Solved Looking for csrss.exe in wrong folder

mwm242 · 2011/06/10

In case it makes a difference, there are nine instances of svchost running, and when restarting there is a message that pops up. It says "Ending Program - Missing Virus Definitions ".

Thank you very much for all of your help.

mwm242 · 2011/06/10

Also, the internet connection is made through the Netgear utility and not Windows. But now when I try to run the connection utility, nothing happens, the program doesn't open and no message is shown, nothing.

broni · 2011/06/10

Multiple instances of svchost are normal.

Do you have any errors in Device Manager, especially regarding network adapters/

Also...

Please download MiniToolBox and run it.

Checkmark following boxes:

Report IE Proxy Settings

List content of Hosts

List IP configuration

List last 10 Event Viewer log

Click Go and post the result.

mwm242 · 2011/06/13

Sorry for not replying sooner, exigent circumstances. Now to continue...

The Device Manager showed no errors at all. It sometimes has an error recognizing one of the usb ports (whichever port the wireless adapter happens to be plugged into), at which time I have to restart the computer. But no errors right now.

Thank you again for your help.

The MiniToolBox log is.....

MiniToolBox by Farbar
Ran by [user name] (administrator) on 13-06-2011 at 09:21:10
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

127.0.0.1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Wireless Network Connection "

set address name= "Wireless Network Connection" source=dhcp
set dns name= "Wireless Network Connection" source=dhcp register=PRIMARY
set wins name= "Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection "

set address name= "Local Area Connection" source=dhcp
set dns name= "Local Area Connection" source=dhcp register=PRIMARY
set wins name= "Local Area Connection" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : [computer name]

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Wireless N-300 USB Adapter WNA3100

Physical Address. . . . . . . . . : 30-46-9A-23-1F-7D

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-20-ED-6D-42-E5

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...30 46 9a 23 1f 7d ...... Wireless N-300 USB Adapter WNA3100 - Packet Scheduler Miniport
0x3 ...00 20 ed 6d 42 e5 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 3 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/10/2011 03:59:27 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Bloodhound.Exploit.196 in File: by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (06/10/2011 03:59:26 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Bloodhound.Exploit.196 in File: by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (06/10/2011 03:55:38 PM) (Source: Symantec AntiVirus) (User: SYSTEM)SYSTEM
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Event Info: Open Thread
Action Taken: Blocked
Actor Process: C:\Program Files\UPHClean\uphclean.exe (PID 1428)
Time: Friday, June 10, 2011 3:55:38 PM

Error: (06/10/2011 03:54:34 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module shmedia.dll, version 6.0.2900.5512, fault address 0x0000ac54.
Processing media-specific event for [explorer.exe!ws!]

Error: (06/10/2011 02:33:06 PM) (Source: Symantec AntiVirus) (User: SYSTEM)SYSTEM
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Event Info: Open Thread
Action Taken: Blocked
Actor Process: C:\Program Files\UPHClean\uphclean.exe (PID 624)
Time: Friday, June 10, 2011 2:33:06 PM

Error: (06/10/2011 11:07:55 AM) (Source: Symantec AntiVirus) (User: [user name])[user name]
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Open Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\[user name]\Desktop\OTL.exe (PID 1160)
Time: Friday, June 10, 2011 11:07:55 AM

Error: (06/10/2011 11:07:55 AM) (Source: Symantec AntiVirus) (User: [user name])[user name]
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Event Info: Open Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\[user name]\Desktop\OTL.exe (PID 1160)
Time: Friday, June 10, 2011 11:07:55 AM

Error: (06/10/2011 11:07:55 AM) (Source: Symantec AntiVirus) (User: [user name])[user name]
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\DefWatch.exe
Event Info: Open Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\[user name]\Desktop\OTL.exe (PID 1160)
Time: Friday, June 10, 2011 11:07:55 AM

Error: (06/10/2011 11:07:55 AM) (Source: Symantec AntiVirus) (User: [user name])[user name]
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Event Info: Open Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\[user name]\Desktop\OTL.exe (PID 1160)
Time: Friday, June 10, 2011 11:07:55 AM

Error: (06/10/2011 11:07:55 AM) (Source: Symantec AntiVirus) (User: [user name])[user name]
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Event Info: Open Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\[user name]\Desktop\OTL.exe (PID 1160)
Time: Friday, June 10, 2011 11:07:55 AM

System errors:
=============
Error: (06/12/2011 06:16:28 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (06/10/2011 11:07:56 AM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (06/10/2011 11:07:55 AM) (Source: Service Control Manager) (User: )
Description: The User Profile Hive Cleanup service terminated unexpectedly. It has done this 1 time(s).

Error: (06/10/2011 11:07:55 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/10/2011 11:07:54 AM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/10/2011 11:07:54 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/09/2011 10:31:22 PM) (Source: PlugPlayManager) (User: )
Description: The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.

Error: (06/09/2011 10:14:12 PM) (Source: 0) (User: )
Description: \Device\Harddisk2\D

Error: (06/09/2011 08:53:29 PM) (Source: Service Control Manager) (User: )
Description: The Network Security service terminated with the following error:
%%126

Error: (06/09/2011 11:00:15 AM) (Source: Service Control Manager) (User: )
Description: The Network Security service terminated with the following error:
%%126

Microsoft Office Sessions:
=========================
Error: (06/30/2010 07:05:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 438 seconds with 180 seconds of active time. This session ended with a crash.

========================= End of Event log errors =========================

broni · 2011/06/13

Try some basic steps...

Make sure, your computer is set to obtain IP address automatically.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
6. Click Obtain an IP Address Automatically, and then click OK.

If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client "
net start "dns client "

Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.

If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
Restart computer, and check again.

If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

Have XP CD available in case DAF needs a file. Likely not!

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here, one at a time, do the below:

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Restart computer.

mwm242 · 2011/06/13

I checked to make sure it obtained the IP address automatically, but the next steps were going to require me to go get a longer cable than I have available right now. So I uninstalled and reinstalled the USB adapter software, and I now have internet access. The difference is that now I am required to use the adapters software. I'm not sure what I had done, but I had it configured so that I didn't have to use the software to connect to the internet, but now if I exit from the software for the adapter, the internet connection drops. I would like to get it back where it was, and not have to use the software, just the driver. I will gladly move forums if you would like, just let me know which one to post in.

Thank you very much for all of your help!

mwm242

broni · 2011/06/13

Are you talking about USB wireless dongle?

mwm242 · 2011/06/13

It is a USB wireless adapter, essentially a dongle.

broni · 2011/06/13

Let's finish cleaning steps and then you can create new topic about connection issue in another forum.

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

mwm242 · 2011/06/16

Here are the latest log files. Thanks again, and I'll be eagerly awaiting further instructions. If you have the time could you please explain to me why after all of the programs and scripts that have been run this latest scan still shows a problem?

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Symantec AntiVirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 20
Java(TM) 6 Update 2
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.3.181.14
Adobe Reader 8.2.6
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.17)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
``````````End of Log````````````

C:\Documents and Settings\[user name]\My Documents\Downloads\media.player.codec.pack.v3.9.6.setup.exe Win32/Adware.Toolbar.Dealio application
C:\Documents and Settings\[user name]\My Documents\scribbles\Setup_FreeFlvConverterN.exe Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\WINDOWS\system32\itlnfw32.dll.vir a variant of Win32/Koblu.A trojan
C:\System Volume Information\_restore{7FA14969-BB83-424C-B754-583136D0BA1F}\RP1398\A0123849.dll a variant of Win32/Koblu.A trojan

broni · 2011/06/16

First two Eset findings are inactive leftovers.
3rd one was already quarantined by Combofix and the last one is in one of your restore points, which we're about to reset.

=====================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

===================================================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

=====================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\Documents and Settings\[user name]\My Documents\Downloads\media.player.codec.pack.v3.9.6.setup.exe 
C:\Documents and Settings\[user name]\My Documents\scribbles\Setup_FreeFlvConverterN.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Make sure to replace [user name] with what it really is.
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

mwm242 · 2011/06/17

I updated Java, but not Adobe reader. I primarily use Foxit, I just keep adobe for a backup and don't really want to update it. I thought I had turned the update notifications for it off, but I see the nag even as I type this. I ran OTL fix and am posting the results below. I will run the scan and post those results next.

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\[user name]\My Documents\Downloads\media.player.codec.pack.v3.9.6.setup.exe moved successfully.
C:\Documents and Settings\[user name]\My Documents\scribbles\Setup_FreeFlvConverterN.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: [user name]
->Temp folder emptied: 220146764 bytes
->Temporary Internet Files folder emptied: 907236 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 9699 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 505 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 900880 bytes

Total Files Cleaned = 212.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: [user name]
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 06172011_093619

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\[user name]\Local Settings\Temp\Perflib_Perfdata_13608.dat not found!

Registry entries deleted on Reboot...

mwm242 · 2011/06/17

This is the second of two posts. This is the OTL scan. I didn't put the script in like the first time, but I did check scan all users (may not be useful, but didn't think it could hurt).
Thank you very much. Next?

OTL logfile created on: 6/17/2011 9:56:12 AM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\[user name]\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 34.37% Memory free
2.11 Gb Paging File | 1.25 Gb Available in Paging File | 59.25% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 33.93 Gb Free Space | 22.76% Space Free | Partition Type: NTFS
Drive D: | 672.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 10.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 3.81 Gb Total Space | 0.47 Gb Free Space | 12.43% Space Free | Partition Type: FAT32

Computer Name: [computer name] | User Name: [user name] | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/09 23:32:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\[user name]\Desktop\OTL.exe
PRC - [2011/05/31 15:07:27 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/01/22 00:06:20 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/27 16:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/04/17 14:30:48 | 000,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/04/17 14:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/04/17 14:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/04/08 17:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 17:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/04/08 17:52:30 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/03/30 23:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

========== Modules (SafeList) ==========

MOD - [2011/06/09 23:32:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\[user name]\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2006/01/05 02:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/04/27 16:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2005/04/17 14:30:42 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/04/17 14:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/04/17 14:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/04/08 17:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/04/08 17:54:50 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/04/08 17:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/05 13:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 23:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/06/03 03:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110608.002\navex15.sys -- (NAVEX15)
DRV - [2011/06/03 03:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110608.002\naveng.sys -- (NAVENG)
DRV - [2011/05/16 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/11/03 15:20:29 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/03 11:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/11/06 08:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2009/10/16 15:32:04 | 000,069,656 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\nlem32nt.sys -- (nlem32nt)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/18 23:43:54 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 23:43:12 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/12/18 23:43:06 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/10/10 06:58:48 | 000,203,648 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2005/04/05 13:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 13:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/01 22:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/30 23:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/04 22:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 22:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 17:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 08:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-842925246-484061587-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-842925246-484061587-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-842925246-484061587-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-842925246-484061587-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-842925246-484061587-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-842925246-484061587-682003330-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-842925246-484061587-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-484061587-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p= "

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/06/03 15:15:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/13 16:03:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/27 09:17:05 | 000,000,000 | ---D | M]

[2010/05/05 22:28:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\[user name]\Application Data\Mozilla\Extensions
[2011/06/07 18:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\[user name]\Application Data\Mozilla\Firefox\Profiles\nvgr6c1x.default\extensions
[2010/06/28 17:11:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\[user name]\Application Data\Mozilla\Firefox\Profiles\nvgr6c1x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/18 16:36:31 | 000,000,000 | ---D | M] (Firesheep) -- C:\Documents and Settings\[user name]\Application Data\Mozilla\Firefox\Profiles\nvgr6c1x.default\extensions\firesheep@codebutler.com
[2011/03/27 17:16:03 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\[user name]\Application Data\Mozilla\Firefox\Profiles\nvgr6c1x.default\extensions\personas@christopher(2).beard
[2011/03/27 17:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\[user name]\Application Data\Mozilla\Firefox\Profiles\nvgr6c1x.default\extensions\personas@christopher.beard
[2011/06/17 09:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/10 10:01:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/17 09:29:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/17 09:28:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/03 15:15:51 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/06/17 09:28:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/22 23:32:37 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/06/09 22:34:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
O4 - Startup: C:\Documents and Settings\[user name]\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-484061587-682003330-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-484061587-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-842925246-484061587-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-842925246-484061587-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://aol.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (Bejeweled Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v46/monopoly/monopoly.cab (Monopoly Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab (MysteryPI Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\[user name]\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\[user name]\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/07 19:36:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/10/22 22:22:58 | 000,000,277 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 09:52:59 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\[user name]\Desktop\OTL.exe
[2011/06/13 11:33:59 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2011/06/13 11:33:59 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2011/06/13 11:33:59 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2011/06/13 11:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WNA3100 Smart Wizard
[2011/06/13 11:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2011/06/10 11:07:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/10 09:10:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/09 22:15:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/09 21:26:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/09 21:26:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/09 21:26:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/09 21:26:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/09 21:26:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/09 21:25:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/09 15:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[user name]\Desktop\Antivirus
[2011/06/09 11:46:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\[user name]\Start Menu\Programs\Administrative Tools
[2011/06/08 07:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/08 07:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/08 04:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/06/07 18:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/07 18:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/26 15:48:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\[user name]\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/06/17 09:41:07 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/17 09:39:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/17 09:39:25 | 1610,145,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/17 00:00:00 | 000,000,824 | ---- | M] () -- C:\WINDOWS\tasks\Daily Incremental Backup.job
[2011/06/15 23:35:00 | 000,000,812 | ---- | M] () -- C:\WINDOWS\tasks\Weekly Normal Backup.job
[2011/06/15 18:00:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for [user name].job

[2011/06/13 12:17:57 | 027,732,124 | ---- | M] () -- C:\Documents and Settings\[user name]\My Documents\jesikuh_18 flash.avi
[2011/06/13 11:33:58 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
[2011/06/13 11:33:58 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
[2011/06/10 11:22:52 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\[user name]\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 23:32:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\[user name]\Desktop\OTL.exe
[2011/06/09 22:34:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/09 22:16:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/08 15:45:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/08 10:42:01 | 000,002,616 | ---- | M] () -- C:\Documents and Settings\[user name]\Application Data\DC6E.0B2
[2011/06/07 11:33:48 | 000,004,500 | ---- | M] () -- C:\Documents and Settings\[user name]\My Documents\payment-confirmation-6.07.11.pdf
[2011/05/27 12:00:15 | 005,360,339 | ---- | M] () -- C:\Documents and Settings\[user name]\My Documents\desserts.pdf
[2011/05/27 11:58:32 | 007,092,336 | ---- | M] () -- C:\Documents and Settings\[user name]\My Documents\maindishes.pdf
[2011/05/27 11:57:53 | 005,103,859 | ---- | M] () -- C:\Documents and Settings\[user name]\My Documents\saladssides.pdf
[2011/05/27 11:31:20 | 005,817,894 | ---- | M] () -- C:\Documents and Settings\[user name]\My Documents\appetizersextras.pdf
[2011/05/27 09:17:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

========== Files Created - No Company Name ==========

[2011/06/13 11:33:59 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/06/13 11:33:58 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
[2011/06/13 11:33:58 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
[2011/06/09 22:16:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/09 22:16:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/09 21:26:20 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/09 21:26:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/09 21:26:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/09 21:26:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/09 21:26:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/08 10:28:47 | 000,002,616 | ---- | C] () -- C:\Documents and Settings\[user name]\Application Data\DC6E.0B2
[2011/06/07 18:41:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/07 11:33:48 | 000,004,500 | ---- | C] () -- C:\Documents and Settings\[user name]\My Documents\payment-confirmation-6.07.11.pdf
[2011/05/27 12:00:15 | 005,360,339 | ---- | C] () -- C:\Documents and Settings\[user name]\My Documents\desserts.pdf
[2011/05/27 11:58:32 | 007,092,336 | ---- | C] () -- C:\Documents and Settings\[user name]\My Documents\maindishes.pdf
[2011/05/27 11:57:53 | 005,103,859 | ---- | C] () -- C:\Documents and Settings\[user name]\My Documents\saladssides.pdf
[2011/05/27 11:31:20 | 005,817,894 | ---- | C] () -- C:\Documents and Settings\[user name]\My Documents\appetizersextras.pdf
[2011/05/27 09:17:05 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/05/25 15:20:12 | 000,177,831 | ---- | C] () -- C:\Documents and Settings\[user name]\My Documents\iss4.pdf
[2011/05/25 15:18:47 | 000,301,435 | ---- | C] () -- C:\Documents and Settings\[user name]\My Documents\fss4.pdf
[2010/11/03 16:07:58 | 000,000,138 | ---- | C] () -- C:\WINDOWS\trsubreader.INI
[2010/08/26 15:48:13 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\[user name]\Application Data\pcouffin.cat
[2010/08/26 15:48:13 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\[user name]\Application Data\pcouffin.inf
[2010/08/05 16:23:25 | 000,059,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/24 14:33:00 | 004,670,829 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/05/24 14:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/05/24 14:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/05/24 14:33:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/05/24 14:33:00 | 000,810,113 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/24 14:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/05/24 14:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/05/24 14:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/05/24 14:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/05/24 14:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/05/24 14:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/05/24 14:33:00 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/05/24 14:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/05/24 14:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/05/24 14:33:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/24 14:33:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/05/24 14:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/05/19 15:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/05/19 15:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/05/19 15:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/05/19 15:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/05/19 15:58:24 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2010/05/19 15:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/05/19 15:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/05/19 15:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/05/19 15:57:38 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2010/05/19 15:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/05/19 15:57:20 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2010/05/19 15:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/05/19 15:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/05/05 22:26:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/16 15:32:04 | 000,069,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\nlem32nt.sys
[2009/10/16 15:32:04 | 000,061,352 | ---- | C] () -- C:\WINDOWS\System32\nlem32nt.dll
[2009/10/16 15:32:04 | 000,047,016 | ---- | C] () -- C:\WINDOWS\System32\secbuild.dll
[2009/10/16 15:32:04 | 000,035,752 | ---- | C] () -- C:\WINDOWS\System32\sectools.dll
[2009/08/15 12:08:18 | 000,002,709 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM3.DLL
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/02 10:36:52 | 000,001,019 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/06/02 10:36:52 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/06/02 10:36:34 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/06/02 10:36:34 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/06/02 10:35:54 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2009/06/02 10:35:45 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/06/02 10:35:45 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/06/02 10:35:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/06/02 10:29:51 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/05/11 12:04:00 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\[user name]\Application Data\setup_ldm.iss
[2009/01/27 12:16:04 | 000,000,021 | ---- | C] () -- C:\WINDOWS\hpljp300xg.ini
[2009/01/27 12:13:20 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpljp300xm.ini
[2009/01/17 14:33:28 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTSHDW3.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/12/18 10:45:52 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\te42_qcx.dll
[2008/12/15 14:26:59 | 000,181,760 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/18 11:15:07 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\[user name]\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/10 15:12:34 | 000,549,376 | ---- | C] () -- C:\WINDOWS\System32\u2ltw.dll
[2007/11/12 08:21:37 | 000,002,631 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM0.DLL
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/14 10:54:05 | 000,001,053 | ---- | C] () -- C:\WINDOWS\CFSREG.INI
[2007/08/09 15:41:24 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\[user name]\Local Settings\Application Data\fusioncache.dat
[2007/08/09 15:40:41 | 063,839,744 | ---- | C] () -- C:\Program Files\Common Files\[program name] Workstation.msi
[2007/08/09 15:36:27 | 018,448,384 | ---- | C] () -- C:\Program Files\Common Files\[program name] Workstation Setup.msi
[2007/08/09 15:00:09 | 000,001,574 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/07 20:06:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/07 19:40:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/08/07 19:34:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/08/07 19:24:19 | 000,000,374 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/08/07 19:24:13 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2007/08/07 19:24:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/08/07 19:23:59 | 000,444,794 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/08/07 19:23:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/08/07 19:23:59 | 000,072,544 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/08/07 19:23:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/08/07 19:23:58 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/08/07 19:23:57 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/08/07 19:23:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/08/07 19:23:54 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/08/07 19:23:54 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/08/07 19:23:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/08/07 19:23:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/08/07 18:36:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/08/07 12:29:03 | 000,004,330 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/07 12:27:39 | 000,394,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/21 18:57:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2005/12/21 18:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 18:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2004/12/14 18:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\SmAgentAPI.dll
[2004/04/23 17:02:10 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2003/02/18 20:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

========== LOP Check ==========

[2010/08/23 08:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2008/12/16 14:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2008/12/09 14:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/06/02 11:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/12/10 15:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\[program name]
[2011/03/10 12:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\[program name]
[2010/08/05 16:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/22 15:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/11/03 16:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[user name]\Application Data\Boilsoft
[2010/06/29 16:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[user name]\Application Data\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2010/09/13 15:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[user name]\Application Data\[program name]
[2011/01/07 12:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[user name]\Application Data\Foxit Software
[2009/08/17 10:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[user name]\Application Data\[program name]
[2010/07/24 12:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[user name]\Application Data\ImgBurn
[2009/01/18 21:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[user name]\Application Data\Leadertech
[2008/12/18 12:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[user name]\Application Data\NexusIT
[2010/09/07 09:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[user name]\Application Data\Opera
[2009/06/08 12:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[user name]\Application Data\PC-FAX TX
[2010/07/24 12:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[user name]\Application Data\RipIt4Me
[2009/06/02 11:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[user name]\Application Data\ScanSoft
[2011/01/20 13:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[user name]\Application Data\[program name]
[2010/08/26 15:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[user name]\Application Data\Vso
[2011/06/17 00:00:00 | 000,000,824 | ---- | M] () -- C:\WINDOWS\Tasks\Daily Incremental Backup.job
[2011/06/15 23:35:00 | 000,000,812 | ---- | M] () -- C:\WINDOWS\Tasks\Weekly Normal Backup.job

========== Purity Check ==========

< End of report >

mwm242 · 2011/06/17

Part 3.
I got to the part of your post where it says "Your computer is clean ". I posted the script in OTL to reset system restore points, and after it ran it prompted me for a reboot. I rebooted, and when system came back up it said "The system has recovered from a serious error." Here is the OTL log. I will wait for instructions before I proceed.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: [user name]
->Temp folder emptied: 153861 bytes
->Temporary Internet Files folder emptied: 53650 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 898 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: [user name]
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.23.0 log created on 06172011_102159

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2011/06/17

No reason to be alarmed by one error.
Proceed with step 2.

broni · 2011/06/21

Still with me?

broni · 2011/06/25

The issue seems to be resolved.

Log in or Sign up

Solved Looking for csrss.exe in wrong folder

mwm242 Inactive Thread Starter

mwm242 Inactive Thread Starter

broni Moderator Malware Analyst

mwm242 Inactive Thread Starter

broni Moderator Malware Analyst

mwm242 Inactive Thread Starter

broni Moderator Malware Analyst

mwm242 Inactive Thread Starter

broni Moderator Malware Analyst

mwm242 Inactive Thread Starter

broni Moderator Malware Analyst

mwm242 Inactive Thread Starter

mwm242 Inactive Thread Starter

mwm242 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Looking for csrss.exe in wrong folder

mwm242 Inactive Thread Starter

mwm242 Inactive Thread Starter

broni Moderator Malware Analyst

mwm242 Inactive Thread Starter

broni Moderator Malware Analyst

mwm242 Inactive Thread Starter

broni Moderator Malware Analyst

mwm242 Inactive Thread Starter

broni Moderator Malware Analyst

mwm242 Inactive Thread Starter

broni Moderator Malware Analyst

mwm242 Inactive Thread Starter

mwm242 Inactive Thread Starter

mwm242 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches