1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Need help bad

Discussion in 'Malware and Virus Removal Archive' started by Nyzgr8est89, 2010/03/10.

  1. 2010/03/10
    Nyzgr8est89

    Nyzgr8est89 Inactive Thread Starter

    Joined:
    2010/03/10
    Messages:
    7
    Likes Received:
    0
    [Inactive] Need help bad

    Ok guys i have recently heard of this new virus im not exactly sure what its called but attacks your windows... originally u get it from someone u know in an email. Better yet lemme just lay u out this Scenario.
    My gf's father was on his computer, (its under 1 year warranty still from dell and its OS is Windows 7) He got a email from his friend saying he was stuck in England has no money and to mail him about $2,000 to get him out of england. (Mind u we live In New York) so her dad obviously opened that mail and read that as u see above. Here is the problems i am getting with his computer:
    1) Catalyst Control Center doesn't work properly and shuts down (CPU remains to work)
    2) When u go on Internet Explorer you get a message saying to change your Search Provider and it brings up other search's used to be just aol.com and Bing.com on that list but i was never able to change the Search Provider like that.
    3)The external cant be "Safely Removed" cause its currently in use EVEN tho its not being used and just sitting there. (mine at my house if its just sitting there with no external windows being used it usually gets removed)
    4)I cannot download ANY File what so ever. I haven't tried doing Direct Setups (from external) im hopeing that will work for my anti-virus.

    I have ran their McAfee Anti-virus twice and nothing showed as a virus or a treat. Everything was working fine until he opened this Email From his friend (Please Keep in mind this is a Brand New CPU i don't know the brand of the cpu it is a DELL) Is this a virus? if so how can i get rid of it if my anti virus cant? (Norton and avg (i use them separately))
    (i do want u guys to keep in mind that: I cannot Download Anything what so ever, and i am unsure if i can even install setups directly hopeing i can. I do know how to Restore the Operating system and i dont think resetting the day of the cpu back will help cause he dont remember how long ago it has been) what should i do? How can i get rid of this virus? Does anyone know the name of the virus? i wish i can supply u with better information about his computer but i wont be back at my girlfriends house till this saturday the 13th. Hope to receive help soon
    ~Nyz
    ---------------------------

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Matthew at 17:40:47.82 on Wed 03/10/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.222.57 [GMT -8:00]

    AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
    FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Matthew\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe "
    mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe "
    mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-6.0.1.33\QOELoader.exe "
    mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
    mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
    mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: c:\windows\system32\VetRedir.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: PFW - UmxWnp.Dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\matthew\applic~1\mozilla\firefox\profiles\mm68o1gt.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

    ============= SERVICES / DRIVERS ===============


    =============== Created Last 30 ================

    2010-03-08 04:09:08 0 dc----w- C:\LGVX9200
    2010-03-08 00:34:56 0 dc----w- c:\program files\Verizon Wireless
    2010-03-08 00:10:34 0 dc----w- C:\LG_USB
    2010-03-08 00:09:32 53248 -c--a-w- c:\windows\system32\CommonDL.dll
    2010-03-08 00:09:32 2412 -c--a-w- c:\windows\system32\lgAxconfig.ini
    2010-03-08 00:09:18 0 dc----w- c:\docume~1\alluse~1\applic~1\LGMOBILEAX
    2010-03-07 21:34:30 0 dc----w- c:\docume~1\matthew\applic~1\Smith Micro
    2010-03-07 11:08:37 0 dc----w- c:\program files\MSXML 4.0
    2010-03-07 09:04:51 24960 -c--a-w- c:\windows\system32\drivers\lgusbmodem.sys
    2010-03-07 09:04:51 20864 -c--a-w- c:\windows\system32\drivers\lgusbdiag.sys
    2010-03-07 09:04:51 13056 -c--a-w- c:\windows\system32\drivers\lgusbbus.sys
    2010-03-07 09:04:50 0 dc----w- c:\program files\LG Electronics
    2010-03-06 12:33:27 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
    2010-03-06 12:33:27 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
    2010-03-06 12:33:27 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
    2010-03-06 12:33:27 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
    2010-03-06 12:33:27 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
    2010-03-06 12:33:27 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
    2010-03-06 12:33:27 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
    2010-03-06 12:33:27 61210 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
    2010-03-06 11:55:33 0 dc----w- c:\windows\CAVTemp
    2010-03-06 11:21:47 26352 -c--a-w- c:\windows\system32\drivers\vet-filt.sys
    2010-03-06 11:21:47 21488 -c--a-w- c:\windows\system32\drivers\vetfddnt.sys
    2010-03-06 11:21:47 21104 -c--a-w- c:\windows\system32\drivers\vet-rec.sys
    2010-03-06 11:21:47 161008 -c--a-w- c:\windows\system32\drivers\vetmonnt.sys
    2010-03-06 11:21:46 91376 -c--a-w- c:\windows\system32\isafprod.dll
    2010-03-06 11:21:46 739696 -c--a-w- c:\windows\system32\drivers\vetefile.sys
    2010-03-06 11:21:46 133520 -c--a-w- c:\windows\system32\drivers\veteboot.sys
    2010-03-06 11:10:13 0 dc----w- c:\windows\Downloaded Installations
    2010-03-06 11:10:12 250544 -c--a-w- c:\windows\system32\KeyHelp.ocx
    2010-03-06 11:09:58 0 dc----w- c:\program files\common files\Scanner
    2010-03-06 11:09:45 99592 -c--a-w- c:\windows\system32\isafeif.dll
    2010-03-06 11:09:45 83256 -c--a-w- c:\windows\system32\vetredir.dll
    2010-03-06 11:07:55 0 dc----w- c:\docume~1\alluse~1\applic~1\CA
    2010-03-06 11:07:49 0 dc----w- c:\program files\CA
    2010-02-25 05:28:42 0 d-sh--w- C:\found.001
    2010-02-20 00:42:54 60032 -c--a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2010-02-20 00:42:54 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
    2010-02-20 00:42:22 0 dc----w- c:\windows\OvtCam
    2010-02-20 00:42:17 91136 -c--a-w- c:\windows\system32\kswdmcap.ax
    2010-02-20 00:42:17 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
    2010-02-20 00:42:17 61952 -c--a-w- c:\windows\system32\kstvtune.ax
    2010-02-20 00:42:17 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax
    2010-02-20 00:42:17 53760 -c--a-w- c:\windows\system32\vfwwdm32.dll
    2010-02-20 00:42:17 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2010-02-20 00:42:17 43008 -c--a-w- c:\windows\system32\ksxbar.ax
    2010-02-20 00:42:17 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax
    2010-02-20 00:33:45 0 dc----w- c:\program files\directx
    2010-02-20 00:33:25 0 dc----w- c:\program files\VGA USB Camera
    2010-02-09 08:27:34 0 dcsh--w- c:\documents and settings\matthew\IECompatCache
    2010-02-09 08:25:52 0 dcsh--w- c:\documents and settings\matthew\PrivacIE

    ==================== Find3M ====================

    2010-01-26 05:57:20 21640 -c--a-w- c:\windows\system32\emptyregdb.dat
    2009-12-22 05:35:05 81920 -c----w- c:\windows\system32\ieencode.dll
    2009-12-21 19:14:05 916480 -c--a-w- c:\windows\system32\wininet.dll
    2009-12-16 18:43:27 343040 -c--a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:08:23 33280 -c--a-w- c:\windows\system32\csrsrv.dll

    ============= FINISH: 17:41:47.81 ===============
    "Attach "

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/25/2010 10:03:48 PM
    System Uptime: 3/10/2010 12:21:08 PM (5 hours ago)

    Motherboard: MicroStar International | | MS-7248-030
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 2992/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 75 GiB total, 66.721 GiB free.
    D: is CDROM ()
    E: is FIXED (FAT32) - 931 GiB total, 873.572 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 1/25/2010 10:11:44 PM - System Checkpoint
    RP2: 1/25/2010 10:53:57 PM - Installed ATI Catalyst Control Center
    RP3: 1/25/2010 7:58:10 PM - Installed Realtek High Definition Audio Driver
    RP4: 1/25/2010 7:58:29 PM - Installed Windows XP KB888111WXPSP2.
    RP5: 1/25/2010 11:11:14 PM - Installed AVG Free 9.0
    RP6: 1/26/2010 8:56:56 AM - Software Distribution Service 3.0
    RP7: 1/26/2010 12:06:28 PM - Avg8 Update
    RP8: 1/26/2010 2:33:32 PM - Software Distribution Service 3.0
    RP9: 1/26/2010 4:29:50 PM - Installed Windows XP WgaNotify.
    RP10: 1/26/2010 5:11:46 PM - Software Distribution Service 3.0
    RP11: 1/26/2010 6:30:57 PM - Software Distribution Service 3.0
    RP12: 1/27/2010 8:33:23 PM - System Checkpoint
    RP13: 1/27/2010 8:50:06 PM - Software Distribution Service 3.0
    RP14: 1/29/2010 6:24:26 PM - System Checkpoint
    RP15: 1/30/2010 7:03:02 PM - System Checkpoint
    RP16: 2/1/2010 5:48:15 PM - System Checkpoint
    RP17: 2/1/2010 5:12:48 PM - System Checkpoint
    RP18: 2/2/2010 7:02:22 PM - System Checkpoint
    RP19: 2/3/2010 7:26:29 PM - System Checkpoint
    RP20: 2/4/2010 8:34:01 PM - System Checkpoint
    RP21: 2/5/2010 9:07:28 PM - System Checkpoint
    RP22: 2/6/2010 2:34:57 PM - Installed QuickTime
    RP23: 2/8/2010 11:01:25 AM - System Checkpoint
    RP24: 2/9/2010 5:49:58 PM - System Checkpoint
    RP25: 2/10/2010 11:09:33 AM - Software Distribution Service 3.0
    RP26: 2/11/2010 1:57:08 PM - System Checkpoint
    RP27: 2/12/2010 8:44:37 PM - System Checkpoint
    RP28: 2/13/2010 9:08:13 PM - System Checkpoint
    RP29: 2/15/2010 1:13:20 PM - System Checkpoint
    RP30: 2/16/2010 2:56:45 PM - System Checkpoint
    RP31: 2/18/2010 2:19:29 PM - System Checkpoint
    RP32: 2/19/2010 4:33:14 PM - Installed VGA USB Camera
    RP33: 2/20/2010 6:06:11 PM - System Checkpoint
    RP34: 2/21/2010 6:59:43 PM - System Checkpoint
    RP35: 2/23/2010 7:09:18 PM - System Checkpoint
    RP36: 2/24/2010 7:58:30 PM - Software Distribution Service 3.0
    RP37: 2/25/2010 8:27:00 PM - System Checkpoint
    RP38: 2/26/2010 8:39:26 PM - System Checkpoint
    RP39: 2/27/2010 9:28:16 PM - System Checkpoint
    RP40: 3/1/2010 12:26:40 AM - System Checkpoint
    RP41: 3/3/2010 9:40:25 PM - System Checkpoint
    RP42: 3/5/2010 1:26:15 PM - System Checkpoint
    RP43: 3/6/2010 3:24:01 AM - Installed CA Desktop DNA Migrator
    RP44: 3/6/2010 3:37:04 AM - Removed AVG Free 9.0
    RP45: 3/6/2010 3:40:14 AM - Installed AVG Free 9.0
    RP46: 3/7/2010 1:04:49 AM - Installed LG USB Modem driver
    RP47: 3/7/2010 1:07:16 AM - Installed LG USB Modem driver
    RP48: 3/7/2010 3:01:05 AM - Software Distribution Service 3.0
    RP49: 3/7/2010 1:32:29 PM - Installed LG USB Modem driver
    RP50: 3/7/2010 1:45:40 PM - Installed LG USB Modem driver
    RP51: 3/7/2010 1:52:50 PM - Installed LG USB Modem driver
    RP52: 3/7/2010 2:00:34 PM - Installed LG USB Modem driver
    RP53: 3/7/2010 4:12:42 PM - Installed LG USB Modem Driver
    RP54: 3/7/2010 4:35:44 PM - Installed LG USB Modem driver
    RP55: 3/7/2010 4:40:40 PM - Installed LG USB Modem driver
    RP56: 3/7/2010 8:11:35 PM - Installed LG USB Modem Driver
    RP57: 3/7/2010 8:42:05 PM - Installed LG USB Modem Driver
    RP58: 3/8/2010 9:40:36 PM - System Checkpoint
    RP59: 3/10/2010 5:22:54 PM - System Checkpoint

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Apple Application Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    CA Anti-Spam
    CA Anti-Spyware
    CA Anti-Virus
    CA Desktop DNA Migrator
    CA Internet Security Suite
    CA Personal Firewall
    CA Pest Patrol Realtime Protection
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    LG USB Modem Driver
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.5.8)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Skype web features
    Skype™ 4.1
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    VGA USB Camera
    VLC media player 1.0.3
    VZAccess Manager
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows XP Service Pack 3
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    3/6/2010 1:05:17 AM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 00151714F40D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    3/3/2010 3:14:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    3/3/2010 3:14:32 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/10/2010 12:25:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WMI Performance Adapter service to connect.
    3/10/2010 12:25:24 PM, error: Service Control Manager [7000] - The WMI Performance Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================
     
    Last edited: 2010/03/10
    Nyzgr8est89,
    #1
  2. 2010/03/10
    wildfire

    wildfire Getting Old

    Joined:
    2008/04/21
    Messages:
    4,649
    Likes Received:
    124
    As indicated at the start of this forum, please *** READ THIS BEFORE POSTING IN THIS FORUM *** then post the requested logs in this thread.

    NOTES:
    When posting the logs ensure word wrap is switched off (in notepad Uncheck Format->Word Wrap) as this makes them difficult to read.

    Be aware that only Malware analysts will advise and they are often busy. Your post will be taken on a first come first served basis but it may take a while before you receive a reply.
     
    wildfire,
    #2


  3. to hide this advert.

  4. 2010/03/10
    JohnB Lifetime Subscription

    JohnB Well-Known Member

    Joined:
    2002/01/07
    Messages:
    856
    Likes Received:
    11
    Hello Nyz and welcome to WindowsBBS. I am sure the malware experts will be on soon and give you some directions as to what to do, but just so you are aware that e-mail that asked for $2000 is a well known scam. What ever else you do DO NOT REPLY TO IT OR GIVE OUT ANY INFORMATION TO THE SENDER OF THAT E-MAIL and above all DO NOT SEND ANY MONEY.

    Hang tough for the malware experts.
     
    JohnB,
    #3
  5. 2010/03/10
    Nyzgr8est89

    Nyzgr8est89 Inactive Thread Starter

    Joined:
    2010/03/10
    Messages:
    7
    Likes Received:
    0
    not sure how to get the "attach" file to attach unless u want it copy and pasted please let me know what i got to do if i need something done.. i appriciate your time.
    *Side note Thanks John B i know it is a scam and so do they but the virus is there and done it seems
     
    Nyzgr8est89,
    #4
  6. 2010/03/10
    wildfire

    wildfire Getting Old

    Joined:
    2008/04/21
    Messages:
    4,649
    Likes Received:
    124
    As the instructions read

    Post it as normal, and a malware specialist will be with you as soon as they can.
     
    wildfire,
    #5
  7. 2010/03/10
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    You will have to download to a separate computer (using a flash drive or other media) and then install to the infected pc.

    Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Download the update from here if you have problems.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    Make sure that you restart the computer.

    =========

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    crunchie,
    #6
  8. 2010/03/10
    Nyzgr8est89

    Nyzgr8est89 Inactive Thread Starter

    Joined:
    2010/03/10
    Messages:
    7
    Likes Received:
    0
    ok sorry added my "attach" ty. and crunchie im using my cpu from home. u want me to download that onto my computer or her dads? cause i cant download anything at all on his cpu and thats where my problem is. im pretty sure u know that.
     
    Nyzgr8est89,
    #7
  9. 2010/03/11
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Download to an ininfected pc, then transfer the executable to the infected pc and install and run it.
     
    crunchie,
    #8
    Nyzgr8est89 likes this.
  10. 2010/03/11
    Nyzgr8est89

    Nyzgr8est89 Inactive Thread Starter

    Joined:
    2010/03/10
    Messages:
    7
    Likes Received:
    0
    Cruncie do u have any further advice? if i am able to install it i would like to do something to the computer while i am there (cause im not there often) are u on often? i wont b going to her house till saturday so ill have mostly all day from idk i wanna say 12pm est time to maybe 9 if im lucky.. and what excatly is otl and whats it do (if u dont mind me asking)
     
    Last edited: 2010/03/11
    Nyzgr8est89,
    #9
  11. 2010/03/11
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    I come on as often as I can and try to get here a little whilst I am at work, but no promises there.
    If you have trouble installing anything in normal mode, go to safe made and attempt it.
    I live in Australia, so time zones are going to be a problem getting on-line together.
    OTL is similar to DDS in that it does a fairly thorough scan (only more so) and it can also be directed to remove anything it finds.
     
    crunchie,
    #10
  12. 2010/03/13
    Nyzgr8est89

    Nyzgr8est89 Inactive Thread Starter

    Joined:
    2010/03/10
    Messages:
    7
    Likes Received:
    0
    ok guys so i can do installations just did malwarebytes anti-malware (im currently using another laptop incase i somehow get hacked on there cpu)heres what displays:
    Malwarebytes' Anti-Malware 1.44
    Database version: 3863
    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    3/13/2010 3:39:51 PM
    mbam-log-2010-03-13 (15-39-51).txt

    Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
    Objects scanned: 244793
    Time elapsed: 46 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    i will b updating this shortly
    now trying antivirus

    Error E9009: Unsupported Operating System - WOW64
    CA Security Center cannot be installed on this operating system.

    My extras are shown below it seems i cant view my OTL that i posted below if u dont see it i apologize let me know if i must repost
     
    Last edited: 2010/03/13
    Nyzgr8est89,
    #11
  13. 2010/03/13
    Nyzgr8est89

    Nyzgr8est89 Inactive Thread Starter

    Joined:
    2010/03/10
    Messages:
    7
    Likes Received:
    0
    OTL logfile created on: 3/13/2010 3:22:54 PM - Run 1
    OTL by OldTimer - Version 3.1.36.1 Folder = I:\
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.48 Gb Total Space | 549.95 Gb Free Space | 94.58% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    Drive I: | 931.28 Gb Total Space | 873.57 Gb Free Space | 93.80% Space Free | Partition Type: FAT32

    Computer Name: CARMAN-PC
    Current User Name: Carman
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/03/11 17:54:44 | 000,554,496 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
    PRC - [2010/03/06 12:56:58 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\realplay.exe
    PRC - [2010/01/26 19:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
    PRC - [2010/01/07 16:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
    PRC - [2009/10/30 10:40:26 | 000,341,504 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
    PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
    PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
    PRC - [2009/10/22 11:56:20 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    PRC - [2009/10/02 14:46:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
    PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
    PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
    PRC - [2009/06/24 20:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2009/06/18 21:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    PRC - [2009/05/05 05:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
    PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/12/04 16:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files (x86)\Digital Line Detect\DLG.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/03/11 17:54:44 | 000,554,496 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
    MOD - [2009/07/13 20:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
    MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2009/11/04 16:47:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
    SRV:64bit: - [2009/10/28 11:50:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV:64bit: - [2009/07/13 20:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
    SRV:64bit: - [2009/07/13 20:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
    SRV:64bit: - [2009/07/13 20:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
    SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
    SRV:64bit: - [2009/07/13 20:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
    SRV:64bit: - [2009/07/13 20:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
    SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
    SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
    SRV:64bit: - [2009/07/13 20:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
    SRV:64bit: - [2009/07/13 20:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
    SRV:64bit: - [2009/07/13 20:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
    SRV:64bit: - [2009/07/13 20:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
    SRV:64bit: - [2009/07/13 20:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
    SRV:64bit: - [2009/07/13 20:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
    SRV:64bit: - [2009/07/13 20:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
    SRV:64bit: - [2009/07/13 20:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
    SRV:64bit: - [2009/07/13 20:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
    SRV:64bit: - [2009/07/13 20:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
    SRV:64bit: - [2009/07/13 20:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
    SRV:64bit: - [2009/07/13 20:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
    SRV:64bit: - [2009/06/14 19:12:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
    SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
    SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe -- (MpfService)
    SRV - [2009/10/02 14:46:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
    SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
    SRV - [2009/09/24 11:30:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
    SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
    SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/13 15:30:11 | 000,061,056 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
    SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
    SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
    SRV - [2009/06/10 15:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
    SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
    SRV - [2009/05/05 05:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms)
    SRV - [2009/04/29 11:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
    SRV - [2008/12/04 16:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RealTray] C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
    O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
    O4 - Startup: C:\Users\Carman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab (CPlayFirstSweetopiaControl Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ipp - No CLSID value found
    O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2009/08/08 12:41:00 | 000,000,000 | ---D | M] - I:\autorun -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*

    NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
    NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
    NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
    NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
    NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
    NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
    NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
    OTL cannot create restorepoints on Vista OSs!

    ========== Files/Folders - Created Within 14 Days ==========

    [2010/03/13 13:59:49 | 000,000,000 | ---D | C] -- C:\Users\Carman\AppData\Roaming\Malwarebytes
    [2010/03/13 13:59:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/03/13 13:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/03/13 13:59:43 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/03/13 13:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/03/13 13:55:18 | 000,000,000 | ---D | C] -- C:\Users\Carman\AppData\Roaming\WinRAR
    [2010/03/13 13:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
    [2010/03/12 19:01:25 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2010/03/09 17:51:00 | 000,000,000 | ---D | C] -- C:\Users\Carman\AppData\Local\ElevatedDiagnostics
    [2010/03/09 17:48:38 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2010/03/09 15:15:51 | 000,000,000 | ---D | C] -- C:\Users\Carman\AppData\Local\Dell Edoc Viewer
    [2010/03/06 15:48:14 | 000,000,000 | ---D | C] -- C:\Users\Carman\Desktop\AOL Saved PFC
    [2010/03/06 12:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\aolback
    [2010/03/06 12:58:17 | 000,000,000 | ---D | C] -- C:\Install ICQ
    [2010/03/06 12:58:13 | 000,000,000 | ---D | C] -- C:\Install iTunes
    [2010/03/06 12:58:12 | 000,000,000 | ---D | C] -- C:\Install AOL Communicator
    [2010/03/06 12:58:07 | 000,000,000 | ---D | C] -- C:\AOL Instant Messenger
    [2010/03/06 12:58:05 | 000,000,000 | ---D | C] -- C:\aolextras
    [2010/03/06 12:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
    [2010/03/06 12:57:57 | 000,102,400 | ---- | C] (4Developers LLC) -- C:\Windows\SysWow64\SimpleRegistry.dll
    [2010/03/06 12:57:57 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\Windows\SysWow64\aamd532.dll
    [2010/03/06 12:57:51 | 000,000,000 | ---D | C] -- C:\Users\Carman\AppData\Roaming\You've Got Pictures Screensaver
    [2010/03/06 12:57:51 | 000,000,000 | ---D | C] -- C:\Windows\occache
    [2010/03/06 12:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Learn2.com
    [2010/03/06 12:57:25 | 000,086,016 | ---- | C] (MindVision) -- C:\Windows\unvise32qt.exe
    [2010/03/06 12:57:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
    [2010/03/06 12:57:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2010/03/06 12:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime
    [2010/03/06 12:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nullsoft
    [2010/03/06 12:57:04 | 000,000,000 | ---D | C] -- C:\My Music
    [2010/03/06 12:56:59 | 000,157,696 | ---- | C] (RealNetworks) -- C:\Windows\SysWow64\rmoc3260.dll
    [2010/03/06 12:56:56 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
    [2010/03/06 12:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
    [2010/03/06 12:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
    [2010/03/06 12:56:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AOL Downloads
    [2010/03/06 12:56:32 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\Windows\SysWow64\roboex32.dll
    [2010/03/06 12:56:32 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\Inetwh32.dll
    [2010/03/06 12:56:32 | 000,029,184 | ---- | C] (Blue Sky Software) -- C:\Windows\SysWow64\popup.ocx
    [2010/03/06 12:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL

    ========== Files - Modified Within 14 Days ==========

    [2010/03/13 15:25:38 | 002,359,296 | -HS- | M] () -- C:\Users\Carman\NTUSER.DAT
    [2010/03/13 13:59:48 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/03/13 13:55:02 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/03/13 13:55:02 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/03/13 13:51:56 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/03/13 13:51:56 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/03/13 13:51:56 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/03/13 13:48:11 | 000,013,783 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
    [2010/03/13 13:47:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/03/13 13:47:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/03/13 13:47:23 | 3019,202,560 | -HS- | M] () -- C:\hiberfil.sys
    [2010/03/06 15:48:36 | 000,000,499 | ---- | M] () -- C:\Windows\win.ini
    [2010/03/06 15:48:14 | 000,000,004 | ---- | M] () -- C:\Windows\msoffice.ini
    [2010/03/06 12:58:26 | 000,001,270 | -H-- | M] () -- C:\IPH.PH
    [2010/03/06 12:58:25 | 000,001,016 | ---- | M] () -- C:\Windows\aolback.exe.lnk
    [2010/03/06 12:57:15 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/03/06 12:57:06 | 000,157,696 | ---- | M] (RealNetworks) -- C:\Windows\SysWow64\rmoc3260.dll
    [2010/03/06 12:56:56 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll

    ========== Files Created - No Company Name ==========

    [2010/03/13 13:59:48 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/03/06 12:58:25 | 000,001,016 | ---- | C] () -- C:\Windows\aolback.exe.lnk
    [2010/03/06 12:57:15 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/03/06 12:55:07 | 000,001,270 | -H-- | C] () -- C:\IPH.PH
    [2010/02/23 12:56:22 | 000,000,004 | ---- | C] () -- C:\Windows\msoffice.ini
    [2010/02/10 20:28:55 | 000,417,792 | ---- | C] () -- C:\Windows\SysWow64\fxdb.dll
    [2010/02/10 20:27:44 | 001,213,440 | ---- | C] () -- C:\Windows\SysWow64\opengl.dll
    [2010/02/10 20:27:43 | 000,315,904 | ---- | C] () -- C:\Windows\SysWow64\glu.dll
    [2010/02/10 20:27:43 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\glut.dll
    [2010/01/27 20:48:20 | 000,000,000 | R--- | C] () -- C:\Users\Carman\AppData\Roaming\wklnhst.dat
    [2009/11/29 09:01:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

    ========== LOP Check ==========

    [2010/01/27 20:48:21 | 000,000,000 | ---D | M] -- C:\Users\Carman\AppData\Roaming\Template
    [2010/02/01 18:33:49 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
    [2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
    [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
    [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
    [2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

    < MD5 for: IASTORV.SYS >
    [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
    [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
    [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
    [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
    [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
    [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
    [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
    [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
    [2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2009/07/13 20:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
    [2009/07/13 20:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
    [2009/07/13 20:15:28 | 000,186,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\iepeers.dll

    < %systemroot%\System32\config\*.sav >
    < End of report >
     
    Nyzgr8est89,
    #12
  14. 2010/03/13
    Nyzgr8est89

    Nyzgr8est89 Inactive Thread Starter

    Joined:
    2010/03/10
    Messages:
    7
    Likes Received:
    0
    OTL Extras logfile created on: 3/13/2010 3:22:54 PM - Run 1
    OTL by OldTimer - Version 3.1.36.1 Folder = I:\
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.48 Gb Total Space | 549.95 Gb Free Space | 94.58% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    Drive I: | 931.28 Gb Total Space | 873.57 Gb Free Space | 93.80% Space Free | Partition Type: FAT32

    Computer Name: CARMAN-PC
    Current User Name: Carman
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
    "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
    "{F6E2FA73-B2A7-8223-98EC-685E2E8F6CE0}" = ccc-utility64
    "CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{0A169B94-4AF2-AD4B-1265-E1074A347418}" = Catalyst Control Center Core Implementation
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{0F15BB9F-7E5E-A355-FA8E-C2164726E577}" = CCC Help Portuguese
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
    "{277832E3-0A34-C91C-D344-2FED4C847397}" = CCC Help German
    "{279355E6-EE94-A7A5-F6B5-2903748443AE}" = Catalyst Control Center Graphics Full New
    "{290AC453-D1F4-F73B-F01C-0018BC10B62B}" = ccc-core-static
    "{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
    "{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
    "{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}" = Dell Communications (Support Software)
    "{39A3C9DD-457C-5BF1-4B2D-A76927264B26}" = CCC Help Dutch
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
    "{5AC4AE26-732F-40DE-CC6C-A4BFC2142BF8}" = CCC Help English
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{665B3CA4-DAB1-D27E-6727-0BEF6593E882}" = CCC Help Greek
    "{674AD787-B463-ED3E-CCA8-4F49A9C1785D}" = Catalyst Control Center Localization All
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{7009600B-85C8-5D83-1101-6446540F1897}" = Catalyst Control Center Graphics Previews Common
    "{7305AE01-CD11-18B5-DC5F-B1A2960935C3}" = CCC Help Polish
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{83BBF5E6-004F-1DBA-EC29-1033B675831B}" = CCC Help Thai
    "{8508FB72-89A3-41FD-DE33-9EEBFB298947}" = CCC Help Italian
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{97835E04-BA21-6878-768F-1B84EA2ADAC1}" = CCC Help Norwegian
    "{A192CA8A-5259-ECD5-1564-AB715B722432}" = CCC Help Japanese
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
    "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
    "{B31327DF-2B59-F072-8B44-79CDE915D75E}" = CCC Help Danish
    "{B41423C9-C260-F8C8-39DD-541400ECF367}" = CCC Help French
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C6CBE669-DDCA-DB7F-236D-18B20BEFF1B5}" = CCC Help Chinese Traditional
    "{CA7D81F8-5661-3D97-F6B0-5E0993511A5D}" = CCC Help Finnish
    "{D069C7EF-001B-5378-9F71-F005DE42E255}" = Catalyst Control Center Graphics Light
    "{D2A7D7D8-1E27-8464-6666-44B6FB83B3FC}" = CCC Help Czech
    "{D86DE1ED-9BF1-6101-6D08-2D762B28D8C8}" = CCC Help Korean
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{E1A8F958-D748-63DD-F2D2-82BE71B0F905}" = CCC Help Hungarian
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E40A74A2-D821-2442-CCA3-75C54964D525}" = Catalyst Control Center Graphics Full Existing
    "{E43ACD6B-0E7E-4F4C-0BA8-999FCB5FC5B9}" = CCC Help Chinese Standard
    "{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E9684BDD-32A6-550C-6456-0A4209EB4F3A}" = CCC Help Russian
    "{F05F2DB5-4300-C318-4560-08CD9E35F512}" = CCC Help Spanish
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F1D038D6-6229-AA2E-A8D1-43EED2CBF0BD}" = CCC Help Swedish
    "{F322850C-6CCB-FC54-D36D-0F4E1CC90CBF}" = Skins
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{F527F14E-B80A-5BE7-DC85-8BF2D172067F}" = CCC Help Turkish
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "{FF4F3E30-6638-6A16-2A68-139F6C613233}" = Catalyst Control Center Graphics Previews Vista
    "{FFB07785-9FC3-334F-A54F-AC8D5B471EAE}" = Catalyst Control Center InstallProxy
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AnswerWorks" = AnswerWorks Runtime
    "AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
    "Corel Applications" = Corel Applications
    "GoToAssist" = GoToAssist 8.0.0.514
    "InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MSC" = McAfee SecurityCenter
    "QuickTime" = QuickTime
    "RealPlayer 6.0" = RealPlayer Basic
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/13/2010 4:17:00 PM | Computer Name = Carman-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Faulting module name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Exception code: 0xc0000005 Fault offset: 0x0000ffd9 Faulting process
    id: 0x1138 Faulting application start time: 0x01cac2ea23265ce5 Faulting application
    path: C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Faulting module path:
    C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Report Id: 60d7aa86-2edd-11df-9885-0024e82c76ea

    Error - 3/13/2010 4:17:00 PM | Computer Name = Carman-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Faulting module name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Exception code: 0xc0000005 Fault offset: 0x0000ffd9 Faulting process
    id: 0xca4 Faulting application start time: 0x01cac2ea23408c08 Faulting application
    path: C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Faulting module path:
    C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Report Id: 60f69c69-2edd-11df-9885-0024e82c76ea

    Error - 3/13/2010 4:17:00 PM | Computer Name = Carman-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Faulting module name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Exception code: 0xc0000005 Fault offset: 0x0000ffd9 Faulting process
    id: 0xe4c Faulting application start time: 0x01cac2ea235f7deb Faulting application
    path: C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Faulting module path:
    C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Report Id: 61132cec-2edd-11df-9885-0024e82c76ea

    Error - 3/13/2010 4:17:00 PM | Computer Name = Carman-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Faulting module name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Exception code: 0xc0000005 Fault offset: 0x0000ffd9 Faulting process
    id: 0x1298 Faulting application start time: 0x01cac2ea2379ad0e Faulting application
    path: C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Faulting module path:
    C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Report Id: 612d5c0f-2edd-11df-9885-0024e82c76ea

    Error - 3/13/2010 4:17:00 PM | Computer Name = Carman-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Faulting module name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Exception code: 0xc0000005 Fault offset: 0x0000ffd9 Faulting process
    id: 0xdf8 Faulting application start time: 0x01cac2ea239b0051 Faulting application
    path: C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Faulting module path:
    C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Report Id: 614c4df2-2edd-11df-9885-0024e82c76ea

    Error - 3/13/2010 4:17:01 PM | Computer Name = Carman-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Faulting module name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Exception code: 0xc0000005 Fault offset: 0x0000ffd9 Faulting process
    id: 0x7c0 Faulting application start time: 0x01cac2ea23b9f234 Faulting application
    path: C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Faulting module path:
    C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Report Id: 616b3fd5-2edd-11df-9885-0024e82c76ea

    Error - 3/13/2010 4:17:01 PM | Computer Name = Carman-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Faulting module name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Exception code: 0xc0000005 Fault offset: 0x0000ffd9 Faulting process
    id: 0xc18 Faulting application start time: 0x01cac2ea23e26998 Faulting application
    path: C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Faulting module path:
    C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Report Id: 6193b739-2edd-11df-9885-0024e82c76ea

    Error - 3/13/2010 4:17:01 PM | Computer Name = Carman-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Faulting module name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Exception code: 0xc0000005 Fault offset: 0x0000ffd9 Faulting process
    id: 0xde8 Faulting application start time: 0x01cac2ea23fc98bb Faulting application
    path: C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Faulting module path:
    C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Report Id: 61ade65c-2edd-11df-9885-0024e82c76ea

    Error - 3/13/2010 4:17:04 PM | Computer Name = Carman-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Faulting module name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Exception code: 0xc0000005 Fault offset: 0x0000ffd9 Faulting process
    id: 0xee8 Faulting application start time: 0x01cac2ea259f8ae6 Faulting application
    path: C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Faulting module path:
    C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Report Id: 6350d887-2edd-11df-9885-0024e82c76ea

    Error - 3/13/2010 4:17:04 PM | Computer Name = Carman-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Faulting module name: wltuser.exe, version: 14.0.8052.1208, time
    stamp: 0x493dc2be Exception code: 0xc0000005 Fault offset: 0x0000ffd9 Faulting process
    id: 0xf18 Faulting application start time: 0x01cac2ea25bc1b69 Faulting application
    path: C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Faulting module path:
    C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe Report Id: 636d690a-2edd-11df-9885-0024e82c76ea

    [ System Events ]
    Error - 3/9/2010 6:49:57 PM | Computer Name = Carman-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/9/2010 6:49:58 PM | Computer Name = Carman-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/9/2010 6:49:58 PM | Computer Name = Carman-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/9/2010 6:49:58 PM | Computer Name = Carman-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/9/2010 6:49:58 PM | Computer Name = Carman-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/9/2010 6:49:58 PM | Computer Name = Carman-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/9/2010 6:49:58 PM | Computer Name = Carman-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/9/2010 6:50:08 PM | Computer Name = Carman-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/9/2010 6:51:07 PM | Computer Name = Carman-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/12/2010 5:32:53 AM | Computer Name = Carman-PC | Source = Service Control Manager | ID = 7000
    Description = The McAfee Inc. mferkdk service failed to start due to the following
    error: %%127


    < End of report >
     
    Nyzgr8est89,
    #13
  15. 2010/03/13
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!

    Let me know how the pc is now.
     
    crunchie,
    #14

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...