My Laptop is infected with virus. I had McAfee but it was just hanging so I uninstalled it completely and bought Norton 360. Norton did some clean up but the laptop is still slow and hanging after 20 or 30 minutes.
Please help...
My Laptop is infected with virus. I had McAfee but it was just hanging so I uninstalled it completely and bought Norton 360. Norton did some clean up but the laptop is still slow and hanging after 20 or 30 minutes.
Please help...
Hi,
Is this different system from the one in this topic?
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi Blade,
Yes it is a different system than the one in the topic.
Thanks,
Rayoflight
Ok. Let's have a look at it then.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
- When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt
- Save both reports to your desktop. Post them back to your topic.
Download GMER here by clicking download exe -button and then saving it your desktop:
- Double-click .exe that you downloaded
- Click rootkit-tab, uncheck files option and then click scan.
- Don't check
Show All
box while scanning in progress!- When scanning is ready, click Copy.
- This copies log to clipboard
- Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
DDS couldn't execute upon trying. I am posting the GMER Log.
Hi,
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Copy-paste following contents into custom scan -area:
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
OTL logfile created on: 5/23/2010 10:10:32 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\LT\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 783.00 Mb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 73.51 Gb Free Space | 65.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LT
Current User Name: LT
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\LT\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\LT\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (MSK80Service) -- File not found
SRV - (MpfService) -- File not found
SRV - (McSysmon) -- File not found
SRV - (McShield) -- File not found
SRV - (McProxy) -- File not found
SRV - (McODS) -- File not found
SRV - (McNASvc) -- File not found
SRV - (mcmscsvc) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (WaveEnrollmentService) -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe (Wave Systems Corp.)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Service1) -- C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe (Mercury Interactive)
SRV - (LogonService1) -- C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe (Mercury Interactive)
SRV - (OtaPool) -- C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe (Mercury Interactive)
SRV - (ExpressionService) -- C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe ()
SRV - (TDStartStopService) -- C:\Program Files\Common Files\Mercury Interactive\TDStartStop.exe (Mercury Interactive)
SRV - (SiteScope) -- C:\Inetpub\TDBIN\SiteScope\tools\sitescopeservice.exe ()
SRV - (MSSQLSERVER) -- C:\Program Files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLSERVERAGENT) -- C:\Program Files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (CheckTestDirectorUserAccount) -- C:\Program Files\Common Files\Mercury Interactive\CheckU.exe (Mercury Interactive)
SRV - (TomcatService) -- C:\Inetpub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe ()
========== Driver Services (SafeList) ==========
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100501.002\navex15.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100501.002\naveng.sys (Symantec Corporation)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0401000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0401000.020\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMDS.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSxpx86.sys (Symantec Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (WaveFDE) -- C:\WINDOWS\system32\drivers\WaveFDE.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (DXEC01) -- C:\WINDOWS\system32\drivers\dxec01.sys (Knowles Acoustics)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (paldrv) -- C:\WINDOWS\system32\pal_drv.sys (Mercury Interactive Corp.)
DRV - (PID_0900_V) Logitech ClickSmart 310(PID_0900_V) -- C:\WINDOWS\system32\drivers\LV551AV.sys (Logitech Inc.)
DRV - (LVBulk) -- C:\WINDOWS\system32\drivers\LVBULK.sys (Logitech Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "JobSearch - Dice.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3191E4CE-790E-42be-B2E0-223475263B7E}:6030.2009.0514.2202
FF - prefs.js..extensions.enabledItems: {DBBB3167-6E81-400f-BBFD-BD8921726F52}:6030.2009.0514.2205
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.2.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/01 16:26:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 20:13:29 | 000,000,000 | ---D | M]
[2009/08/18 19:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT\Application Data\Mozilla\Extensions
[2009/08/18 19:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT\Application Data\Mozilla\Extensions\celtx@celtx.com
[2010/05/02 23:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions
[2010/01/10 12:53:19 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2009/08/20 22:14:11 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}
[2009/08/13 18:51:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/10 12:53:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/20 22:15:29 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2010/01/10 12:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com
[2009/02/11 16:27:36 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\searchplugins\jobsearch---dicecom.xml
[2008/12/12 14:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\searchplugins\MySpace.xml
[2010/05/01 20:13:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 20:13:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/03/06 13:06:00 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/03/06 13:06:02 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/03/06 13:07:42 | 000,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2008/02/07 22:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/02/07 22:46:20 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/02/07 22:46:16 | 000,021,824 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2009/06/24 11:08:26 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2007/03/16 18:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2007/03/16 18:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2007/03/16 18:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2009/03/06 13:06:14 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/02/07 22:48:26 | 000,419,136 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/02/07 22:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
O1 HOSTS File: ([2010/04/29 19:21:23 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (BHOManager Class) - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll (Mercury Interactive Corp.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\LT\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: amtrak.com ([vpn] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amtrak.com ([vpn] https in Trusted sites)
O16 - DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab (HPVirtualRooms33 Class)
O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} http://LT/TDBIN/Spider80.ocx (Loader Class v2)
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} https://vpn.amtrak.com/vdesk/cachecl...2009,0514,2202 (F5 Networks CacheCleaner)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.amtrak.com/vdesk/termina...,2009,514,2217 (F5 Networks VPN Manager)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} http://10.11.50.178/qcbin/capicom.dll (Certificates Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://vpn.amtrak.com/vdesk/termina...,2009,514,2213 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} http://mssepmapp01/projectserver/objects/pjclient.cab (PjAdoInfo3 Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://vpn.amtrak.com/vdesk/termina...2009,0514,2204 (F5 Networks Policy Agent Host Class)
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} http://imlive.com/chatsource/ImlCID.cab (imlUCID Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} http://LT:8080/qcbin/Spider90.ocx (Loader Class v3)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} http://mssepmapp01/projectserver/obj...33/pjcintl.cab (Pj11enuC Class)
O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} http://10.11.50.178/qcbin/Spider91.cab (Loader Class v4)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.amtrak.com/vdesk/termina...,2009,514,2210 (F5 Networks SuperHost Class)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://vpn.amtrak.com/policy/downlo...2009,0514,2213 (F5 Networks OS Policy Agent)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\HTLFP {03B7A5D4-96B0-4316-95F8-072D326A58F1} - File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vfsp {E4CB5121-E242-11D4-8ED6-00010219EB22} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (waveGina.dll) - C:\WINDOWS\System32\waveGina.dll (Wave Systems Corp.)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {A5949E07-8536-4625-A3D0-2DD83F559990} - C:\WINDOWS\system32\ShellHook.dll (Mercury Interactive Corp.)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c27220e2-5501-11de-8388-001c233c6437}\Shell - "" = AutoRun
O33 - MountPoints2\{c27220e2-5501-11de-8388-001c233c6437}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{facdb218-62ac-11de-83b7-001c233c6437}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{facdb218-62ac-11de-83b7-001c233c6437}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb218-62ac-11de-83b7-001c233c6437}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb21b-62ac-11de-83b7-001c233c6437}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{facdb21b-62ac-11de-83b7-001c233c6437}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb21b-62ac-11de-83b7-001c233c6437}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb21d-62ac-11de-83b7-001c233c6437}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{facdb21d-62ac-11de-83b7-001c233c6437}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{facdb21d-62ac-11de-83b7-001c233c6437}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{ffeff4b0-fd5b-11dd-82f2-001e4ca198d5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ffeff4b0-fd5b-11dd-82f2-001e4ca198d5}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{ffeff4b0-fd5b-11dd-82f2-001e4ca198d5}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 19:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
========== Files/Folders - Created Within 30 Days ==========
[2010/05/23 10:06:49 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LT\Desktop\OTL.exe
[2010/05/04 22:11:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/04 22:11:10 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/04 22:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/04 20:31:14 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/04 20:31:13 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/04 20:31:11 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/04 20:31:10 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/04 20:31:07 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/04 20:31:07 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/04 20:31:07 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/04 20:30:46 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/04 20:30:46 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/04 20:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/04 20:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/04 20:29:50 | 000,000,000 | ---D | C] -- C:\Anti_Virus_SW
[2010/05/04 19:16:08 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\cchpx86.sys
[2010/05/04 19:16:08 | 000,362,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\symtdi.sys
[2010/05/04 19:16:08 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\symtdiv.sys
[2010/05/04 19:16:08 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymDS.sys
[2010/05/04 19:16:08 | 000,325,680 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtsp.sys
[2010/05/04 19:16:08 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymEFA.sys
[2010/05/04 19:16:08 | 000,116,784 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\Ironx86.sys
[2010/05/04 19:16:08 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtspx.sys
[2010/05/04 19:15:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/05/04 19:15:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0401000.020
[2010/05/04 19:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/05/04 19:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/05/02 12:39:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/05/01 21:12:39 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/05/01 21:12:39 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/05/01 21:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/05/01 21:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/05/01 21:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/05/01 21:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/05/01 21:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/05/01 21:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/05/01 21:07:05 | 000,408,024 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\LT\Desktop\N360Downloader.exe
[2010/05/01 20:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/01 20:13:29 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/01 20:13:29 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/01 20:13:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/01 20:13:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/01 18:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/01 18:54:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/05/01 11:35:15 | 000,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/01 11:35:10 | 000,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/01 11:35:07 | 000,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/01 11:34:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/05/01 11:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2010/05/01 10:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT\Application Data\ARManager
[2010/05/01 10:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LT\Application Data\20935E7BB5BE849ECFA6390617E58800
[2008/02/23 01:27:34 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/05/23 09:50:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/23 09:48:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 09:48:12 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LT\Desktop\OTL.exe
[2010/05/20 20:34:06 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005UA.job
[2010/05/20 20:34:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005Core.job
[2010/05/20 20:27:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LT\Local Settings\Application Data\WavXMapDrive.bat
[2010/05/20 20:27:02 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/20 20:26:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/20 20:20:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\LT\Desktop\6rxy4k21.exe
[2010/05/20 20:20:02 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\LT\Desktop\dds.com
[2010/05/12 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/05/12 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/05/05 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/05/05 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/05/05 07:54:28 | 006,766,592 | ---- | M] () -- C:\Documents and Settings\LT\ntuser.dat
[2010/05/05 07:54:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\LT\ntuser.ini
[2010/05/04 22:11:25 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/05/04 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/05/04 20:31:15 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/04 20:31:08 | 000,002,674 | ---- | M] () -- C:\WINDOWS\System32\config.nt
[2010/05/04 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/05/04 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/05/04 19:16:57 | 001,205,022 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\Cat.DB
[2010/05/04 19:16:22 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/05/04 19:16:22 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/05/04 19:16:22 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/05/04 19:16:22 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/05/04 19:16:11 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/05/04 19:15:04 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\LT\Desktop\Norton Installation Files.lnk
[2010/05/04 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/05/04 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/05/03 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/05/03 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/05/03 00:56:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/03 00:33:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/05/02 16:05:19 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/05/02 16:05:19 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/05/02 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/05/02 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/05/02 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/05/02 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/05/01 21:07:08 | 000,408,024 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\LT\Desktop\N360Downloader.exe
[2010/05/01 20:50:26 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/05/01 20:50:26 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/05/01 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/05/01 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/05/01 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/05/01 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/05/01 16:37:53 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\LT\Desktop\Google Chrome.lnk
[2010/05/01 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/05/01 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/05/01 11:35:15 | 000,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/01 11:35:10 | 000,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/01 11:35:07 | 027,321,964 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/01 11:35:07 | 000,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/01 11:34:44 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/05/01 11:34:44 | 000,211,986 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/05/01 11:34:44 | 000,106,501 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/04/29 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/04/29 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/04/29 12:21:48 | 002,278,402 | ---- | M] () -- C:\Documents and Settings\LT\My Documents\DraftProposalSummary.pdf
[2010/04/29 12:21:41 | 003,001,127 | ---- | M] () -- C:\Documents and Settings\LT\My Documents\SenateDraftProposal.pdf
[2010/04/27 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/04/27 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/04/27 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/04/27 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/04/26 13:16:22 | 000,003,844 | -H-- | M] () -- C:\Documents and Settings\LT\My Documents\Default.rdp
[2010/04/25 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/04/25 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/05/20 20:28:59 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\LT\Desktop\dds.com
[2010/05/20 20:28:59 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\LT\Desktop\6rxy4k21.exe
[2010/05/04 22:11:25 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 20:31:15 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/04 19:16:37 | 001,205,022 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\Cat.DB
[2010/05/04 19:16:11 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/05/04 19:15:49 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymEFA.inf
[2010/05/04 19:15:49 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymDS.inf
[2010/05/04 19:15:49 | 000,001,473 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymNetV.inf
[2010/05/04 19:15:49 | 000,001,445 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymNet.inf
[2010/05/04 19:15:49 | 000,001,388 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtspx.inf
[2010/05/04 19:15:49 | 000,001,382 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtsp.inf
[2010/05/04 19:15:49 | 000,000,741 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\Iron.inf
[2010/05/04 19:15:48 | 000,001,754 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\ccHPx86.inf
[2010/05/04 19:15:46 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\symnetv.cat
[2010/05/04 19:15:46 | 000,007,444 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymEFA.cat
[2010/05/04 19:15:46 | 000,007,442 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtspx.cat
[2010/05/04 19:15:46 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\srtsp.cat
[2010/05/04 19:15:46 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\iron.cat
[2010/05/04 19:15:46 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymDS.cat
[2010/05/04 19:15:46 | 000,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\cchpx86.cat
[2010/05/04 19:15:46 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\SymNet.cat
[2010/05/04 19:15:46 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\isolate.ini
[2010/05/01 21:12:39 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/05/01 21:12:39 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/05/01 21:07:33 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\LT\Desktop\Norton Installation Files.lnk
[2010/05/01 19:39:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/05/01 19:39:39 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/05/01 11:34:44 | 027,321,964 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/01 11:34:44 | 000,211,986 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/05/01 11:34:44 | 000,106,501 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/05/01 11:34:40 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/05/01 10:12:53 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/04/29 12:21:48 | 002,278,402 | ---- | C] () -- C:\Documents and Settings\LT\My Documents\DraftProposalSummary.pdf
[2010/04/29 12:21:41 | 003,001,127 | ---- | C] () -- C:\Documents and Settings\LT\My Documents\SenateDraftProposal.pdf
[2010/04/26 11:49:24 | 006,766,592 | ---- | C] () -- C:\Documents and Settings\LT\ntuser.dat
[2009/08/20 22:22:19 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2009/06/15 12:44:53 | 000,001,106 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/12/22 21:53:01 | 000,004,534 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2008/08/21 14:17:27 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2008/08/21 14:16:07 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\liplW7.dll
[2008/08/21 14:16:07 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\liplA6.dll
[2008/08/21 14:16:07 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplPX.dll
[2008/08/21 14:16:07 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplP6.dll
[2008/08/21 14:16:07 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplM6.dll
[2008/08/21 14:16:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lipl.dll
[2008/08/21 14:16:07 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/08/21 14:16:05 | 000,000,816 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/04/12 15:54:04 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\isapi_redirect.dll
[2008/04/12 15:46:33 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/04/12 15:46:33 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/04/12 15:45:56 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/04/12 15:45:56 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/04/12 15:45:54 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/03/09 14:29:37 | 000,000,204 | ---- | C] () -- C:\WINDOWS\coparamui.INI
[2008/03/09 14:14:25 | 000,000,686 | ---- | C] () -- C:\WINDOWS\LRAnalysis80.ini
[2008/03/09 13:46:07 | 000,000,035 | ---- | C] () -- C:\WINDOWS\OnlineSet.ini
[2008/03/09 13:46:05 | 000,000,242 | ---- | C] () -- C:\WINDOWS\wlrun5.ini
[2008/03/09 13:46:02 | 000,003,170 | ---- | C] () -- C:\WINDOWS\wlrun7.ini
[2008/03/09 11:06:19 | 000,000,066 | ---- | C] () -- C:\WINDOWS\vugen_extra_keywords.ini
[2008/03/07 14:36:37 | 000,000,512 | ---- | C] () -- C:\WINDOWS\System32\cfgams32.dll
[2008/03/07 14:07:34 | 000,005,382 | ---- | C] () -- C:\WINDOWS\vugen.ini
[2008/03/07 14:06:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\lrdata.ini
[2008/03/07 14:06:29 | 000,000,082 | ---- | C] () -- C:\WINDOWS\upload.ini
[2008/03/07 14:06:15 | 000,000,637 | ---- | C] () -- C:\WINDOWS\flights.ini
[2008/03/07 14:06:11 | 000,000,600 | ---- | C] () -- C:\WINDOWS\miccomm.ini
[2008/03/05 15:41:58 | 000,024,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/03/02 17:19:43 | 000,000,064 | ---- | C] () -- C:\WINDOWS\mictable.INI
[2008/03/01 14:56:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\flight4a.INI
[2008/02/23 01:43:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\AQTProductInfo.INI
[2008/02/23 01:33:08 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/02/23 01:33:08 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/02/23 01:28:30 | 000,000,078 | ---- | C] () -- C:\WINDOWS\wlrun.ini
[2008/02/23 01:27:44 | 000,008,231 | ---- | C] () -- C:\WINDOWS\wrun.ini
[2008/02/23 01:27:35 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[2008/02/23 01:27:35 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[2008/02/23 01:27:35 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll
[2008/02/23 01:27:34 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\co2c40en.dll
[2008/02/23 00:50:26 | 000,002,281 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2008/02/14 01:05:18 | 000,000,707 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/07 10:15:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/07 10:09:49 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/07 10:09:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/07 09:59:40 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/02/07 09:57:05 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/02/07 09:57:05 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/02/07 09:53:54 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/02/07 09:53:52 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/02/07 09:31:31 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/02/07 09:31:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/02/07 09:28:08 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/11/18 15:22:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\imlCID.dll
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/09/13 16:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 16:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 16:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 16:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 16:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 16:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 16:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 16:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 16:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 16:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 16:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 17:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 17:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 17:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 17:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 17:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 17:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 17:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 17:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 17:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 17:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 11:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/15 12:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/14 13:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2006/04/20 09:34:38 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/04/20 09:34:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/04/19 19:50:00 | 000,284,672 | ---- | C] () -- C:\WINDOWS\System32\SovConvAux.Dll
[2005/10/14 16:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/09/10 15:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 15:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 19:24:19 | 000,000,832 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\i064tai.dll
[2004/08/11 19:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/11 19:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/08/11 19:00:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/11 19:00:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/11 19:00:18 | 000,000,335 | ---- | C] () -- C:\WINDOWS\System32\yr4y7xl.dll
[2004/08/11 19:00:18 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2004/08/11 19:00:18 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/08/11 19:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\r5581gd.dll
[2004/08/11 19:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\oeu5a2j.dll
[2004/08/11 19:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\f06y75p.dll
[2004/08/11 19:00:18 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\bmiqa8g.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/04/01 02:00:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\carclw6s.DLL
[1999/11/05 20:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cfgamp32.dll
[1999/11/05 20:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\cfgamp16.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/05/01 20:49:43 | 000,086,460 | ---- | M] () -- C:\aaw7boot.log
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/12 23:34:03 | 000,053,248 | ---- | M] () -- C:\Avail QC Hours.xls
[2009/12/22 23:30:46 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/22 22:06:15 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2008/02/07 09:33:28 | 000,006,623 | RH-- | M] () -- C:\dell.sdr
[2008/11/29 01:58:20 | 000,035,725 | ---- | M] () -- C:\font.zip
[2008/02/15 20:22:32 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/06/15 16:44:21 | 000,000,366 | -H-- | M] () -- C:\IPH.PH
[2008/08/21 14:14:42 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2010/05/01 19:41:51 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/09/25 13:30:52 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\mfc71.dll
[2006/09/25 13:30:52 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\mfc71u.dll
[2008/08/12 23:30:06 | 001,266,432 | ---- | M] () -- C:\Misc.zip
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2006/09/25 13:30:54 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\msvcp71.dll
[2009/02/08 19:38:41 | 000,000,104 | ---- | M] () -- C:\My Computer.lnk
[2009/06/12 09:05:55 | 000,000,634 | ---- | M] () -- C:\m_agent_attribs.cfg
[2009/06/11 21:27:50 | 000,000,634 | ---- | M] () -- C:\m_agent_attribs.cfg.bak
[2008/02/07 09:53:50 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2008/02/07 09:53:50 | 000,022,729 | ---- | M] () -- C:\newkey
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/31 22:40:49 | 000,250,032 | ---- | M] () -- C:\ntldr
[2010/05/23 09:47:47 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/05/01 16:10:54 | 000,000,504 | ---- | M] () -- C:\rkill.log
[2009/01/03 14:39:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/02/01 03:05:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/02/01 23:38:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/02/02 02:32:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/02/02 21:23:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/02/17 21:13:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/02/17 22:26:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/02/17 23:23:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/11/08 03:08:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/11/09 15:39:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/11/10 01:47:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/11/11 01:41:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/11/11 18:25:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/11/12 00:36:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/11/13 02:50:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/11/14 03:25:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/11/14 12:17:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/12/01 00:30:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/12/15 16:42:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/12/16 00:17:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/01/03 14:39:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/02/01 03:05:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/02/01 23:38:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/02/02 02:32:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/02/02 21:23:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/02/17 21:13:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/02/17 22:26:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/02/17 23:23:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/11/08 03:08:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/11/09 15:39:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/11/10 01:47:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/11/11 01:41:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/11/11 18:25:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/11/12 00:36:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/11/13 02:50:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/11/14 03:25:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/11/14 12:17:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/12/01 00:30:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/12/15 16:42:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/12/16 00:17:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2008/08/21 15:36:30 | 000,000,158 | ---- | M] () -- C:\YServer.txt
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/04/14 12:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/05/01 11:35:10 | 000,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/05/01 11:35:07 | 000,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/05/04 19:16:22 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]
< End of report >
OTL Extras logfile created on: 5/23/2010 10:10:32 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and
Settings\LT\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type =
NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format:
M/d/yyyy
1,014.00 Mb Total Physical Memory | 783.00 Mb Available Physical Memory |
77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File
free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Files
Drive C: | 111.72 Gb Total Space | 73.51 Gb Free Space | 65.80% Space Free |
Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LT
Current User Name: LT
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe"
%1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft
Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%
\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --
started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --
started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft
Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft
Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter
s\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter
s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5030:TCP" = 5030:TCP:*:Enabled:Services
"3265:TCP" = 3265:TCP:*:Enabled:Services
"6374:TCP" = 6374:TCP:*:Enabled:Services
"3937:TCP" = 3937:TCP:*:Enabled:Services
"5089:TCP" = 5089:TCP:*:Enabled:Services
"8678:TCP" = 8678:TCP:*:Enabled:Services
"3356:TCP" = 3356:TCP:*:Enabled:Services
"5212:TCP" = 5212:TCP:*:Enabled:Services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter
s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter
s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"135:TCP" = 135:TCP:*:Enabled:DCOM
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"37677:TCP" = 37677:TCP:*:Disabled:ooVoo TCP port 37677
"37677:UDP" = 37677:UDP:*:Disabled:ooVoo UDP port 37677
"37676:UDP" = 37676:UDP:*:Disabled:ooVoo UDP port 37676
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5030:TCP" = 5030:TCP:*:Enabled:Services
"3265:TCP" = 3265:TCP:*:Enabled:Services
"6374:TCP" = 6374:TCP:*:Enabled:Services
"3937:TCP" = 3937:TCP:*:Enabled:Services
"5089:TCP" = 5089:TCP:*:Enabled:Services
"8678:TCP" = 8678:TCP:*:Enabled:Services
"3356:TCP" = 3356:TCP:*:Enabled:Services
"5212:TCP" = 5212:TCP:*:Enabled:Services
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter
s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN
Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) --
(Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter
s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\LT\Application Data\U3\00001753A86079DA\0DE4F643
-C398-46ec-9339-2362F2311932\Exec\Skype.exe" = C:\Documents and
Settings\LT\Application Data\U3\00001753A86079DA\0DE4F643-C398-46ec-9339-
2362F2311932\Exec\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\Mercury Interactive\QuickTest
Professional\bin\AQTRmtAgent.exe" = C:\Program Files\Mercury
Interactive\QuickTest Professional\bin\AQTRmtAgent.exe:*:Enabled:AQT Remote
Agent -- (Mercury Interactive Corp.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger --
(Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!
\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE" = C:\Program
Files\Microsoft Office\OFFICE11\FRONTPG.EXE:*:Enabled:Microsoft Office
FrontPage -- (Microsoft Corporation)
"C:\Program Files\Mercury Interactive\Mercury
LoadRunner\launch_service\bin\magentproc.exe" = C:\Program Files\Mercury
Interactive\Mercury
LoadRunner\launch_service\bin\magentproc.exe:*:Disabled:Mercury Launcher
Process -- (Mercury Interactive Corp.)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program
Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program
Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application --
(www.sopcast.com)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program
Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN
Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) --
(Microsoft Corporation)
"C:\Documents and Settings\LT\Application Data\Macromedia\Flash
Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and
Settings\LT\Application Data\Macromedia\Flash
Player\http://www.macromedia.com\bin\octosh...bled:Octoshape
add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla
Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\LT\Local Settings\Application Data\Google\Google
Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\LT\Local
Settings\Application Data\Google\Google Talk
Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\LT\Local Settings\Application Data\Google\Google
Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\LT\Local
Settings\Application Data\Google\Google Talk
Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Nortel Networks\Extranet.exe" = C:\Program Files\Nortel
Networks\Extranet.exe:*:Enabled:Contivity VPN Client -- File not found
"C:\Documents and Settings\LT\Application Data\mjusbsp\magicJack.exe" =
C:\Documents and Settings\LT\Application
Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program
Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- File not found
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP
Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program
Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent --
File not found
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program
Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- File not
found
"C:\Documents and Settings\LT\Application Data\Juniper Networks\Juniper
Terminal Services Client\dsTermServ.exe" = C:\Documents and
Settings\LT\Application Data\Juniper Networks\Juniper Terminal Services
Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper
Networks)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" =
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance
- Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program
Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program
Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008
Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove
only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet
Explorer
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management
Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express
Edition (MSSMLBIZ)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0
Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting
PayPal Addin
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{439C01D2-84A2-4421-9141-ED58FE79C6BE}" =
"{45534579-B75B-4A42-953B-2EF8E1DEB4F3}" = Microsoft XML Parser
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed
Asset Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native
Client
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup
Support Files (English)
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5C01F86B-B888-4ABE-96AF-E35BF6564A19}" = Quest Software Toad for SQL
Server Trial 4.1
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP
Payroll Addin
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB42024-D62A-33F5-B883-52069E2C9668}" = Google Talk Plugin
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting
Equifax Addin
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional
Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007
Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web
Components
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1528C5E-73E8-441E-8114-3811B4D34F41}" = Expense Calculator
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0
Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business
Connectivity Components
"{AB523489-A51E-4D4E-9109-EC395B6846CD}" = QuickTest Professional
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave
Systems
"{AC3D865A-0D8C-43C0-8BA7-7EC2D34BFBFE}" = Quality Center Microsoft Excel
Addin
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B47695F0-1082-11D5-AF69-00A0CC5FEE7C}" = MercuryTours
"{BD1EDA57-8294-47B7-B129-C3DF2FA95BA4}" = InstallMICGenericHook
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0
Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D25122BC-A60E-4663-B602-B01718F12044}" = Cisco Systems VPN Client
4.8.01.0300
"{D491FEB0-3D6A-49DE-8C97-8D4D0036E07E}" = WebEx Meeting Manager for
Firefox/Netscape/Chrome
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop
Engine
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client
- Web Only
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor
Minimum Install
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave
Systems
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime -
(v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++
2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Celtx (2.7)" = Celtx (2.7)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330
MDC V.92 Modem
"Cricket Scorer_is1" = Cricket Scorer 5.5.4.0
"FileZilla Client" = FileZilla Client 3.3.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation
APIs
"IE4Dev" = Microsoft Script Debugger
"ie7" = Windows Internet Explorer 7
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support
Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information
Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager
Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security
Setup
"InstallShield_{AB523489-A51E-4D4E-9109-EC395B6846CD}" = QuickTest
Professional
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page
Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security
Center
"LoadRunner" = Mercury LoadRunner 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame
Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting
Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting
PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"oovooToolbar" = ooVoo Toolbar
"P2P Tv Plugin_is1" = P2P Tv Plugin
"RealPlayer 6.0" = RealPlayer
"SearchAssist" = SearchAssist
"SiteScope1DeinstKey" = SiteScope
"Slideroll Gallery AV_is1" = Slideroll Gallery AV 0.92b4
"Slideroll Video Creator_is1" = Slideroll Video Creator 0.83b
"SopCast" = SopCast 3.0.1
"SPVOD Player1.8" = SPVOD Player1.8
"ST6UNST #1" = cBizOne
"TeamViewer 4" = TeamViewer 4
"TestDirector 8.0" = TestDirector 8.0
"UnifiedReport" = Unified Report
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.3
"WampServer 2_is1" = WampServer 2.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinRunner" = WinRunner
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320
"Juniper_Citrix_Services" = Juniper Citrix Services Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash
Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/15/2010 4:54:25 PM | Computer Name = LT | Source = Google Update |
ID = 20
Description =
Error - 5/20/2010 8:17:03 PM | Computer Name = LT | Source = Userenv | ID =
1041
Description = Windows cannot query DllName registry entry for {7B849a69-
220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty
registration.
Error - 5/20/2010 8:17:03 PM | Computer Name = LT | Source = Userenv | ID =
1041
Description = Windows cannot query DllName registry entry for {CF7639F3-
ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty
registration.
Error - 5/20/2010 8:26:19 PM | Computer Name = LT | Source = Userenv | ID =
1041
Description = Windows cannot query DllName registry entry for {7B849a69-
220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty
registration.
Error - 5/20/2010 8:26:19 PM | Computer Name = LT | Source = Userenv | ID =
1041
Description = Windows cannot query DllName registry entry for {CF7639F3-
ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty
registration.
Error - 5/20/2010 8:26:57 PM | Computer Name = LT | Source = Broadcom ASF IP
and SMBIOS Mailbox Monitor | ID = 0
Description =
Error - 5/20/2010 8:26:58 PM | Computer Name = LT | Source = Userenv | ID =
1041
Description = Windows cannot query DllName registry entry for {7B849a69-
220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty
registration.
Error - 5/20/2010 8:26:58 PM | Computer Name = LT | Source = Userenv | ID =
1041
Description = Windows cannot query DllName registry entry for {CF7639F3-
ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty
registration.
Error - 5/20/2010 8:28:06 PM | Computer Name = LT | Source = Google Update |
ID = 20
Description =
Error - 5/20/2010 8:34:06 PM | Computer Name = LT | Source = Google Update |
ID = 20
Description =
[ System Events ]
Error - 5/4/2010 8:12:43 PM | Computer Name = LT | Source = DCOM | ID =
10020
Description = The machine wide Default Launch and Activation security
descriptor
is invalid. It contains Access Control Entries with permissions that are
invalid.
The requested action was therefore not performed. This security permission
can
be corrected using the Component Services administrative tool.
Error - 5/12/2010 10:32:16 AM | Computer Name = LT | Source = DCOM | ID =
10020
Description = The machine wide Default Launch and Activation security
descriptor
is invalid. It contains Access Control Entries with permissions that are
invalid.
The requested action was therefore not performed. This security permission
can
be corrected using the Component Services administrative tool.
Error - 5/12/2010 10:32:22 AM | Computer Name = LT | Source = Print | ID =
23
Description = Printer Microsoft XPS Document Writer failed to initialize
because
a suitable Microsoft XPS Document Writer driver could not be found.
Error - 5/12/2010 10:32:22 AM | Computer Name = LT | Source = Print | ID =
23
Description = Printer WebEx Document Loader failed to initialize because a
suitable
HP Color LaserJet 4700 PCL 5c driver could not be found.
Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service
Control Manager | ID = 7000
Description = The McAfee Services service failed to start due to the
following error:
%%3
Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service
Control Manager | ID = 7000
Description = The McAfee Network Agent service failed to start due to the
following
error: %%3
Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service
Control Manager | ID = 7000
Description = The McAfee Proxy Service service failed to start due to the
following
error: %%3
Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service
Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to
the following
error: %%3
Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service
Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start
due to
the following error: %%3
Error - 5/12/2010 10:32:39 AM | Computer Name = LT | Source = Service
Control Manager | ID = 7000
Description = The McAfee Anti-Spam Service service failed to start due to
the following
error: %%3
< End of report >
Hi,
Kindly turn word wrap off in notepad to make logs appear in more readable format.
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
- Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include contents of the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
See if you're able to run DDS now and post back contents of dds.txt log if possible.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.