Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE is acting weird everything lining up on the left side of the page


  • This topic is locked This topic is locked
52 replies to this topic

#1 Sky23

Sky23

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 11 January 2010 - 08:53 PM

This computer's antivirus has been messing up & I believe that it also has malware of some sort. It also likes to hang @ startup and I would really like some help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51pm 11/01/2010
Platform: Windows XP SP2
MSIE: Internet Explorer v6.00

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\AOL\1177442063\ee\AOLSoftware.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061205
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177442063\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8985 bytes

Attached Files

  • Attached File  espn.doc   494.5KB   11 downloads


BC AdBot (Login to Remove)

 


#2 Sky23

Sky23
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 11 January 2010 - 08:54 PM

The Espn doc is just to show the page lining up on the left side weird


===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Elise - forum moderator

Edited by elise025, 16 January 2010 - 01:56 PM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:46 PM

Posted 17 January 2010 - 02:50 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 Sky23

Sky23
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 20 January 2010 - 11:46 PM

I'll Be getting the log back to you early tomorrow 01/21/2010 to get started a little bit late right now

#5 Sky23

Sky23
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 21 January 2010 - 09:50 AM

Here's My OTL & Extra's Log

Some of my other problems is that the computer hangs @ startup, occasionaly the computer will have a slow response time, The Internet will: sometimes when you click on a website, it will say webpage not found, or do a redirect. any help will be greatly appreciated.

OTL

OTL logfile created on: 1/21/2010 9:25:13 AM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\edith evans\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 119.00 Mb Available Physical Memory | 27.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 57.76 Gb Free Space | 82.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAE
Current User Name: edith evans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/21 09:24:15 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\edith evans\Desktop\OTL.exe
PRC - [2010/01/08 01:40:57 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2010/01/08 01:40:56 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/19 09:37:02 | 00,605,112 | ---- | M] (VS Revo Group) -- C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe
PRC - [2009/07/21 13:40:24 | 00,404,737 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\update.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/02 14:41:12 | 00,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
PRC - [2009/02/02 14:41:12 | 00,173,296 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
PRC - [2009/02/02 14:41:11 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2009/02/02 14:41:10 | 00,177,392 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2008/06/24 19:10:30 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2008/06/24 19:10:16 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2008/06/24 19:09:48 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2008/06/24 19:09:38 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2007/11/09 14:41:23 | 00,014,088 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
PRC - [2007/11/09 14:41:18 | 00,189,704 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
PRC - [2007/06/12 11:32:26 | 00,230,928 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
PRC - [2007/01/04 11:10:22 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/08/28 21:57:12 | 00,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/08/23 12:12:44 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/08/15 03:00:20 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/06/26 16:34:50 | 00,299,008 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
PRC - [2006/06/13 17:51:38 | 00,286,720 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006/05/18 01:36:10 | 00,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcxcoms.exe
PRC - [2005/10/05 03:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/08/10 05:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/10 05:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/10/29 02:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/08/27 10:29:46 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/01/21 09:24:15 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\edith evans\Desktop\OTL.exe
MOD - [2007/11/09 14:41:23 | 00,083,208 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOEHook.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/08 01:40:56 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/02 14:41:11 | 00,214,256 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2008/06/24 19:10:30 | 00,281,104 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2008/06/24 19:10:16 | 00,145,936 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2008/06/24 19:09:48 | 00,801,296 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2008/06/24 19:09:38 | 01,010,192 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2007/11/09 14:41:18 | 00,189,704 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)
SRV - [2007/06/12 11:32:32 | 00,243,216 | ---- | M] (CA, Inc.) [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)
SRV - [2007/04/23 10:36:06 | 00,144,960 | ---- | M] (Computer Associates International, Inc.) [Disabled | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)
SRV - [2007/01/04 11:10:22 | 00,280,080 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2006/08/23 12:12:44 | 00,155,715 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/05/18 01:36:10 | 00,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\dlcxcoms.exe -- (dlcx_device)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/08/27 10:29:46 | 00,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/16 17:24:46 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/06/24 19:08:58 | 00,093,712 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys -- (KmxStart)
DRV - [2008/06/24 19:08:56 | 00,066,576 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2008/06/24 19:08:52 | 00,115,216 | ---- | M] (CA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw)
DRV - [2008/06/24 19:08:46 | 00,045,584 | ---- | M] (CA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2008/06/24 19:08:42 | 00,134,648 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2008/06/24 19:08:42 | 00,088,816 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2008/06/24 19:08:36 | 00,063,504 | ---- | M] (CA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2008/06/16 13:40:47 | 00,880,560 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vetefile.sys -- (VETEFILE)
DRV - [2008/06/16 13:40:47 | 00,108,368 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\veteboot.sys -- (VETEBOOT)
DRV - [2007/06/12 11:33:12 | 00,032,528 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2007/06/12 11:33:10 | 00,021,648 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2007/06/12 11:33:08 | 00,021,392 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vet-rec.sys -- (VET-REC)
DRV - [2007/06/12 11:33:06 | 00,026,640 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2006/08/24 05:33:36 | 00,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/08/23 12:12:38 | 03,959,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/08/15 03:00:18 | 01,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 06:29:44 | 00,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/05 07:00:48 | 00,089,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce™
DRV - [2006/08/05 07:00:40 | 00,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/06/18 21:37:34 | 00,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/10 11:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/08/12 17:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 05:00:00 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/10 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2003/11/17 14:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/09 11:48:08 | 00,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061205
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061205


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061205
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061205
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-225355221-2009148172-452228400-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-225355221-2009148172-452228400-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-225355221-2009148172-452228400-1006\S-1-5-21-225355221-2009148172-452228400-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/01/11 20:23:27 | 00,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-225355221-2009148172-452228400-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-225355221-2009148172-452228400-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-225355221-2009148172-452228400-1006\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QOELOADER] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe (CA)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-225355221-2009148172-452228400-1006..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-225355221-2009148172-452228400-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-225355221-2009148172-452228400-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-225355221-2009148172-452228400-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-225355221-2009148172-452228400-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-225355221-2009148172-452228400-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-225355221-2009148172-452228400-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-225355221-2009148172-452228400-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-225355221-2009148172-452228400-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-225355221-2009148172-452228400-1006\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/21 09:24:09 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\edith evans\Desktop\OTL.exe
[2010/01/20 10:56:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\edith evans\Application Data\Sunbelt
[2010/01/20 10:56:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2010/01/20 10:56:37 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2010/01/18 19:38:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\edith evans\Local Settings\Application Data\AskToolbar
[2010/01/18 19:37:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\edith evans\Application Data\BitTorrent
[2010/01/18 19:36:53 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/01/18 19:23:55 | 00,491,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\edith evans\Desktop\ie6setup.exe
[2010/01/16 19:08:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/01/15 17:02:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/01/15 16:47:27 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/01/15 16:47:27 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/15 16:47:27 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/01/15 16:47:27 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/01/15 16:47:23 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/01/15 16:47:14 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/01/15 16:47:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/01/13 11:20:27 | 00,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/11 20:56:18 | 00,000,000 | ---D | C] -- C:\Win389
[2010/01/11 20:49:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/11 20:20:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/01/08 15:58:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/01/08 15:21:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/01/08 15:21:24 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/01/08 15:21:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/01/08 15:20:17 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010/01/08 11:26:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/01/08 10:16:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\NV620944.TMP
[2010/01/08 10:15:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/01/08 10:02:51 | 00,592,488 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvuninst.exe
[2010/01/08 10:02:47 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/01/08 10:01:42 | 00,035,840 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2010/01/08 10:01:39 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2010/01/08 01:41:23 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/08 01:41:23 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/08 01:41:23 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/08 01:41:22 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/08 01:41:22 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/08 01:39:22 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/08 01:35:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\edith evans\Application Data\Malwarebytes
[2010/01/08 01:35:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/08 01:33:26 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\edith evans\PrivacIE
[2010/01/08 01:30:54 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\edith evans\IETldCache
[2010/01/08 01:27:54 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/01/08 01:27:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/08 01:25:26 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/01/08 01:25:26 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/01/08 01:25:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/01/08 01:24:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/01/08 01:16:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/01/08 01:12:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/01/08 01:04:21 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/08 01:04:21 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/08 01:04:21 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/08 01:04:21 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/08 01:04:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/08 01:04:01 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/07 23:41:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/01/07 23:26:38 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/01/07 23:08:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\edith evans\Local Settings\Application Data\magicJack
[2010/01/07 23:08:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\edith evans\Application Data\mjusbsp
[2010/01/07 23:07:16 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/01/07 23:07:16 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2007/04/05 10:22:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/12/05 07:06:32 | 01,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/12/05 07:06:32 | 00,983,040 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/12/05 07:06:32 | 00,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/12/05 07:06:32 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/12/05 07:06:32 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2006/12/05 07:06:31 | 00,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2006/12/05 07:06:31 | 00,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/12/05 07:06:31 | 00,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2006/12/05 07:06:31 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/12/05 07:06:31 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2006/12/05 07:06:31 | 00,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2005/08/16 04:49:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/08/16 04:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/16 04:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/21 09:24:15 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\edith evans\Desktop\OTL.exe
[2010/01/21 09:21:38 | 00,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/21 09:20:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/21 09:19:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/21 09:19:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/21 09:19:39 | 46,817,6896 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/21 00:20:56 | 00,092,994 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/01/21 00:20:56 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/01/21 00:20:56 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/01/21 00:20:56 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/01/21 00:20:56 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/01/21 00:20:56 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/01/21 00:20:56 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/01/21 00:20:56 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/01/21 00:20:33 | 03,407,872 | ---- | M] () -- C:\Documents and Settings\edith evans\ntuser.dat
[2010/01/21 00:20:33 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\edith evans\ntuser.ini
[2010/01/21 00:20:21 | 03,074,024 | -H-- | M] () -- C:\Documents and Settings\edith evans\Local Settings\Application Data\IconCache.db
[2010/01/21 00:01:06 | 00,000,246 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/01/20 23:49:31 | 19,804,232 | ---- | M] () -- C:\Documents and Settings\edith evans\My Documents\Jan10th2010regbackup.reg
[2010/01/20 22:55:58 | 00,000,729 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/20 22:55:58 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/20 22:55:58 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2010/01/20 22:49:51 | 00,000,251 | ---- | M] () -- C:\Program Files\wt3d.ini
[2010/01/20 11:00:34 | 00,000,113 | ---- | M] () -- C:\Documents and Settings\edith evans\Application Data\netstat.bat
[2010/01/18 19:23:56 | 00,491,768 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\edith evans\Desktop\ie6setup.exe
[2010/01/18 16:02:30 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\edith evans\My Documents\Amish Friendship Bread.doc
[2010/01/16 21:18:31 | 00,004,156 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/01/16 17:24:46 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/15 17:04:49 | 00,007,224 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/01/15 16:48:00 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/01/13 22:02:34 | 00,065,536 | ---- | M] () -- C:\Documents and Settings\edith evans\My Documents\Dear Kingdom Builder.doc
[2010/01/13 21:18:44 | 00,001,346 | ---- | M] () -- C:\Documents and Settings\edith evans\Application Data\wklnhst.dat
[2010/01/13 14:00:53 | 00,185,817 | ---- | M] () -- C:\Documents and Settings\edith evans\My Documents\scripturesforhealing.pdf
[2010/01/13 11:40:38 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/11 20:23:27 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/01/11 14:50:42 | 00,200,579 | ---- | M] () -- C:\Documents and Settings\edith evans\My Documents\create-a-layout.htm
[2010/01/08 16:18:03 | 00,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2010/01/08 01:40:56 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/08 01:40:56 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/08 01:40:55 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/08 01:40:55 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/08 01:40:55 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/08 01:21:21 | 00,003,445 | ---- | M] () -- C:\Documents and Settings\edith evans\My Documents\bookmark.htm
[2010/01/08 01:00:16 | 00,290,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/08 00:45:47 | 00,107,898 | ---- | M] () -- C:\Documents and Settings\edith evans\My Documents\RegistryBackup.reg
[2010/01/07 23:26:40 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\edith evans\Desktop\Revo Uninstaller.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/20 23:49:15 | 19,804,232 | ---- | C] () -- C:\Documents and Settings\edith evans\My Documents\Jan10th2010regbackup.reg
[2010/01/20 22:49:50 | 00,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2010/01/20 12:16:54 | 46,817,6896 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/20 11:00:34 | 00,000,113 | ---- | C] () -- C:\Documents and Settings\edith evans\Application Data\netstat.bat
[2010/01/18 19:37:40 | 00,000,246 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/01/18 16:02:30 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\edith evans\My Documents\Amish Friendship Bread.doc
[2010/01/15 17:03:22 | 00,007,224 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/01/15 16:48:00 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/01/13 21:54:20 | 00,065,536 | ---- | C] () -- C:\Documents and Settings\edith evans\My Documents\Dear Kingdom Builder.doc
[2010/01/13 14:00:53 | 00,185,817 | ---- | C] () -- C:\Documents and Settings\edith evans\My Documents\scripturesforhealing.pdf
[2010/01/11 14:50:42 | 00,200,579 | ---- | C] () -- C:\Documents and Settings\edith evans\My Documents\create-a-layout.htm
[2010/01/08 16:18:02 | 00,000,354 | ---- | C] () -- C:\WINDOWS\tasks\Driver Robot.job
[2010/01/08 15:16:47 | 03,407,872 | ---- | C] () -- C:\Documents and Settings\edith evans\ntuser.dat
[2010/01/08 11:27:09 | 00,081,191 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/08 10:01:45 | 00,008,743 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/01/08 10:01:42 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2010/01/08 01:21:21 | 00,003,445 | ---- | C] () -- C:\Documents and Settings\edith evans\My Documents\bookmark.htm
[2010/01/08 01:04:21 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/08 01:04:21 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/08 01:04:21 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/08 01:04:21 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/08 01:04:21 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/08 00:45:14 | 00,107,898 | ---- | C] () -- C:\Documents and Settings\edith evans\My Documents\RegistryBackup.reg
[2010/01/07 23:26:40 | 00,000,917 | ---- | C] () -- C:\Documents and Settings\edith evans\Desktop\Revo Uninstaller.lnk
[2007/07/21 14:52:34 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\edith evans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/13 12:45:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\arhelper.INI
[2007/03/04 15:25:25 | 00,003,072 | ---- | C] () -- C:\Documents and Settings\edith evans\Application Data\dvd.bmk
[2007/02/26 15:32:24 | 00,001,346 | ---- | C] () -- C:\Documents and Settings\edith evans\Application Data\wklnhst.dat
[2006/12/22 18:27:50 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2006/12/22 18:27:50 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2006/12/22 18:27:02 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2006/12/22 18:11:35 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\edith evans\Local Settings\Application Data\fusioncache.dat
[2006/12/05 07:41:54 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/05 07:36:26 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/05 07:32:19 | 00,004,156 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/05 07:06:32 | 00,450,560 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2006/12/05 07:06:32 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/12/05 07:06:32 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2006/12/05 07:06:32 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2006/12/05 07:06:32 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2006/12/05 07:06:32 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2006/12/05 07:06:31 | 00,331,776 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2006/12/05 07:06:31 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2006/12/05 07:06:31 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2006/12/05 07:06:31 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2006/12/05 07:06:31 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2006/12/05 07:06:30 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2006/12/05 07:06:30 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2006/12/05 07:06:30 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2006/12/05 07:06:30 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2006/12/05 07:05:55 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/12/05 07:05:55 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/12/05 07:05:55 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/12/05 07:05:55 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/05 07:05:54 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/12/05 07:05:54 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/12/05 07:04:54 | 00,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/02/13 08:56:04 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\dlcxplc.ini
[2005/08/16 04:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:18:35 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/08/05 14:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >









EXTRAS

OTL Extras logfile created on: 1/21/2010 9:25:13 AM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\edith evans\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 119.00 Mb Available Physical Memory | 27.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 57.76 Gb Free Space | 82.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAE
Current User Name: edith evans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\WINDOWS\system32\dlcxcoms.exe" = C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Documents and Settings\edith evans\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\edith evans\Application Data\mjusbsp\magicJack.exe:*:Disabled:magicJack -- (magicJack L.P.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B33E4C22-23EA-465F-BDFF-F9AE0FF364E0}" = 926plc32
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}" = CA Personal Firewall
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Game Console" = Dell Game Console
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"eTrust Suite Personal" = CA Internet Security Suite
"HijackThis" = HijackThis 2.0.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Revo Uninstaller" = Revo Uninstaller 1.85
"SearchAssist" = SearchAssist
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-225355221-2009148172-452228400-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/20/2010 11:38:47 PM | Computer Name = MAE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/20/2010 11:38:47 PM | Computer Name = MAE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/21/2010 1:17:48 AM | Computer Name = MAE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/21/2010 1:17:48 AM | Computer Name = MAE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/21/2010 1:17:48 AM | Computer Name = MAE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/21/2010 1:17:48 AM | Computer Name = MAE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/21/2010 10:19:58 AM | Computer Name = MAE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/21/2010 10:19:58 AM | Computer Name = MAE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/21/2010 10:19:58 AM | Computer Name = MAE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/21/2010 10:19:58 AM | Computer Name = MAE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 1/20/2010 1:17:59 PM | Computer Name = MAE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 1/20/2010 3:03:01 PM | Computer Name = MAE | Source = Service Control Manager | ID = 7001
Description = The VET Message Service service depends on the CAISafe service which
failed to start because of the following error: %%1058

Error - 1/20/2010 3:03:12 PM | Computer Name = MAE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid SBRE

Error - 1/20/2010 10:04:12 PM | Computer Name = MAE | Source = Service Control Manager | ID = 7001
Description = The VET Message Service service depends on the CAISafe service which
failed to start because of the following error: %%1058

Error - 1/20/2010 10:04:24 PM | Computer Name = MAE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid SBRE

Error - 1/21/2010 1:18:08 AM | Computer Name = MAE | Source = Service Control Manager | ID = 7001
Description = The VET Message Service service depends on the CAISafe service which
failed to start because of the following error: %%1058

Error - 1/21/2010 1:18:21 AM | Computer Name = MAE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid SBRE

Error - 1/21/2010 1:18:31 AM | Computer Name = MAE | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/21/2010 10:20:22 AM | Computer Name = MAE | Source = Service Control Manager | ID = 7001
Description = The VET Message Service service depends on the CAISafe service which
failed to start because of the following error: %%1058

Error - 1/21/2010 10:20:31 AM | Computer Name = MAE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid SBRE


< End of report >



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:46 PM

Posted 22 January 2010 - 11:09 AM

Hi,

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avira or CA.

Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

Let me know if that improves the problem with left alignment.

Please also provide a scan from gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Sky23

Sky23
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 22 January 2010 - 04:42 PM

Here is my Gmer scan

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-22 16:41:46
Windows 5.1.2600 Service Pack 2
Running: decjggxk.exe; Driver: C:\DOCUME~1\EDITHE~1\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateKey [0xB866B6EA]
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwCreateSection [0xF34A5FD2]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateSymbolicLinkObject [0xB866C40B]
SSDT F7BABE44 ZwCreateThread
SSDT F7BABE53 ZwDeleteKey
SSDT F7BABE5D ZwDeleteValueKey
SSDT spvw.sys ZwEnumerateKey [0xF72ACDA4]
SSDT spvw.sys ZwEnumerateValueKey [0xF72AD132]
SSDT F7BABE62 ZwLoadKey
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwMakeTemporaryObject [0xB866C75C]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenKey [0xB866B64E]
SSDT F7BABE30 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenSection [0xB866C130]
SSDT F7BABE35 ZwOpenThread
SSDT spvw.sys ZwQueryKey [0xF72AD20A]
SSDT spvw.sys ZwQueryValueKey [0xF72AD08A]
SSDT F7BABE6C ZwReplaceKey
SSDT F7BABE67 ZwRestoreKey
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwSetInformationProcess [0xF34A5662]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwSetSystemInformation [0xB866C538]
SSDT F7BABE58 ZwSetValueKey
SSDT F7BABE3F ZwTerminateProcess

INT 0x73 ? 843A6BF8
INT 0x83 ? 843A6BF8
INT 0x83 ? 843A6BF8
INT 0x83 ? 8415FBF8
INT 0x83 ? 843A6BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2408 80501C00 4 Bytes JMP 8AB866B6
? spvw.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6C10360, 0x2456AE, 0xE8000020]
.text USBPORT.SYS!DllUnload F6BF168E 5 Bytes JMP 8415F1D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7295042] spvw.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729513E] spvw.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72950C0] spvw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7295800] spvw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72956D6] spvw.sys
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCoSendComplete] [F707B0E0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMSetAttributesEx] [F707CF70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisInitializeWrapper] [F707CB20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMRegisterMiniport] [F707D5A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisTerminateWrapper] [F707D180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F707AC60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisClOpenAddressFamily] [F707AB20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F707CA20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F707C460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCoSendComplete] [F707B0E0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMSetAttributesEx] [F707CF70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F707AC60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisReturnPackets] [F707BB70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisInitializeWrapper] [F707CB20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisTerminateWrapper] [F707D180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F707CBD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMRegisterMiniport] [F707D5A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F707CBD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F707C460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisReturnPackets] [F707BB70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F707CA20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMSetAttributesEx] [F707CF70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisTerminateWrapper] [F707D180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMRegisterMiniport] [F707D5A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisInitializeWrapper] [F707CB20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMSetAttributesEx] [F707CF70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisInitializeWrapper] [F707CB20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMRegisterMiniport] [F707D5A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisTerminateWrapper] [F707D180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\TDI.SYS[NDIS.SYS!NdisReturnPackets] [F707BB70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisReturnPackets] [F707BB70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisTerminateWrapper] [F707D180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisIMAssociateMiniport] [F707CE90] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisIMRegisterLayeredMiniport] [F707D660] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F707CBD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisInitializeWrapper] [F707CB20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F707C460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisClOpenAddressFamily] [F707AB20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisMSetAttributesEx] [F707CF70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F707CA20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisInitializeWrapper] [F707CB20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCoSendComplete] [F707B0E0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMSetAttributesEx] [F707CF70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F707AC60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMRegisterMiniport] [F707D5A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisTerminateWrapper] [F707D180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F707CBD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F707CA20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F707C460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCmRegisterAddressFamily] [F707ABC0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisClOpenAddressFamily] [F707AB20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F707CA20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F707C460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F707CBD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisReturnPackets] [F707BB70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisReturnPackets] [F707BB70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F707CBD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F707C460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F707CA20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisReturnPackets] [F707BB70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F707CBD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F707CA20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F707C460] kmxstart.sys (HIPS Core Driver/CA)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 843371F8

AttachedDevice \FileSystem\Ntfs \Ntfs KmxFile.sys (HIPS File Guard driver/CA)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\usbohci \Device\USBPDO-0 83ED21F8
Device \Driver\usbehci \Device\USBPDO-1 83ECE1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 843391F8
Device \Driver\dmio \Device\DmControl\DmConfig 843391F8
Device \Driver\dmio \Device\DmControl\DmPnP 843391F8
Device \Driver\dmio \Device\DmControl\DmInfo 843391F8
Device \Driver\Tcpip \Device\Tcp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Ftdisk \Device\HarddiskVolume1 843A71F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 843A71F8
Device \Driver\Cdrom \Device\CdRom0 841531F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 843A61F8
Device \Driver\atapi \Device\Ide\IdePort0 843A61F8
Device \Driver\atapi \Device\Ide\IdePort1 843A61F8
Device \Driver\atapi \Device\Ide\IdePort2 843A61F8
Device \Driver\atapi \Device\Ide\IdePort3 843A61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 843A61F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 843A71F8
Device \Driver\USBSTOR \Device\00000076 840481F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8401A1F8
Device \Driver\NetBT \Device\NetbiosSmb 8401A1F8
Device \Driver\Tcpip \Device\Udp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\RawIp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\NetBT \Device\NetBT_Tcpip_{A56052EA-1E1E-4F4E-8B15-FBC5C583CA93} 8401A1F8
Device \Driver\usbohci \Device\USBFDO-0 83ED21F8
Device \Driver\usbehci \Device\USBFDO-1 83ECE1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84018500
Device \Driver\USBSTOR \Device\0000007b 840481F8
Device \Driver\Tcpip \Device\IPMULTICAST kmxfw.sys (HIPS Firewall Driver/CA)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84018500
Device \Driver\USBSTOR \Device\0000007c 840481F8
Device \Driver\Modem \Device\0000006f kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Ftdisk \Device\FtControl 843A71F8
Device \Driver\AFD \Device\Afd KmxCF.sys (HIPS Content Filter Driver/CA)
Device \Driver\USBSTOR \Device\0000007f 840481F8
Device \FileSystem\Fastfat \Fat 842BF500
Device \FileSystem\Fastfat \Fat B65311F9

AttachedDevice \FileSystem\Fastfat \Fat KmxFile.sys (HIPS File Guard driver/CA)
AttachedDevice \FileSystem\Fastfat \Fat VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 83FDA500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xFA 0x51 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x44 0x01 0xE7 0x64 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xFA 0x51 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x44 0x01 0xE7 0x64 ...

---- EOF - GMER 1.0.15 ----


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:46 PM

Posted 23 January 2010 - 10:48 AM

Hi,

have you removed one of the antivirus programs? Has this improved your symptoms?

How is your PC doing now?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Sky23

Sky23
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 23 January 2010 - 11:38 AM

Well when I log on I usually kill one of the Antiviruses process through the Task Manager.

But Another question I have is if your computer is able to download @ say 550 to 650 Kbps and now it only does like 200 to 350 do you know what could be the cause of that

And did you find anything in the scans

#10 Sky23

Sky23
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 23 January 2010 - 01:31 PM

And I am also getting these pop ups that take up the whole screen saying I got a virus and It starts scanning my computer.. could you help me with this

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:46 PM

Posted 23 January 2010 - 02:25 PM

Hi,

please uninstall one of the anti virus programs. Running two anti virus programs is probably part of the problem.
Please run a scan with malwarebytes:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:46 PM

Posted 29 January 2010 - 06:02 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:46 PM

Posted 16 February 2010 - 01:41 PM

Him,

topic reopened please post your log.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Sky23

Sky23
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 18 February 2010 - 02:21 PM

Here is my log I am also getting this pop up from avira saying that I have TR/Agent.35328 (C\Windows\system\asr-etup.dll)

Also getting a pop up that keeps saying that your computer has been infected and it takes one of my browsers and starts scanning my computer

I really need your help please


Sry here is the MBAM Log

Malwarebytes' Anti-Malware 1.44
Database version: 3580
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

1/16/2010 10:11:08 PM
mbam-log-2010-01-16 (22-11-00).txt

Scan type: Full Scan (C:\|)
Objects scanned: 183170
Time elapsed: 40 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP311\A0050673.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP311\A0050682.sys (Malware.Trace) -> No action taken.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:46 PM

Posted 18 February 2010 - 02:42 PM

Hi,

can you please try to upload the file:
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C\Windows\system\asr-etup.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

The hits by Malwarebytes are in system restore, those aren't active infections.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users