.45% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.40 Gb Free Space | 70.02% Space Free | Partition Type: NTFS
Drive F: | 7.47 Gb Total Space | 0.91 Gb Free Space | 12.23% Space Free | Partition Type: FAT32

Computer Name: DEEPTHOUGHT | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5033251B-1D82-4CB2-A0F3-477C5795B854}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{561A0EC7-03B4-44C0-B109-DCC66683801C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{67FA010C-FE32-43BE-8DA1-06BD9DF0A819}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6A046386-7E23-45D8-A3F5-88C31D4AABB8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F902ACAF-C72D-44C9-B913-6DF4078AA9C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B092BF-5D47-4159-BC4E-A56EEDFB1ACD}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{0AA509DD-2B2C-41FE-A12F-4651A3B44DC3}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{0FF7B109-0A91-407A-9A2F-38A84F8C3F74}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{11AD9F7D-BF23-49CA-AE02-81A4625FBD03}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{28D28202-0C0B-4D7E-88F8-1E51D3838DCC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{322B06BE-9C1C-44C4-9234-709AA87F40D6}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{3346FDB9-4DA9-4CD7-9A28-E3BCD14BB83A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{339A69CA-0F64-4F44-8106-4CB8ACBC4B10}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{44B521DB-E167-40E0-B6CB-44642FA7E191}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5D7DBAA5-762C-42DB-A647-C8D118D35E26}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{6B7517EC-AA5D-4566-9629-9F4EA69C10F1}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |
"{773DD4B6-6B81-4B2E-9A83-A91B07DA8AFF}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{866DC282-E8BF-40F8-8361-9180252C227C}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{93581BDE-DBF2-4577-A282-6536CDA2323B}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{ACA669C9-B204-420E-A69E-DE02ADFA00BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BF342CA1-C1F9-43C0-AD46-F6904F93ED52}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DB74E599-F3EE-47B0-89EF-F9017458D25C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DDDDB6C5-F579-47A1-87D0-E116A4416B54}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{E4A5DFEA-796A-41A3-B97C-37BEDAD504C8}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{EBBA85CE-C183-4763-8D57-57BDCC7160B8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{FFCA4E04-D876-49B4-8896-4AD902E35916}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"TCP Query User{088E0BBE-7737-455A-B6AC-10AA30296F99}C:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe" = protocol=6 | dir=in | app=c:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe |
"TCP Query User{467C5097-6F05-4E11-B612-5DA30E7B5322}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{70465D8A-133B-427A-907B-036CC5C06340}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{792B1D48-D76F-4A40-BB13-04EC2FCD39E7}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{AEE65CDD-AB61-42FF-AC7B-285FB8A47EF5}C:\program files\ruckus player\ruckus.exe" = protocol=6 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"TCP Query User{C448D3EE-87D2-4855-8E43-2CE4EF5C1816}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{DC4A556E-B859-4642-901A-D88CDEDFF7DA}C:\program files\ruckus player\ruckus.exe" = protocol=6 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"TCP Query User{E017FF10-8736-4FE4-AAE7-123F9A7A6DB1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{E159CC9E-4D02-4FF4-85E3-074A54D8FC41}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E2920532-0271-4C54-A13F-F812C2278B66}C:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe" = protocol=6 | dir=in | app=c:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe |
"UDP Query User{02BFD41E-8839-429A-B5EC-042946CCD6C7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{304CA5C3-45FF-43FE-B43C-2F3175044049}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{35E35545-4F83-4F36-B5D4-20CCA083F1B1}C:\program files\ruckus player\ruckus.exe" = protocol=17 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"UDP Query User{8898976E-0B04-4481-9343-1EDAFF7095CC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{A64CE22B-6DA1-4DE8-9FD8-4D7255A0E495}C:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe" = protocol=17 | dir=in | app=c:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe |
"UDP Query User{A65BD914-BA5E-41E5-AB5E-17153EF42164}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{AC262F34-544A-47EC-AD5E-A07A1E8A4005}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{AF272882-3337-4301-8F7D-F71FD4850249}C:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe" = protocol=17 | dir=in | app=c:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe |
"UDP Query User{C5618437-DF80-4F21-8C84-B40CEC015411}C:\program files\ruckus player\ruckus.exe" = protocol=17 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
"UDP Query User{CCD92ECE-743E-42EE-B105-4A13BA25D025}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{094FABA0-4865-11D4-95B6-000103485DB6}" = SimCoaster
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AC561AA-6C40-407A-AC5E-7AE8F4F3449B}" = Wave Infrastructure Installer
"{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14.0 M020 Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 22
"{2727FBEF-3155-11D4-8F73-0050DA0F6297}" = The Sims Livin' Large
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F5BCE20-50E0-11D4-A75D-005004D920E6}" = Music Ace
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
"{57729BE1-DE2C-45DB-9FFA-5C1949679B3E}" = Watchtower Library 2010 - English
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4 Rush Hour
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63988D27-DA4D-4C1E-99C6-50F1CF5D4A2A}" = Fingerprint Sensor Minimum Install
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8796E14E-2031-463F-8A9A-31062B2652B4}" = Mathcad 14.0 M020
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9556CFD4-3F7E-4D1C-958B-759703E9CC21}" = O2Micro USB Smart Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}" = Safari
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}" = NTRU TCG Software Stack
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D31FB582-86AE-4A05-BFC1-5C5CA944E234}" = Vista Profile Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DDC63227-BA06-4855-B002-BDB49E9F677E}" = Symantec Technical Support Web Controls
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14.0 M020 Resource Center
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3D Home Architect Deluxe 3.0" = 3D Home Architect® Deluxe 3.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Albright Messenger" = Albright Messenger
"BDH Differential Equations" = BDH Differential Equations
"BitTorrent" = BitTorrent
"Brain Builder" = Brain Builder
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"DSMT6" = MathType 6
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 9.5" = Maple 9.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MS Access 97 SP2" = MS Access 97 SP2
"Network Addon Mod" = Network Addon Mod Version April 2008
"Network Play System (Patching)" = Network Play System (Patching)
"NVIDIA Drivers" = NVIDIA Drivers
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"POV-Ray for Windows v3.6" = POV-Ray for Windows v3.6.1c
"PROPLUSR" = Microsoft Office Professional Plus 2007
"R for Windows 2.9.1_is1" = R for Windows 2.9.1
"RealPlayer 12.0" = RealPlayer
"Ruckus Player" = Ruckus Player
"SafeConnect" = SafeConnect
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SimCity 3000 Unlimited" = SimCity 3000 Unlimited
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WinGimp-2.0_is1" = GIMP 2.4.2
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/11/2011 7:02:52 PM | Computer Name = DeepThought | Source = Symantec AntiVirus | ID = 16711685
Description = Risk: in File: c:\users\jude\appdata\local\temp\csrss.exe by: Startup
scan. Action: Leave Alone succeeded. Action Description: The file was left unchanged.

Risk:
in File: c:\users\jude\appdata\roaming\microsoft\conhost.exe by: Startup scan.
Action: Leave Alone succeeded. Action Description: The file was left unchanged.

Risk:
in File: c:\users\jude\appdata\roaming\dwm.exe by: Startup scan. Action: Leave
Alone succeeded. Action Description: The file was left unchanged. Risk: in File:
c:\users\jude\appdata\local\temp\csrss.exe by: Startup scan. Action: Leave Alone
succeeded. Action Description: The file was left unchanged. Risk: in File: c:\users\jude\appdata\roaming\microsoft\conhost.exe
by: Startup scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged. Risk: in File: c:\users\jude\appdata\roaming\dwm.exe by: Startup
scan. Action: Leave Alone succeeded. Action Description: The file was left unchanged.

Error - 4/11/2011 7:02:53 PM | Computer Name = DeepThought | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: c:\users\jude\appdata\local\temp\csrss.exe
by: Startup scan. Action: Terminate Process Required. Action Description:

Error - 4/11/2011 7:18:05 PM | Computer Name = DeepThought | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: c:\users\jude\appdata\roaming\dwm.exe
by: Startup scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 4/11/2011 7:18:06 PM | Computer Name = DeepThought | Source = Symantec AntiVirus | ID = 16711685
Description = Risk: in File: c:\users\jude\appdata\roaming\dwm.exe by: Startup
scan. Action: Leave Alone succeeded. Action Description: The file was left unchanged.

Risk:
in File: c:\users\jude\appdata\local\temp\csrss.exe by: Startup scan. Action:
Leave Alone succeeded. Action Description: The file was left unchanged. Risk:
in File: c:\users\jude\appdata\roaming\microsoft\conhost.exe by: Startup scan.
Action: Leave Alone succeeded. Action Description: The file was left unchanged.

Risk:
in File: c:\users\jude\appdata\roaming\dwm.exe by: Startup scan. Action: Leave
Alone succeeded. Action Description: The file was left unchanged. Risk: in File:
c:\users\jude\appdata\local\temp\csrss.exe by: Startup scan. Action: Leave Alone
succeeded. Action Description: The file was left unchanged. Risk: in File: c:\users\jude\appdata\roaming\microsoft\conhost.exe
by: Startup scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged.

Error - 4/11/2011 7:18:06 PM | Computer Name = DeepThought | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: c:\users\jude\appdata\roaming\dwm.exe
by: Startup scan. Action: Terminate Process Required. Action Description:

Error - 4/11/2011 7:24:11 PM | Computer Name = DeepThought | Source = Application Error | ID = 1000
Description = Faulting application OfficeLiveSignIn.exe, version 2.0.2313.0, time
stamp 0x491c0a79, faulting module OfficeLiveSignIn.exe, version 2.0.2313.0, time
stamp 0x491c0a79, exception code 0xc0000005, fault offset 0x00003ce7, process id
0xc24, application start time 0x01cbf89f537e4569.

Error - 4/11/2011 7:41:44 PM | Computer Name = DeepThought | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: Unavailable by:
Startup scan. Action: Clean failed : Quarantine failed. Action Description: The
file was left unchanged.

Error - 4/11/2011 7:41:48 PM | Computer Name = DeepThought | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 4/11/2011 7:47:34 PM | Computer Name = DeepThought | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: c:\users\administrator\appdata\roaming\microsoft\conhost.exe
by: Startup scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 4/11/2011 7:47:35 PM | Computer Name = DeepThought | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: c:\users\administrator\appdata\roaming\microsoft\conhost.exe
by: Startup scan. Action: Terminate Process Required. Action Description:

[ Broadcom Wireless LAN Events ]
Error - 1/4/2010 12:01:29 AM | Computer Name = DeepThought | Source = WLAN-Tray | ID = 0
Description = 23:01:29, Sun, Jan 03, 10 Error - Unable to gain access to user store

Error - 3/22/2011 7:33:19 PM | Computer Name = DeepThought | Source = WLAN-Tray | ID = 0
Description = 19:33:18, Tue, Mar 22, 11 Error - Unable to gain access to user store

Error - 3/22/2011 7:51:40 PM | Computer Name = DeepThought | Source = WLAN-Tray | ID = 0
Description = 19:51:39, Tue, Mar 22, 11 Error - Unable to gain access to user store

Error - 3/25/2011 5:42:36 PM | Computer Name = DeepThought | Source = WLAN-Tray | ID = 0
Description = 17:42:31, Fri, Mar 25, 11 Error - Unable to gain access to user store

Error - 4/5/2011 6:02:14 PM | Computer Name = DeepThought | Source = WLAN-Tray | ID = 0
Description = 18:02:12, Tue, Apr 05, 11 Error - Unable to gain access to user store

Error - 4/10/2011 4:26:30 PM | Computer Name = DeepThought | Source = WLAN-Tray | ID = 0
Description = 16:26:29, Sun, Apr 10, 11 Error - Unable to gain access to user store

Error - 4/10/2011 7:22:32 PM | Computer Name = DeepThought | Source = WLAN-Tray | ID = 0
Description = 19:22:31, Sun, Apr 10, 11 Error - Unable to gain access to user store

Error - 4/11/2011 9:40:34 AM | Computer Name = DeepThought | Source = WLAN-Tray | ID = 0
Description = 09:40:33, Mon, Apr 11, 11 Error - Unable to gain access to user store

Error - 4/11/2011 7:29:13 PM | Computer Name = DeepThought | Source = WLAN-Tray | ID = 0
Description = 19:29:12, Mon, Apr 11, 11 Error - Unable to gain access to user store

Error - 4/11/2011 7:34:00 PM | Computer Name = DEEPTHOUGHT | Source = WLAN-Tray | ID = 0
Description = 19:34:00, Mon, Apr 11, 11 Error - Unable to gain access to user store

[ OSession Events ]
Error - 9/4/2009 3:16:58 PM | Computer Name = DeepThought | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/8/2009 6:20:42 PM | Computer Name = DeepThought | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 103916
seconds with 1080 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/11/2011 7:11:23 PM | Computer Name = DeepThought | Source = Service Control Manager | ID = 7001
Description =

Error - 4/11/2011 7:28:54 PM | Computer Name = DeepThought | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:27:38 PM on 4/11/2011 was unexpected.

Error - 4/11/2011 7:29:35 PM | Computer Name = DeepThought | Source = Service Control Manager | ID = 7001
Description =

Error - 4/11/2011 7:33:46 PM | Computer Name = DeepThought | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:31:39 PM on 4/11/2011 was unexpected.

Error - 4/11/2011 7:34:20 PM | Computer Name = DeepThought | Source = Service Control Manager | ID = 7001
Description =

Error - 4/11/2011 7:41:31 PM | Computer Name = DeepThought | Source = Service Control Manager | ID = 7034
Description =

Error - 4/11/2011 7:41:48 PM | Computer Name = DeepThought | Source = Service Control Manager | ID = 7034
Description =

Error - 4/11/2011 7:43:53 PM | Computer Name = DeepThought | Source = Service Control Manager | ID = 7001
Description =

Error - 4/11/2011 8:31:20 PM | Computer Name = DeepThought | Source = Service Control Manager | ID = 7034
Description =

Error - 4/11/2011 8:33:24 PM | Computer Name = DeepThought | Source = Service Control Manager | ID = 7001
Description =

< End of report >

#13 B-boy/StyLe/

Bleeping Freestyler

Group: Malware Response Team
Posts: 2,760
Joined: 28-September 09
Gender:Male
Location:Bulgaria

Posted 12 April 2011 - 02:14 AM

Hello leenyd

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55980
O4 - HKLM..\Run: [] File not found
[2011/04/11 20:17:26 | 000,003,540 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\6E7E.FA3
[2011/04/11 19:29:43 | 000,011,282 | -HS- | M] () -- C:\ProgramData\4m70c0v8j8c47425h2b46
[2011/04/10 20:45:03 | 000,010,362 | -HS- | M] () -- C:\ProgramData\sv24unw18034m5f8c31w3380qikks0ugb36
:Commands
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Regards,
Georgi

I'll be unavailable for the next 2 days. (26 and 27 may).
I will reply at Monday (28 may). Sorry for the inconvenience!

#14 leenyd

Member

Group: Members
Posts: 32
Joined: 25-June 10

Posted 12 April 2011 - 08:07 AM

Good morning,

First, here's a few new developments:

1. Under the user "Jude," there is a message on the desktop with a yellow triangle and an exclamation in it that says "Desktop" and "Could not load or run C:\users\Jude\AppData\Local|Temp\crss.exe' " specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry.

2. I thought I'd only use my son's computer today instead of using mine and the flash drive to transfer things across. When I logged in as administrator, I could get the wireless network connection to connect, but Internet Explorer would not connect. When I hit diagnose it said "www.google.com is not set up to establish a connection on port world wide web service(HTTP) with this computer.

3. Some of the icons on the "Jude" desktop and quickstart ask "open with" when they are hit.

Now onto the OTL Fix. I ran that on the "Jude" desktop, but hit "run as administrator." It worked fine and restarted, but it didn't give me a report. So I did it again, and still no report. I noticed two desktop.ini files on the desktop, are these perhaps the reports? Here's what they said:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799

and

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Windows Media Player.lnk=@%SystemRoot%\system32\unregmp2.exe,-4

Now I will do the ESET Scan.

Thanks.

Leenyd