Laptop infected with Virus

[rayoflight]

My Laptop is infected with virus. I had McAfee but it was just hanging so I uninstalled it completely and bought Norton 360. Norton did some clean up but the laptop is still slow and hanging after 20 or 30 minutes.

Please help...

[Blade81]

Hi,

Is this different system from the one in this topic?

[rayoflight]

Hi Blade,

Yes it is a different system than the one in the topic.

Thanks,
Rayoflight

[Blade81]

Ok. Let's have a look at it then.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
• Click rootkit-tab, uncheck files option and then click scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

[rayoflight]

DDS couldn't execute upon trying. I am posting the GMER Log.

[Blade81]

Hi,

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Copy-paste following contents into custom scan -area:
  netsvcs
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

[rayoflight]

OTL logfile created on: 5/23/2010 10:10:32 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\LT\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 783.00 Mb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 73.51 Gb Free Space | 65.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LT
Current User Name: LT
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\LT\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\LT\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MSK80Service) -- File not found
SRV - (MpfService) -- File not found
SRV - (McSysmon) -- File not found
SRV - (McShield) -- File not found
SRV - (McProxy) -- File not found
SRV - (McODS) -- File not found
SRV - (McNASvc) -- File not found
SRV - (mcmscsvc) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (WaveEnrollmentService) -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe (Wave Systems Corp.)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Service1) -- C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe (Mercury Interactive)
SRV - (LogonService1) -- C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe (Mercury Interactive)
SRV - (OtaPool) -- C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe (Mercury Interactive)
SRV - (ExpressionService) -- C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe ()
SRV - (TDStartStopService) -- C:\Program Files\Common Files\Mercury Interactive\TDStartStop.exe (Mercury Interactive)
SRV - (SiteScope) -- C:\Inetpub\TDBIN\SiteScope\tools\sitescopeservice.exe ()
SRV - (MSSQLSERVER) -- C:\Program Files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLSERVERAGENT) -- C:\Program Files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (CheckTestDirectorUserAccount) -- C:\Program Files\Common Files\Mercury Interactive\CheckU.exe (Mercury Interactive)
SRV - (TomcatService) -- C:\Inetpub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe ()


========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100501.002\navex15.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100501.002\naveng.sys (Symantec Corporation)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0401000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0401000.020\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMDS.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSxpx86.sys (Symantec Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (WaveFDE) -- C:\WINDOWS\system32\drivers\WaveFDE.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (DXEC01) -- C:\WINDOWS\system32\drivers\dxec01.sys (Knowles Acoustics)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (paldrv) -- C:\WINDOWS\system32\pal_drv.sys (Mercury Interactive Corp.)
DRV - (PID_0900_V) Logitech ClickSmart 310(PID_0900_V) -- C:\WINDOWS\system32\drivers\LV551AV.sys (Logitech Inc.)
DRV - (LVBulk) -- C:\WINDOWS\system32\drivers\LVBULK.sys (Logitech Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "JobSearch - Dice.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3191E4CE-790E-42be-B2E0-223475263B7E}:6030.2009.0514.2202
FF - prefs.js..extensions.enabledItems: {DBBB3167-6E81-400f-BBFD-BD8921726F52}:6030.2009.0514.2205
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.2.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/01 16:26:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 20:13:29 | 000,000,000 | ---D | M]

[2009/08/18 19:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT\Application Data\Mozilla\Extensions
[2009/08/18 19:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT\Application Data\Mozilla\Extensions\celtx@celtx.com
[2010/05/02 23:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions
[2010/01/10 12:53:19 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2009/08/20 22:14:11 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}
[2009/08/13 18:51:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/10 12:53:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/20 22:15:29 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2010/01/10 12:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com
[2009/02/11 16:27:36 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\searchplugins\jobsearch---dicecom.xml
[2008/12/12 14:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\searchplugins\MySpace.xml
[2010/05/01 20:13:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 20:13:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/03/06 13:06:00 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/03/06 13:06:02 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/03/06 13:07:42 | 000,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2008/02/07 22:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/02/07 22:46:20 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/02/07 22:46:16 | 000,021,824 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2009/06/24 11:08:26 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2007/03/16 18:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2007/03/16 18:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2007/03/16 18:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2009/03/06 13:06:14 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/02/07 22:48:26 | 000,419,136 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/02/07 22:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/04/29 19:21:23 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (BHOManager Class) - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll (Mercury Interactive Corp.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\LT\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: amtrak.com ([vpn] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amtrak.com ([vpn] https in Trusted sites)
O16 - DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab (HPVirtualRooms33 Class)
O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} http://LT/TDBIN/Spider80.ocx (Loader Class v2)
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} https://vpn.amtrak.com/vdesk/cachecl...2009,0514,2202 (F5 Networks CacheCleaner)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.amtrak.com/vdesk/termina...,2009,514,2217 (F5 Networks VPN Manager)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} http://10.11.50.178/qcbin/capicom.dll (Certificates Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://vpn.amtrak.com/vdesk/termina...,2009,514,2213 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} http://mssepmapp01/projectserver/objects/pjclient.cab (PjAdoInfo3 Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://vpn.amtrak.com/vdesk/termina...2009,0514,2204 (F5 Networks Policy Agent Host Class)
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} http://imlive.com/chatsource/ImlCID.cab (imlUCID Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} http://LT:8080/qcbin/Spider90.ocx (Loader Class v3)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} http://mssepmapp01/projectserver/obj...33/pjcintl.cab (Pj11enuC Class)
O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} http://10.11.50.178/qcbin/Spider91.cab (Loader Class v4)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.amtrak.com/vdesk/termina...,2009,514,2210 (F5 Networks SuperHost Class)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://vpn.amtrak.com/policy/downlo...2009,0514,2213 (F5 Networks OS Policy Agent)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\HTLFP {03B7A5D4-96B0-4316-95F8-072D326A58F1} - File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vfsp {E4CB5121-E242-11D4-8ED6-00010219EB22} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (waveGina.dll) - C:\WINDOWS\System32\waveGina.dll (Wave Systems Corp.)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {A5949E07-8536-4625-A3D0-2DD83F559990} - C:\WINDOWS\system32\ShellHook.dll (Mercury Interactive Corp.)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c27220e2-5501-11de-8388-001c233c6437}\Shell - "" = AutoRun
O33 - MountPoints2\{c27220e2-5501-11de-8388-001c233c6437}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{facdb218-62ac-11de-83b7-001c233c6437}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{facdb218-62ac-11de-83b7-001c233c6437}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb218-62ac-11de-83b7-001c233c6437}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb21b-62ac-11de-83b7-001c233c6437}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{facdb21b-62ac-11de-83b7-001c233c6437}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb21b-62ac-11de-83b7-001c233c6437}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb21d-62ac-11de-83b7-001c233c6437}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{facdb21d-62ac-11de-83b7-001c233c6437}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb21d-62ac-11de-83b7-001c233c6437}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{ffeff4b0-fd5b-11dd-82f2-001e4ca198d5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ffeff4b0-fd5b-11dd-82f2-001e4ca198d5}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{ffeff4b0-fd5b-11dd-82f2-001e4ca198d5}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 19:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

[rayoflight]

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 10:06:49 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LT\Desktop\OTL.exe
[2010/05/04 22:11:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/04 22:11:10 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/04 22:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/04 20:31:14 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/04 20:31:13 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/04 20:31:11 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/04 20:31:10 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/04 20:31:07 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/04 20:31:07 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/04 20:31:07 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/04 20:30:46 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/04 20:30:46 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/04 20:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/04 20:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/04 20:29:50 | 000,000,000 | ---D | C] -- C:\Anti_Virus_SW
[2010/05/04 19:16:08 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\cchpx86.sys
[2010/05/04 19:16:08 | 000,362,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\symtdi.sys
[2010/05/04 19:16:08 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\symtdiv.sys
[2010/05/04 19:16:08 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymDS.sys
[2010/05/04 19:16:08 | 000,325,680 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtsp.sys
[2010/05/04 19:16:08 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymEFA.sys
[2010/05/04 19:16:08 | 000,116,784 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\Ironx86.sys
[2010/05/04 19:16:08 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtspx.sys
[2010/05/04 19:15:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/05/04 19:15:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0401000.020
[2010/05/04 19:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/05/04 19:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/05/02 12:39:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/05/01 21:12:39 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/05/01 21:12:39 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/05/01 21:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/05/01 21:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/05/01 21:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/05/01 21:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/05/01 21:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/05/01 21:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/05/01 21:07:05 | 000,408,024 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\LT\Desktop\N360Downloader.exe
[2010/05/01 20:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/01 20:13:29 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/01 20:13:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/01 20:13:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/01 20:13:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/01 18:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/01 18:54:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/05/01 11:35:15 | 000,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/01 11:35:10 | 000,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/01 11:35:07 | 000,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/01 11:34:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/05/01 11:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2010/05/01 10:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT\Application Data\ARManager
[2010/05/01 10:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT\Application Data\20935E7BB5BE849ECFA6390617E58800
[2008/02/23 01:27:34 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/23 09:50:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/23 09:48:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 09:48:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LT\Desktop\OTL.exe
[2010/05/20 20:34:06 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005UA.job
[2010/05/20 20:34:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005Core.job
[2010/05/20 20:27:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LT\Local Settings\Application Data\WavXMapDrive.bat
[2010/05/20 20:27:02 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/20 20:26:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/20 20:20:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\LT\Desktop\6rxy4k21.exe
[2010/05/20 20:20:02 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\LT\Desktop\dds.com
[2010/05/12 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/05/12 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/05/05 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/05/05 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/05/05 07:54:28 | 006,766,592 | ---- | M] () -- C:\Documents and Settings\LT\ntuser.dat
[2010/05/05 07:54:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\LT\ntuser.ini
[2010/05/04 22:11:25 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/05/04 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/05/04 20:31:15 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/04 20:31:08 | 000,002,674 | ---- | M] () -- C:\WINDOWS\System32\config.nt
[2010/05/04 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/05/04 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/05/04 19:16:57 | 001,205,022 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\Cat.DB
[2010/05/04 19:16:22 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/05/04 19:16:22 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/05/04 19:16:22 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/05/04 19:16:22 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/05/04 19:16:11 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/05/04 19:15:04 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\LT\Desktop\Norton Installation Files.lnk
[2010/05/04 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/05/04 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/05/03 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/05/03 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/05/03 00:56:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/03 00:33:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/05/02 16:05:19 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/05/02 16:05:19 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/05/02 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/05/02 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/05/02 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/05/02 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/05/01 21:07:08 | 000,408,024 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\LT\Desktop\N360Downloader.exe
[2010/05/01 20:50:26 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/05/01 20:50:26 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/05/01 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/05/01 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/05/01 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/05/01 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/05/01 16:37:53 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\LT\Desktop\Google Chrome.lnk
[2010/05/01 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/05/01 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/05/01 11:35:15 | 000,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/01 11:35:10 | 000,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/01 11:35:07 | 027,321,964 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/01 11:35:07 | 000,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/01 11:34:44 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/05/01 11:34:44 | 000,211,986 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/05/01 11:34:44 | 000,106,501 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/04/29 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/04/29 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/04/29 12:21:48 | 002,278,402 | ---- | M] () -- C:\Documents and Settings\LT\My Documents\DraftProposalSummary.pdf
[2010/04/29 12:21:41 | 003,001,127 | ---- | M] () -- C:\Documents and Settings\LT\My Documents\SenateDraftProposal.pdf
[2010/04/27 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/04/27 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/04/27 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/04/27 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/04/26 13:16:22 | 000,003,844 | -H-- | M] () -- C:\Documents and Settings\LT\My Documents\Default.rdp
[2010/04/25 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/04/25 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/20 20:28:59 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\LT\Desktop\dds.com
[2010/05/20 20:28:59 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\LT\Desktop\6rxy4k21.exe
[2010/05/04 22:11:25 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 20:31:15 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/04 19:16:37 | 001,205,022 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\Cat.DB
[2010/05/04 19:16:11 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/05/04 19:15:49 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymEFA.inf
[2010/05/04 19:15:49 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymDS.inf
[2010/05/04 19:15:49 | 000,001,473 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymNetV.inf
[2010/05/04 19:15:49 | 000,001,445 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymNet.inf
[2010/05/04 19:15:49 | 000,001,388 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtspx.inf
[2010/05/04 19:15:49 | 000,001,382 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtsp.inf
[2010/05/04 19:15:49 | 000,000,741 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\Iron.inf
[2010/05/04 19:15:48 | 000,001,754 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\ccHPx86.inf
[2010/05/04 19:15:46 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\symnetv.cat
[2010/05/04 19:15:46 | 000,007,444 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymEFA.cat
[2010/05/04 19:15:46 | 000,007,442 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtspx.cat
[2010/05/04 19:15:46 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtsp.cat
[2010/05/04 19:15:46 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\iron.cat
[2010/05/04 19:15:46 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymDS.cat
[2010/05/04 19:15:46 | 000,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\cchpx86.cat
[2010/05/04 19:15:46 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymNet.cat
[2010/05/04 19:15:46 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\isolate.ini
[2010/05/01 21:12:39 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/05/01 21:12:39 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/05/01 21:07:33 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\LT\Desktop\Norton Installation Files.lnk
[2010/05/01 19:39:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/05/01 19:39:39 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/05/01 11:34:44 | 027,321,964 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/01 11:34:44 | 000,211,986 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/05/01 11:34:44 | 000,106,501 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/05/01 11:34:40 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/05/01 10:12:53 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/04/29 12:21:48 | 002,278,402 | ---- | C] () -- C:\Documents and Settings\LT\My Documents\DraftProposalSummary.pdf
[2010/04/29 12:21:41 | 003,001,127 | ---- | C] () -- C:\Documents and Settings\LT\My Documents\SenateDraftProposal.pdf
[2010/04/26 11:49:24 | 006,766,592 | ---- | C] () -- C:\Documents and Settings\LT\ntuser.dat
[2009/08/20 22:22:19 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2009/06/15 12:44:53 | 000,001,106 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/12/22 21:53:01 | 000,004,534 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2008/08/21 14:17:27 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2008/08/21 14:16:07 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\liplW7.dll
[2008/08/21 14:16:07 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\liplA6.dll
[2008/08/21 14:16:07 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplPX.dll
[2008/08/21 14:16:07 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplP6.dll
[2008/08/21 14:16:07 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplM6.dll
[2008/08/21 14:16:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lipl.dll
[2008/08/21 14:16:07 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/08/21 14:16:05 | 000,000,816 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/04/12 15:54:04 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\isapi_redirect.dll
[2008/04/12 15:46:33 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/04/12 15:46:33 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/04/12 15:45:56 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/04/12 15:45:56 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/04/12 15:45:54 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/03/09 14:29:37 | 000,000,204 | ---- | C] () -- C:\WINDOWS\coparamui.INI
[2008/03/09 14:14:25 | 000,000,686 | ---- | C] () -- C:\WINDOWS\LRAnalysis80.ini
[2008/03/09 13:46:07 | 000,000,035 | ---- | C] () -- C:\WINDOWS\OnlineSet.ini
[2008/03/09 13:46:05 | 000,000,242 | ---- | C] () -- C:\WINDOWS\wlrun5.ini
[2008/03/09 13:46:02 | 000,003,170 | ---- | C] () -- C:\WINDOWS\wlrun7.ini
[2008/03/09 11:06:19 | 000,000,066 | ---- | C] () -- C:\WINDOWS\vugen_extra_keywords.ini
[2008/03/07 14:36:37 | 000,000,512 | ---- | C] () -- C:\WINDOWS\System32\cfgams32.dll
[2008/03/07 14:07:34 | 000,005,382 | ---- | C] () -- C:\WINDOWS\vugen.ini
[2008/03/07 14:06:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\lrdata.ini
[2008/03/07 14:06:29 | 000,000,082 | ---- | C] () -- C:\WINDOWS\upload.ini
[2008/03/07 14:06:15 | 000,000,637 | ---- | C] () -- C:\WINDOWS\flights.ini
[2008/03/07 14:06:11 | 000,000,600 | ---- | C] () -- C:\WINDOWS\miccomm.ini
[2008/03/05 15:41:58 | 000,024,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/03/02 17:19:43 | 000,000,064 | ---- | C] () -- C:\WINDOWS\mictable.INI
[2008/03/01 14:56:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\flight4a.INI
[2008/02/23 01:43:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\AQTProductInfo.INI
[2008/02/23 01:33:08 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/02/23 01:33:08 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/02/23 01:28:30 | 000,000,078 | ---- | C] () -- C:\WINDOWS\wlrun.ini
[2008/02/23 01:27:44 | 000,008,231 | ---- | C] () -- C:\WINDOWS\wrun.ini
[2008/02/23 01:27:35 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[2008/02/23 01:27:35 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[2008/02/23 01:27:35 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll
[2008/02/23 01:27:34 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\co2c40en.dll
[2008/02/23 00:50:26 | 000,002,281 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2008/02/14 01:05:18 | 000,000,707 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/07 10:15:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/07 10:09:49 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/07 10:09:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/07 09:59:40 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/02/07 09:57:05 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/02/07 09:57:05 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/02/07 09:53:54 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/02/07 09:53:52 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/02/07 09:31:31 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/02/07 09:31:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/02/07 09:28:08 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/11/18 15:22:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\imlCID.dll
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/09/13 16:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 16:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 16:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 16:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 16:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 16:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 16:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 16:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 16:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 16:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 16:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 17:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 17:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 17:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 17:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 17:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 17:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 17:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 17:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 17:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 17:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 11:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/15 12:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/14 13:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2006/04/20 09:34:38 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/04/20 09:34:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/04/19 19:50:00 | 000,284,672 | ---- | C] () -- C:\WINDOWS\System32\SovConvAux.Dll
[2005/10/14 16:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/09/10 15:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 15:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 19:24:19 | 000,000,832 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\i064tai.dll
[2004/08/11 19:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/11 19:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/08/11 19:00:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/11 19:00:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/11 19:00:18 | 000,000,335 | ---- | C] () -- C:\WINDOWS\System32\yr4y7xl.dll
[2004/08/11 19:00:18 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2004/08/11 19:00:18 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/08/11 19:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\r5581gd.dll
[2004/08/11 19:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\oeu5a2j.dll
[2004/08/11 19:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\f06y75p.dll
[2004/08/11 19:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\bmiqa8g.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/04/01 02:00:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\carclw6s.DLL
[1999/11/05 20:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cfgamp32.dll
[1999/11/05 20:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\cfgamp16.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/01 20:49:43 | 000,086,460 | ---- | M] () -- C:\aaw7boot.log
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/12 23:34:03 | 000,053,248 | ---- | M] () -- C:\Avail QC Hours.xls
[2009/12/22 23:30:46 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/22 22:06:15 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2008/02/07 09:33:28 | 000,006,623 | RH-- | M] () -- C:\dell.sdr
[2008/11/29 01:58:20 | 000,035,725 | ---- | M] () -- C:\font.zip
[2008/02/15 20:22:32 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/06/15 16:44:21 | 000,000,366 | -H-- | M] () -- C:\IPH.PH
[2008/08/21 14:14:42 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2010/05/01 19:41:51 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/09/25 13:30:52 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\mfc71.dll
[2006/09/25 13:30:52 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\mfc71u.dll
[2008/08/12 23:30:06 | 001,266,432 | ---- | M] () -- C:\Misc.zip
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2006/09/25 13:30:54 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\msvcp71.dll
[2009/02/08 19:38:41 | 000,000,104 | ---- | M] () -- C:\My Computer.lnk
[2009/06/12 09:05:55 | 000,000,634 | ---- | M] () -- C:\m_agent_attribs.cfg
[2009/06/11 21:27:50 | 000,000,634 | ---- | M] () -- C:\m_agent_attribs.cfg.bak
[2008/02/07 09:53:50 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2008/02/07 09:53:50 | 000,022,729 | ---- | M] () -- C:\newkey
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/31 22:40:49 | 000,250,032 | ---- | M] () -- C:\ntldr
[2010/05/23 09:47:47 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/05/01 16:10:54 | 000,000,504 | ---- | M] () -- C:\rkill.log
[2009/01/03 14:39:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/02/01 03:05:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/02/01 23:38:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/02/02 02:32:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/02/02 21:23:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/02/17 21:13:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/02/17 22:26:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/02/17 23:23:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/11/08 03:08:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/11/09 15:39:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/11/10 01:47:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/11/11 01:41:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/11/11 18:25:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/11/12 00:36:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/11/13 02:50:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/11/14 03:25:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/11/14 12:17:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/12/01 00:30:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/12/15 16:42:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/12/16 00:17:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/01/03 14:39:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/02/01 03:05:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/02/01 23:38:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/02/02 02:32:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/02/02 21:23:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/02/17 21:13:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/02/17 22:26:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/02/17 23:23:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/11/08 03:08:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/11/09 15:39:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/11/10 01:47:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/11/11 01:41:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/11/11 18:25:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/11/12 00:36:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/11/13 02:50:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/11/14 03:25:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/11/14 12:17:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/12/01 00:30:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/12/15 16:42:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/12/16 00:17:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2008/08/21 15:36:30 | 000,000,158 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/04/14 12:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/05/01 11:35:10 | 000,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/05/01 11:35:07 | 000,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/05/04 19:16:22 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]
< End of report >

[rayoflight]

OTL Extras logfile created on: 5/23/2010 10:10:32 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and

Settings\LT\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type =

NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format:

M/d/yyyy

1,014.00 Mb Total Physical Memory | 783.00 Mb Available Physical Memory |

77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File

free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Files
Drive C: | 111.72 Gb Total Space | 73.51 Gb Free Space | 65.80% Space Free |

Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LT
Current User Name: LT
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe"

%1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft

Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%

\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --

started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --

started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft

Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft

Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter

s\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter

s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5030:TCP" = 5030:TCP:*:Enabled:Services
"3265:TCP" = 3265:TCP:*:Enabled:Services
"6374:TCP" = 6374:TCP:*:Enabled:Services
"3937:TCP" = 3937:TCP:*:Enabled:Services
"5089:TCP" = 5089:TCP:*:Enabled:Services
"8678:TCP" = 8678:TCP:*:Enabled:Services
"3356:TCP" = 3356:TCP:*:Enabled:Services
"5212:TCP" = 5212:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter

s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter

s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"135:TCP" = 135:TCP:*:Enabled:DCOM
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"37677:TCP" = 37677:TCP:*:Disabled:ooVoo TCP port 37677
"37677:UDP" = 37677:UDP:*:Disabled:ooVoo UDP port 37677
"37676:UDP" = 37676:UDP:*:Disabled:ooVoo UDP port 37676
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5030:TCP" = 5030:TCP:*:Enabled:Services
"3265:TCP" = 3265:TCP:*:Enabled:Services
"6374:TCP" = 6374:TCP:*:Enabled:Services
"3937:TCP" = 3937:TCP:*:Enabled:Services
"5089:TCP" = 5089:TCP:*:Enabled:Services
"8678:TCP" = 8678:TCP:*:Enabled:Services
"3356:TCP" = 3356:TCP:*:Enabled:Services
"5212:TCP" = 5212:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter

s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN

Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) --

(Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter

s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\LT\Application Data\U3\00001753A86079DA\0DE4F643

-C398-46ec-9339-2362F2311932\Exec\Skype.exe" = C:\Documents and

Settings\LT\Application Data\U3\00001753A86079DA\0DE4F643-C398-46ec-9339-

2362F2311932\Exec\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\Mercury Interactive\QuickTest

Professional\bin\AQTRmtAgent.exe" = C:\Program Files\Mercury

Interactive\QuickTest Professional\bin\AQTRmtAgent.exe:*:Enabled:AQT Remote

Agent -- (Mercury Interactive Corp.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger --

(Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!

\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE" = C:\Program

Files\Microsoft Office\OFFICE11\FRONTPG.EXE:*:Enabled:Microsoft Office

FrontPage -- (Microsoft Corporation)
"C:\Program Files\Mercury Interactive\Mercury

LoadRunner\launch_service\bin\magentproc.exe" = C:\Program Files\Mercury

Interactive\Mercury

LoadRunner\launch_service\bin\magentproc.exe:*:Disabled:Mercury Launcher

Process -- (Mercury Interactive Corp.)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program

Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program

Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application --

(www.sopcast.com)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program

Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN

Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) --

(Microsoft Corporation)
"C:\Documents and Settings\LT\Application Data\Macromedia\Flash

Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and

Settings\LT\Application Data\Macromedia\Flash

Player\http://www.macromedia.com\bin\octosh...bled:Octoshape

add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla

Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\LT\Local Settings\Application Data\Google\Google

Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\LT\Local

Settings\Application Data\Google\Google Talk

Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\LT\Local Settings\Application Data\Google\Google

Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\LT\Local

Settings\Application Data\Google\Google Talk

Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Nortel Networks\Extranet.exe" = C:\Program Files\Nortel

Networks\Extranet.exe:*:Enabled:Contivity VPN Client -- File not found
"C:\Documents and Settings\LT\Application Data\mjusbsp\magicJack.exe" =

C:\Documents and Settings\LT\Application

Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program

Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- File not found
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP

Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program

Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent --

File not found
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program

Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- File not

found
"C:\Documents and Settings\LT\Application Data\Juniper Networks\Juniper

Terminal Services Client\dsTermServ.exe" = C:\Documents and

Settings\LT\Application Data\Juniper Networks\Juniper Terminal Services

Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper

Networks)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" =

C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance

- Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program

Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program

Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008

Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove

only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet

Explorer
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management

Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express

Edition (MSSMLBIZ)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0

Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting

PayPal Addin
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{439C01D2-84A2-4421-9141-ED58FE79C6BE}" =
"{45534579-B75B-4A42-953B-2EF8E1DEB4F3}" = Microsoft XML Parser
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed

Asset Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native

Client
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup

Support Files (English)
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5C01F86B-B888-4ABE-96AF-E35BF6564A19}" = Quest Software Toad for SQL

Server Trial 4.1
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP

Payroll Addin
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB42024-D62A-33F5-B883-52069E2C9668}" = Google Talk Plugin
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting

Equifax Addin
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional

Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007

Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web

Components
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1528C5E-73E8-441E-8114-3811B4D34F41}" = Expense Calculator
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0

Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business

Connectivity Components
"{AB523489-A51E-4D4E-9109-EC395B6846CD}" = QuickTest Professional
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave

Systems
"{AC3D865A-0D8C-43C0-8BA7-7EC2D34BFBFE}" = Quality Center Microsoft Excel

Addin
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B47695F0-1082-11D5-AF69-00A0CC5FEE7C}" = MercuryTours
"{BD1EDA57-8294-47B7-B129-C3DF2FA95BA4}" = InstallMICGenericHook
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0

Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D25122BC-A60E-4663-B602-B01718F12044}" = Cisco Systems VPN Client

4.8.01.0300
"{D491FEB0-3D6A-49DE-8C97-8D4D0036E07E}" = WebEx Meeting Manager for

Firefox/Netscape/Chrome
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop

Engine
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client

- Web Only
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor

Minimum Install
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave

Systems
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime -

(v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++

2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Celtx (2.7)" = Celtx (2.7)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330

MDC V.92 Modem
"Cricket Scorer_is1" = Cricket Scorer 5.5.4.0
"FileZilla Client" = FileZilla Client 3.3.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation

APIs
"IE4Dev" = Microsoft Script Debugger
"ie7" = Windows Internet Explorer 7
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support

Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information

Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager

Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security

Setup
"InstallShield_{AB523489-A51E-4D4E-9109-EC395B6846CD}" = QuickTest

Professional
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page

Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security

Center
"LoadRunner" = Mercury LoadRunner 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame

Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting

Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting

PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"oovooToolbar" = ooVoo Toolbar
"P2P Tv Plugin_is1" = P2P Tv Plugin
"RealPlayer 6.0" = RealPlayer
"SearchAssist" = SearchAssist
"SiteScope1DeinstKey" = SiteScope
"Slideroll Gallery AV_is1" = Slideroll Gallery AV 0.92b4
"Slideroll Video Creator_is1" = Slideroll Video Creator 0.83b
"SopCast" = SopCast 3.0.1
"SPVOD Player1.8" = SPVOD Player1.8
"ST6UNST #1" = cBizOne
"TeamViewer 4" = TeamViewer 4
"TestDirector 8.0" = TestDirector 8.0
"UnifiedReport" = Unified Report
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.3
"WampServer 2_is1" = WampServer 2.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinRunner" = WinRunner
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320
"Juniper_Citrix_Services" = Juniper Citrix Services Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash

Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2010 4:54:25 PM | Computer Name = LT | Source = Google Update |

ID = 20
Description =

Error - 5/20/2010 8:17:03 PM | Computer Name = LT | Source = Userenv | ID =

1041
Description = Windows cannot query DllName registry entry for {7B849a69-

220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty

registration.

Error - 5/20/2010 8:17:03 PM | Computer Name = LT | Source = Userenv | ID =

1041
Description = Windows cannot query DllName registry entry for {CF7639F3-

ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty

registration.

Error - 5/20/2010 8:26:19 PM | Computer Name = LT | Source = Userenv | ID =

1041
Description = Windows cannot query DllName registry entry for {7B849a69-

220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty

registration.

Error - 5/20/2010 8:26:19 PM | Computer Name = LT | Source = Userenv | ID =

1041
Description = Windows cannot query DllName registry entry for {CF7639F3-

ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty

registration.

Error - 5/20/2010 8:26:57 PM | Computer Name = LT | Source = Broadcom ASF IP

and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 5/20/2010 8:26:58 PM | Computer Name = LT | Source = Userenv | ID =

1041
Description = Windows cannot query DllName registry entry for {7B849a69-

220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty

registration.

Error - 5/20/2010 8:26:58 PM | Computer Name = LT | Source = Userenv | ID =

1041
Description = Windows cannot query DllName registry entry for {CF7639F3-

ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty

registration.

Error - 5/20/2010 8:28:06 PM | Computer Name = LT | Source = Google Update |

ID = 20
Description =

Error - 5/20/2010 8:34:06 PM | Computer Name = LT | Source = Google Update |

ID = 20
Description =

[ System Events ]
Error - 5/4/2010 8:12:43 PM | Computer Name = LT | Source = DCOM | ID =

10020
Description = The machine wide Default Launch and Activation security

descriptor
is invalid. It contains Access Control Entries with permissions that are

invalid.
The requested action was therefore not performed. This security permission

can
be corrected using the Component Services administrative tool.

Error - 5/12/2010 10:32:16 AM | Computer Name = LT | Source = DCOM | ID =

10020
Description = The machine wide Default Launch and Activation security

descriptor
is invalid. It contains Access Control Entries with permissions that are

invalid.
The requested action was therefore not performed. This security permission

can
be corrected using the Component Services administrative tool.

Error - 5/12/2010 10:32:22 AM | Computer Name = LT | Source = Print | ID =

23
Description = Printer Microsoft XPS Document Writer failed to initialize

because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 5/12/2010 10:32:22 AM | Computer Name = LT | Source = Print | ID =

23
Description = Printer WebEx Document Loader failed to initialize because a

suitable
HP Color LaserJet 4700 PCL 5c driver could not be found.

Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service

Control Manager | ID = 7000
Description = The McAfee Services service failed to start due to the

following error:
%%3

Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service

Control Manager | ID = 7000
Description = The McAfee Network Agent service failed to start due to the

following
error: %%3

Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service

Control Manager | ID = 7000
Description = The McAfee Proxy Service service failed to start due to the

following
error: %%3

Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service

Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to

the following
error: %%3

Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service

Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start

due to
the following error: %%3

Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service

Control Manager | ID = 7000
Description = The McAfee Anti-Spam Service service failed to start due to

the following
error: %%3


< End of report >

[Blade81]

Hi,

Kindly turn word wrap off in notepad to make logs appear in more readable format.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include contents of the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

See if you're able to run DDS now and post back contents of dds.txt log if possible.