WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] Computer does not shutdown properly, Vundo---

Started by TJS12 , Nov 05 2009 07:40 AM

This topic is locked

25 replies to this topic

#1 TJS12

New Member

Authentic Member
17 posts

Posted 05 November 2009 - 07:40 AM

My new computer (under 3 months) is exhibiting a host of problems that all started last week. 1. It hangs during shutdown. 2. It cannot startup in safe mode. It gives me an error msg and the screen turns all blue. 3. I have a popups, but infrequently. 4. I scanned with superantispyware, and found vundo. Tried to remove using superantispyware, and now I get like 30 msgs when I startup the computer that various .dll files have a bad image. And still have vundo, of course... I cannot system restore to an early date, since the computer hangs during shutdown. Please help!!!!

Advertisements

Register to Remove

#2 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 06 November 2009 - 12:12 AM

Hi TJS12, welcome to the forum.

To make cleaning this machine easier

Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Please note if you are a Vista user, you will need to right click on the EXE and chose Run as Administrator instead of double clicking.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop

Download OTListIt2 to your desktop.

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please post back with

GMER logs
both OTL logs

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#3 TJS12

New Member

Authentic Member
17 posts

Posted 06 November 2009 - 04:22 AM

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-06 04:20:29
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\CFMEAS~1\LOCALS~1\Temp\uwldqpow.sys

---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xBA5E9D72]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xBA5CA9A6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xBA5CAB98]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xBA5EA568]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xBA5EA820]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xBA5E8A80]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xBA5EAC8A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xBA5EA036]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAF3C70B0]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00930001
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[352] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01400001
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[352] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[352] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe[352] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe[436] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 034F0001
.text C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe[436] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe[436] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe[436] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\DellTPad\Apoint.exe[496] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[584] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013C0001
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[584] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[584] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[584] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[644] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EA0001
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[644] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[644] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[644] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\DellTPad\HidFind.exe[832] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\System32\alg.exe[848] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\msiexec.exe[892] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[908] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\winlogon.exe[944] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01ED0001
.text C:\WINDOWS\system32\winlogon.exe[944] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[944] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[944] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DB0001
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013E0001
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1004] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01310001
.text C:\Program Files\Java\jre6\bin\jqs.exe[1004] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1004] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1004] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1016] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F30001
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1232] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01460001
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1232] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1232] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1232] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[1256] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F40001
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02850001
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[1408] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008E0001
.text C:\WINDOWS\system32\nvsvc32.exe[1408] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[1408] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\nvsvc32.exe[1408] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C20001
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A40001
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe[1512] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe[1516] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\PC Tools AntiVirus\PCTAV.exe[1540] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\WLTRAY.exe[1624] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[1636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 011D0001
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[1636] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[1636] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[1636] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe[1656] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\bcmwltry.exe[1732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 017C0001
.text C:\WINDOWS\System32\bcmwltry.exe[1732] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\bcmwltry.exe[1732] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\bcmwltry.exe[1732] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1780] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A10001
.text C:\WINDOWS\system32\spoolsv.exe[1780] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1780] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1780] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text c:\drivers\audio\r213367\stacsv.exe[1824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01840001
.text c:\drivers\audio\r213367\stacsv.exe[1824] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text c:\drivers\audio\r213367\stacsv.exe[1824] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text c:\drivers\audio\r213367\stacsv.exe[1824] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1844] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[1896] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01380001
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[1896] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[1896] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe[1896] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1944] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001
.text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1944] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1944] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[1944] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[1956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00670001
.text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[1956] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[1956] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[1956] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[1972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00720001
.text C:\WINDOWS\System32\SCardSvr.exe[1972] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[1972] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\SCardSvr.exe[1972] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\DellTPad\Apntex.exe[2000] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\DellTPad\ApMsgFwd.exe[2040] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\Explorer.exe[2104] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe[2148] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\IDT\WDM\sttray.exe[2172] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012A0001
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2220] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\AESTFltr.exe[2228] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DE0001
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2392] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EC0001
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2392] KERNEL32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2392] KERNEL32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[2392] KERNEL32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe[2568] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\SearchIndexer.exe[2624] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 0E280001
.text C:\WINDOWS\system32\SearchIndexer.exe[2624] kernel32.dll!GetStartupInfoA 7C801EF2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[2624] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[2624] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2624] kernel32.dll!GetCommandLineA 7C812FBD 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2948] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\OA001Mon.exe[3108] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3136] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3144] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[3392] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\alg.exe[848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00BB59DA
IAT C:\WINDOWS\System32\alg.exe[848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00BB58C5
IAT C:\WINDOWS\System32\alg.exe[848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00BB5860
IAT C:\WINDOWS\System32\alg.exe[848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00BB582E
IAT C:\WINDOWS\System32\alg.exe[848] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00BB5C9F
IAT C:\WINDOWS\System32\alg.exe[848] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00BB5F49
IAT C:\WINDOWS\System32\alg.exe[848] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00BB59DA
IAT C:\WINDOWS\System32\alg.exe[848] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 00BB54E1
IAT C:\WINDOWS\System32\alg.exe[848] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00BB5F49
IAT C:\WINDOWS\System32\alg.exe[848] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00BB5C9F
IAT C:\WINDOWS\System32\alg.exe[848] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 00BB54E1
IAT C:\WINDOWS\System32\alg.exe[848] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00BB5F49
IAT C:\WINDOWS\System32\alg.exe[848] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 00BB54E1
IAT C:\WINDOWS\System32\alg.exe[848] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 00BB54E1
IAT C:\WINDOWS\system32\msiexec.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004059DA
IAT C:\WINDOWS\system32\msiexec.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004058C5
IAT C:\WINDOWS\system32\msiexec.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405860
IAT C:\WINDOWS\system32\msiexec.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040582E
IAT C:\WINDOWS\system32\msiexec.exe[892] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405C9F
IAT C:\WINDOWS\system32\msiexec.exe[892] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405F49
IAT C:\WINDOWS\system32\msiexec.exe[892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 004054E1
IAT C:\WINDOWS\system32\msiexec.exe[892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405F49
IAT C:\WINDOWS\system32\msiexec.exe[892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405C9F
IAT C:\WINDOWS\system32\msiexec.exe[892] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 004054E1
IAT C:\WINDOWS\system32\msiexec.exe[892] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405F49
IAT C:\WINDOWS\system32\msiexec.exe[892] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 004054E1
IAT C:\WINDOWS\system32\msiexec.exe[892] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 004054E1
IAT C:\WINDOWS\system32\msiexec.exe[892] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004059DA
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 000459DA
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 000459DA
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000458C5
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00045860
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0004582E
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 000454E1
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 000459DA
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00045C9F
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00045F49
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!EndDialog] 000454E1
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00045F49
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00045C9F
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 000454E1
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00045F49
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 000454E1
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 011459DA
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 011458C5
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01145860
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0114582E
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 011458C5
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 011459DA
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 011458C5
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 01145860
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 01145C9F
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 01145F49
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 011454E1
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01145F49
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01145C9F
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 011454E1
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01145F49
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 011454E1
IAT C:\WINDOWS\system32\lsass.exe[1000] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 011454E1
IAT C:\WINDOWS\system32\svchost.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00FC582E
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 012559DA
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 012558C5
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01255860
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0125582E
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[1232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 01255C9F
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[1232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 01255F49
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[1232] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 012554E1
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[1232] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01255F49
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[1232] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 012554E1
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[1232] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01255F49
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[1232] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01255C9F
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[1232] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 012559DA
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[1232] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 012554E1
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[1232] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 012554E1
IAT C:\WINDOWS\system32\svchost.exe[1284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00CE59DA
IAT C:\WINDOWS\system32\svchost.exe[1284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00CE58C5
IAT C:\WINDOWS\system32\svchost.exe[1284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00CE5860
IAT C:\WINDOWS\system32\svchost.exe[1284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00CE582E
IAT C:\WINDOWS\system32\svchost.exe[1284] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00CE5C9F
IAT C:\WINDOWS\system32\svchost.exe[1284] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00CE5F49
IAT C:\WINDOWS\system32\svchost.exe[1284] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 00CE54E1
IAT C:\WINDOWS\system32\svchost.exe[1284] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00CE5F49
IAT C:\WINDOWS\system32\svchost.exe[1284] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00CE5C9F
IAT C:\WINDOWS\system32\svchost.exe[1284] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 00CE54E1
IAT C:\WINDOWS\system32\svchost.exe[1284] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00CE5F49
IAT C:\WINDOWS\system32\svchost.exe[1284] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 00CE54E1
IAT C:\WINDOWS\system32\svchost.exe[1284] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00CE59DA
IAT C:\WINDOWS\system32\svchost.exe[1284] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 00CE54E1
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 027B59DA
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 027B58C5
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 027B5860
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 027B582E
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 027B5C9F
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 027B5F49
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 027B54E1
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 027B5F49
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 027B5C9F
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 027B54E1
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 027B5F49
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 027B54E1
IAT C:\WINDOWS\System32\svchost.exe[1324] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 027B59DA
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EndDialog] 027B54E1
IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 019F59DA
IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 019F58C5
IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 019F5860
IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 019F582E
IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 019F54E1
IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 019F5F49
IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 019F5C9F
IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 019F54E1
IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 019F5F49
IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 019F5C9F
IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 019F5F49
IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!EndDialog] 019F54E1
IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] @ C:\WINDOWS\system32\userenv.dll [USER32.dll!EndDialog] 019F54E1
IAT C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2184] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 019F59DA
IAT C:\WINDOWS\system32\SearchIndexer.exe[2624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0E0359DA
IAT C:\WINDOWS\system32\SearchIndexer.exe[2624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0E0358C5
IAT C:\WINDOWS\system32\SearchIndexer.exe[2624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0E035860
IAT C:\WINDOWS\system32\SearchIndexer.exe[2624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0E03582E
IAT C:\WINDOWS\system32\SearchIndexer.exe[2624] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0E035C9F
IAT C:\WINDOWS\system32\SearchIndexer.exe[2624] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0E035F49
IAT C:\WINDOWS\system32\SearchIndexer.exe[2624] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 0E0354E1
IAT C:\WINDOWS\system32\SearchIndexer.exe[2624] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0E035F49
IAT C:\WINDOWS\system32\SearchIndexer.exe[2624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 0E0354E1
IAT C:\WINDOWS\system32\SearchIndexer.exe[2624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0E035F49
IAT C:\WINDOWS\system32\SearchIndexer.exe[2624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0E035C9F
IAT C:\WINDOWS\system32\SearchIndexer.exe[2624] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 0E0354E1
IAT C:\WINDOWS\system32\SearchIndexer.exe[2624] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0E0359DA
IAT C:\WINDOWS\system32\SearchIndexer.exe[2624] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 0E0354E1
IAT C:\WINDOWS\System32\svchost.exe[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004059DA
IAT C:\WINDOWS\System32\svchost.exe[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004058C5
IAT C:\WINDOWS\System32\svchost.exe[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405860
IAT C:\WINDOWS\System32\svchost.exe[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040582E
IAT C:\WINDOWS\System32\svchost.exe[3404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405C9F
IAT C:\WINDOWS\System32\svchost.exe[3404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405F49
IAT C:\WINDOWS\System32\svchost.exe[3404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 004054E1
IAT C:\WINDOWS\System32\svchost.exe[3404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405F49
IAT C:\WINDOWS\System32\svchost.exe[3404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405C9F
IAT C:\WINDOWS\System32\svchost.exe[3404] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 004054E1
IAT C:\WINDOWS\System32\svchost.exe[3404] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405F49
IAT C:\WINDOWS\System32\svchost.exe[3404] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!EndDialog] 004054E1
IAT C:\WINDOWS\System32\svchost.exe[3404] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 004054E1
IAT C:\WINDOWS\System32\svchost.exe[3404] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004059DA
IAT C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001359DA
IAT C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001358C5
IAT C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135860
IAT C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013582E
IAT C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3552] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135C9F
IAT C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3552] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135F49
IAT C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 001354E1
IAT C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135F49
IAT C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 001354E1
IAT C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135F49
IAT C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135C9F
IAT C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3552] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001359DA
IAT C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3552] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 001354E1
IAT C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3552] @ C:\WINDOWS\system32\userenv.dll [USER32.dll!EndDialog] 001354E1
IAT C:\WINDOWS\system32\wscntfy.exe[3872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004059DA
IAT C:\WINDOWS\system32\wscntfy.exe[3872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004058C5
IAT C:\WINDOWS\system32\wscntfy.exe[3872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405860
IAT C:\WINDOWS\system32\wscntfy.exe[3872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040582E
IAT C:\WINDOWS\system32\wscntfy.exe[3872] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 004054E1
IAT C:\WINDOWS\system32\wscntfy.exe[3872] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405F49
IAT C:\WINDOWS\system32\wscntfy.exe[3872] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405C9F
IAT C:\WINDOWS\system32\wscntfy.exe[3872] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 004054E1
IAT C:\WINDOWS\system32\wscntfy.exe[3872] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405F49
IAT C:\WINDOWS\system32\wscntfy.exe[3872] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 004054E1
IAT C:\WINDOWS\system32\wscntfy.exe[3872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405C9F
IAT C:\WINDOWS\system32\wscntfy.exe[3872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405F49
IAT C:\WINDOWS\system32\wscntfy.exe[3872] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004059DA
IAT C:\WINDOWS\system32\wscntfy.exe[3872] @ C:\WINDOWS\system32\userenv.dll [USER32.dll!EndDialog] 004054E1
IAT C:\WINDOWS\system32\SearchFilterHost.exe[4188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004059DA
IAT C:\WINDOWS\system32\SearchFilterHost.exe[4188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004058C5
IAT C:\WINDOWS\system32\SearchFilterHost.exe[4188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405860
IAT C:\WINDOWS\system32\SearchFilterHost.exe[4188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040582E
IAT C:\WINDOWS\system32\SearchFilterHost.exe[4188] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405C9F
IAT C:\WINDOWS\system32\SearchFilterHost.exe[4188] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405F49
IAT C:\WINDOWS\system32\SearchFilterHost.exe[4188] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!EndDialog] 004054E1
IAT C:\WINDOWS\system32\SearchFilterHost.exe[4188] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405F49
IAT C:\WINDOWS\system32\SearchFilterHost.exe[4188] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!EndDialog] 004054E1
IAT C:\WINDOWS\system32\SearchFilterHost.exe[4188] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405F49
IAT C:\WINDOWS\system32\SearchFilterHost.exe[4188] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405C9F
IAT C:\WINDOWS\system32\SearchFilterHost.exe[4188] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!EndDialog] 004054E1
IAT C:\WINDOWS\system32\SearchFilterHost.exe[4188] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004059DA
IAT C:\WINDOWS\system32\SearchFilterHost.exe[4188] @ C:\WINDOWS\system32\userenv.dll [USER32.dll!EndDialog] 004054E1

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVRec.sys (PC Tools Recognizer Driver for Windows 2000/XP/PC Tools Research Pty Ltd )

Device \FileSystem\Fastfat \Fat A9CFED20
Device \FileSystem\Fastfat \Fat A9D029F2

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----

#4 TJS12

New Member

Authentic Member
17 posts

Posted 06 November 2009 - 04:23 AM

#5 TJS12

New Member

Authentic Member
17 posts

Posted 06 November 2009 - 04:24 AM

OTL logfile created on: 11/6/2009 4:23:42 AM - Run 1
OTL by OldTimer - Version 3.1.3.4 Folder = C:\Documents and Settings\CFM East\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 2.85 Gb Available in Paging File | 71.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.70 Gb Total Space | 207.88 Gb Free Space | 89.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CFMEAST
Current User Name: CFM East
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\CFM East\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
PRC - C:\WINDOWS\system32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
PRC - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
PRC - C:\Program Files\PC Tools AntiVirus\PCTAV.exe (PC Tools Research Pty Ltd)
PRC - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd)
PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\OA001Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
PRC - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\CFM East\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (wltrysvc) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (PCTAVSvc) -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd)
SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
SRV - (dcpsysmgrsvc) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV - (STacSV) -- c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (OA001Ufd) -- C:\WINDOWS\system32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (OA001Vid) -- C:\WINDOWS\system32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (OA001Afx) -- C:\WINDOWS\system32\drivers\OA001Afx.sys (Creative Technology Ltd.)
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (e1yexpress) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (AVRec) -- C:\WINDOWS\system32\drivers\AVRec.sys (PC Tools Research Pty Ltd )
DRV - (AVHook) -- C:\WINDOWS\system32\drivers\AVHook.sys (PC Tools Research Pty Ltd.)
DRV - (AVFilter) -- C:\WINDOWS\system32\drivers\AVFilter.sys (PC Tools Research Pty Ltd)
DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/28 00:10:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/15 02:00:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/05 05:32:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/05 05:31:55 | 00,000,000 | ---D | M]

[2009/11/05 05:32:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CFM East\Application Data\Mozilla\Extensions
[2009/11/05 05:32:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CFM East\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/05 05:33:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CFM East\Application Data\Mozilla\Firefox\Profiles\28wjzkua.default\extensions
[2009/11/05 05:33:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CFM East\Application Data\Mozilla\Firefox\Profiles\28wjzkua.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/05 05:31:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/05 05:31:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/16 15:08:14 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/16 15:08:15 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/16 15:08:16 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/10/16 12:58:44 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/16 12:58:44 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/16 12:58:44 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/16 12:58:44 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/16 12:58:44 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/16 12:58:44 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/16 12:58:44 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OA001Mon] C:\WINDOWS\OA001Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCTAVApp] C:\Program Files\PC Tools AntiVirus\PCTAV.exe (PC Tools Research Pty Ltd)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [siluyidez] C:\WINDOWS\System32\lumimane.DLL ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8A177687-28EB-48DB-9CCB-5C5254D10568} file://D:\setup\Requirements\EduSpeak.EduSpeakX\EduSpeakX.cab (EduSpeak Recognizer ActiveX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.14.50.1 195.14.50.21
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (vupeteho.dll) - C:\WINDOWS\System32\vupeteho.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\lumimane.dll) - C:\WINDOWS\system32\lumimane.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (logon.exe) - C:\WINDOWS\System32\logon.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: vonidayej - {59525165-7be5-45e0-8a3f-5ede338f846f} - C:\WINDOWS\system32\lumimane.dll ()
O22 - SharedTaskScheduler: {59525165-7be5-45e0-8a3f-5ede338f846f} - jugezatag - C:\WINDOWS\system32\lumimane.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/26 09:56:54 | 00,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/04/25 16:29:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/06 03:07:40 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2009/11/05 17:42:24 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\%USERPROFILE%
[2009/11/05 08:36:26 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/11/05 05:57:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/05 05:57:03 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/11/05 05:57:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\Application Data\SUPERAntiSpyware.com
[2009/11/05 05:56:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/05 05:51:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\Application Data\Malwarebytes
[2009/11/05 05:51:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/05 05:51:41 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/05 05:51:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/05 05:51:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/05 05:46:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\Application Data\PC Tools
[2009/11/05 05:44:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/05 05:44:47 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/11/05 05:44:47 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/11/05 05:44:40 | 00,028,560 | ---- | C] (PC Tools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\AVHook.sys
[2009/11/05 05:44:40 | 00,021,904 | ---- | C] (PC Tools Research Pty Ltd) -- C:\WINDOWS\System32\drivers\AVFilter.sys
[2009/11/05 05:44:40 | 00,021,904 | ---- | C] (PC Tools Research Pty Ltd ) -- C:\WINDOWS\System32\drivers\AVRec.sys
[2009/11/05 05:44:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/11/05 05:44:32 | 00,000,000 | ---D | C] -- C:\Program Files\PC Tools AntiVirus
[2009/11/05 05:44:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/11/05 05:40:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\My Documents\Downloads
[2009/11/05 05:32:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\Local Settings\Application Data\Mozilla
[2009/11/05 05:32:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\Application Data\Mozilla
[2009/11/05 05:31:55 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/11/05 05:28:17 | 00,092,019 | ---- | C] (Mozilla) -- C:\Documents and Settings\CFM East\Desktop\Firefox Setup 3.5.4.exe
[2009/11/04 12:32:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/11/01 08:26:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\Local Settings\Application Data\Temp
[2009/10/30 11:49:28 | 00,013,696 | ---- | C] (Skyhook Wireless) -- C:\WINDOWS\System32\drivers\wpsnuio.sys
[2009/10/30 11:49:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\Local Settings\Application Data\Skyhook Wireless
[2009/10/29 09:00:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/10/28 14:36:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\TOSHIBA
[2009/10/26 17:40:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2009/10/26 17:39:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2009/10/26 17:25:28 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/26 16:48:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\Desktop\BASE & OPTION 1 BID package
[2009/10/26 16:43:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/10/26 16:38:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\My Documents\Former Desktop Files
[2009/10/26 15:55:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\My Documents\my documents
[2009/10/26 14:22:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\Local Settings\Application Data\CutePDF Writer
[2009/10/26 14:11:56 | 00,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2009/10/26 14:10:03 | 00,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2009/10/26 10:56:42 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2009/10/26 10:55:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\Desktop\Work Folder
[2009/10/26 10:55:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009/10/26 10:19:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/10/26 10:18:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2009/10/26 10:18:37 | 00,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2010
[2009/10/26 10:18:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\Local Settings\Application Data\Autodesk
[2009/10/26 10:18:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\Application Data\Autodesk
[2009/10/26 10:18:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/10/26 10:18:08 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2009/10/26 10:18:08 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2009/10/26 10:18:06 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2009/10/26 10:18:03 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/10/26 10:17:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/10/26 09:56:54 | 00,000,000 | ---D | C] -- C:\Autodesk
[2009/10/26 09:43:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CFM East\Application Data\AdobeUM
[2009/10/26 09:19:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF
[2009/10/24 08:14:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/10/24 06:11:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009/10/08 06:05:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/10/08 06:04:59 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/10/08 06:02:33 | 00,000,000 | RH-D | C] -- C:\MSOCache
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/06 05:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\hutpahxf.job
[2009/11/06 04:32:00 | 00,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/06 03:19:15 | 00,271,360 | ---- | M] () -- C:\Documents and Settings\CFM East\My Documents\backup.pst
[2009/11/06 03:19:14 | 00,271,360 | ---- | M] () -- C:\Documents and Settings\CFM East\My Documents\archive.pst
[2009/11/06 03:14:58 | 00,291,328 | ---- | M] () -- C:\Documents and Settings\CFM East\Desktop\gmer.exe
[2009/11/06 03:12:03 | 00,557,242 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/06 03:12:03 | 00,466,982 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/06 03:12:03 | 00,080,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/06 03:08:11 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/11/06 03:08:08 | 00,189,747 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/06 03:08:07 | 00,053,196 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/11/06 03:08:06 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\CFM East\Local Settings\Application Data\WavXMapDrive.bat
[2009/11/06 03:07:11 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/06 03:07:10 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/06 03:06:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/06 03:06:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/06 03:06:31 | 37,454,06976 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/05 12:51:56 | 04,308,682 | -H-- | M] () -- C:\Documents and Settings\CFM East\Local Settings\Application Data\IconCache.db
[2009/11/05 06:08:23 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\jamediwe
[2009/11/05 05:57:04 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/05 05:52:13 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/05 05:44:40 | 00,000,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools AntiVirus.lnk
[2009/11/05 05:32:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/11/05 05:31:57 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/05 05:28:18 | 00,092,019 | ---- | M] (Mozilla) -- C:\Documents and Settings\CFM East\Desktop\Firefox Setup 3.5.4.exe
[2009/11/05 05:04:19 | 02,621,440 | -H-- | M] () -- C:\Documents and Settings\CFM East\NTUSER.DAT
[2009/11/02 14:57:16 | 00,054,477 | ---- | M] () -- C:\Documents and Settings\CFM East\Desktop\nutrametrix invoice.pdf
[2009/10/31 18:26:16 | 00,000,788 | ---- | M] () -- C:\Documents and Settings\CFM East\Desktop\Windows Media Player.lnk
[2009/10/31 14:48:01 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/30 12:13:53 | 00,095,232 | ---- | M] () -- C:\Documents and Settings\CFM East\Desktop\Mo_Kelley_TJ_NFL_picks_2009(1).xls
[2009/10/30 11:49:28 | 00,013,696 | ---- | M] (Skyhook Wireless) -- C:\WINDOWS\System32\drivers\wpsnuio.sys
[2009/10/27 05:20:03 | 00,349,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/26 17:38:38 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2009/10/26 11:13:24 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/10/26 10:56:14 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/26 10:19:16 | 00,001,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2010 - English.lnk
[2009/10/26 09:59:33 | 00,026,628 | ---- | M] () -- C:\WINDOWS\System32\logon.exe
[2009/10/22 22:59:55 | 00,000,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CFM Server.lnk
[2009/10/22 05:43:48 | 00,268,800 | ---- | M] () -- C:\Documents and Settings\CFM East\Desktop\Project1.mpp
[2009/10/18 08:50:43 | 00,000,128 | ---- | M] () -- C:\Documents and Settings\CFM East\webct_upload_applet.properties
[2009/10/17 02:07:25 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/08 06:32:25 | 00,286,720 | ---- | M] () -- C:\Documents and Settings\CFM East\Desktop\6123_1247_106200974809AM364160.mpp
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/05 05:57:04 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/05 05:51:45 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/05 05:44:47 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/11/05 05:44:40 | 00,000,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools AntiVirus.lnk
[2009/11/05 05:32:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/05 05:31:57 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/05 05:16:43 | 04,308,682 | -H-- | C] () -- C:\Documents and Settings\CFM East\Local Settings\Application Data\IconCache.db
[2009/11/02 14:57:15 | 00,054,477 | ---- | C] () -- C:\Documents and Settings\CFM East\Desktop\nutrametrix invoice.pdf
[2009/10/31 15:49:31 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\hutpahxf.job
[2009/10/30 12:13:53 | 00,095,232 | ---- | C] () -- C:\Documents and Settings\CFM East\Desktop\Mo_Kelley_TJ_NFL_picks_2009(1).xls
[2009/10/28 14:36:00 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\SNMP_PP.DLL
[2009/10/27 15:40:27 | 00,271,360 | ---- | C] () -- C:\Documents and Settings\CFM East\My Documents\archive.pst
[2009/10/26 17:54:26 | 00,271,360 | ---- | C] () -- C:\Documents and Settings\CFM East\My Documents\backup.pst
[2009/10/26 17:38:38 | 00,002,335 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/10/26 17:38:38 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2009/10/26 17:19:53 | 00,332,288 | ---- | C] () -- C:\Documents and Settings\CFM East\Desktop\pdx-ac7p.exe
[2009/10/26 14:10:17 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/10/26 10:19:16 | 00,001,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2010 - English.lnk
[2009/10/26 09:59:33 | 00,026,628 | ---- | C] () -- C:\WINDOWS\System32\logon.exe
[2009/10/22 22:59:55 | 00,000,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CFM Server.lnk
[2009/10/22 02:34:02 | 00,268,800 | ---- | C] () -- C:\Documents and Settings\CFM East\Desktop\Project1.mpp
[2009/10/16 13:22:44 | 00,291,328 | ---- | C] () -- C:\Documents and Settings\CFM East\Desktop\gmer.exe
[2009/10/08 06:32:23 | 00,286,720 | ---- | C] () -- C:\Documents and Settings\CFM East\Desktop\6123_1247_106200974809AM364160.mpp
[2009/09/11 08:22:45 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/08 05:05:12 | 00,012,912 | ---- | C] () -- C:\Documents and Settings\CFM East\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/08 05:05:12 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\CFM East\Application Data\desktop.ini
[2009/09/08 05:05:12 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\CFM East\Local Settings\Application Data\setup.txt
[2009/09/08 05:05:12 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\CFM East\Local Settings\Application Data\WavXMapDrive.bat
[2009/08/05 06:04:40 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\lumimane.dll
[2009/07/31 15:49:30 | 00,060,928 | -HS- | C] () -- C:\WINDOWS\System32\yikavaji.dll
[2009/07/28 02:50:42 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/07/28 02:50:42 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/07/28 02:50:42 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/07/28 02:50:42 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/07/28 02:49:35 | 00,001,156 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/07/28 00:41:53 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/28 00:36:07 | 00,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/28 00:35:13 | 00,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/07/28 00:32:42 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/07/28 00:21:23 | 00,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2009/07/28 00:18:59 | 00,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2009/07/27 15:43:06 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\vupeteho.dll
[2009/07/27 15:43:06 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\lemejudi.dll
[2009/07/27 15:42:34 | 00,090,112 | -HS- | C] () -- C:\WINDOWS\System32\huyasuzo.dll
[2009/07/26 10:04:23 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\vebiwoju.dll
[2009/04/22 09:58:30 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\DTMessageLib.dll
[2009/04/10 12:01:12 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/02/26 16:54:52 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
[2009/02/26 16:54:50 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
[2009/02/26 16:54:48 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
[2009/02/26 16:54:48 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
[2009/02/26 16:54:46 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
[2009/02/26 16:54:44 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
[2009/02/26 16:54:44 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
[2009/02/26 16:54:42 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
[2009/02/26 16:54:40 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
[2009/02/26 16:54:40 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2009/02/26 16:54:38 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2009/02/26 16:54:36 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2009/02/26 16:54:34 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2009/02/26 16:54:34 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2009/02/26 16:54:32 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2009/02/26 16:54:32 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2009/02/26 16:54:30 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2009/02/26 16:54:28 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2009/02/26 16:54:28 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2009/02/26 16:54:26 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2009/02/26 16:54:24 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2009/02/26 16:54:24 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2009/02/26 16:54:20 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2009/02/26 16:54:20 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2009/02/17 09:51:28 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2009/02/17 09:51:28 | 00,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2009/02/17 09:51:26 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2009/02/17 09:51:24 | 00,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2009/02/17 09:51:24 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2009/02/17 09:51:24 | 00,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2009/02/17 09:51:22 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2009/02/17 09:51:22 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2009/02/17 09:51:20 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll
[2009/02/17 09:51:20 | 00,479,232 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2009/02/17 09:51:20 | 00,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2009/02/17 09:51:18 | 00,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2009/02/17 09:51:16 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2009/02/17 09:51:16 | 00,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2009/02/17 09:51:16 | 00,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2009/02/17 09:51:14 | 00,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2009/02/17 09:51:04 | 00,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll
[2009/02/17 09:51:04 | 00,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll
[2009/02/17 09:51:02 | 00,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll
[2009/02/17 09:51:02 | 00,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll
[2009/02/17 09:51:00 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll
[2009/02/17 09:51:00 | 00,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll
[2009/02/17 09:50:58 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll
[2009/02/17 09:50:58 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll
[2009/02/17 08:46:36 | 00,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2009/01/06 16:25:36 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2008/12/22 14:13:54 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2008/10/06 18:36:56 | 00,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2008/08/15 08:46:30 | 02,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/04/25 16:26:32 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 11:16:28 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/04/25 11:16:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/04/25 04:22:23 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/03/25 09:46:00 | 00,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/19 05:52:16 | 00,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/04/19 05:28:10 | 00,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2006/06/30 12:58:44 | 00,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 12:58:44 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/12 08:01:16 | 00,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/09/10 13:34:00 | 00,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 13:34:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/19 17:28:38 | 01,519,616 | ---- | C] () -- C:\WINDOWS\rcapi.dll
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/07/28 00:34:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/10/26 10:18:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/07/28 00:24:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/09/08 05:20:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DellUCM
[2009/07/28 00:26:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/11/06 03:08:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/28 00:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/10/26 10:18:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CFM East\Application Data\Autodesk
[2009/07/28 00:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CFM East\Application Data\Broadcom
[2009/09/30 08:46:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CFM East\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/07/28 00:41:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CFM East\Application Data\Wave Systems Corp
[2009/07/28 00:08:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CFM East\Application Data\Windows Desktop Search
[2009/09/08 05:13:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CFM East\Application Data\Windows Search
[2008/04/14 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/06 05:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\hutpahxf.job
[2009/11/06 03:06:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >

#6 TJS12

New Member

Authentic Member
17 posts

Posted 06 November 2009 - 04:24 AM

OTL Extras logfile created on: 11/6/2009 4:23:42 AM - Run 1
OTL by OldTimer - Version 3.1.3.4 Folder = C:\Documents and Settings\CFM East\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 2.85 Gb Available in Paging File | 71.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.70 Gb Total Space | 207.88 Gb Free Space | 89.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CFMEAST
Current User Name: CFM East
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe:*:Enabled:BTTray -- (Broadcom Corporation.)
"C:\WINDOWS\system32\dumprep.exe" = C:\WINDOWS\system32\dumprep.exe:*:Enabled:dumprep -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore -- (Microsoft Corporation)
"C:\WINDOWS\system32\taskmgr.exe" = C:\WINDOWS\system32\taskmgr.exe:*:Enabled:taskmgr -- (Microsoft Corporation)
"C:\WINDOWS\system32\wbem\wmiprvse.exe" = C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{0639F993-7F7E-4BA5-BEC7-53CAC2E5B973}" = Dell ControlPoint System Manager
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel® Network Connections 13.0.42.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2484631E-A7B3-4847-ACBB-4D881E6E9D5A}" = Dell ControlPoint Connection Manager
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A05B900-A3E7-11DE-A9B7-005056806466}" = Google Earth
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{4994A7CB-2BF4-4664-8FCE-DB66055ECEBC}" = Broadcom USH Host Components
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel® PRO Alerting Agent
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86A8FD76-3268-4102-9674-7118881EC2C0}" = Wave Infrastructure Installer
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{99E39418-A6C1-4D2B-AF9F-9152C93F03A9}" = Dell Control Point
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C875FEA-B49E-49F7-AE62-0F9B91F90982}" = SRS Premium Sound
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DAC07FB2-2C63-44B2-8344-AB7542C936D2}" = DCP32MMWrapper
"{DB58A549-42CA-4081-986A-633479DE413F}" = SO32MMWrapper
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell Webcam Central" = Dell Webcam Central
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"NVIDIA Drivers" = NVIDIA Drivers
"PC Tools AntiVirus_is1" = PC Tools AntiVirus 6.1
"PRJSTDR" = Microsoft Office Project Standard 2007 Trial
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WOLAPI" = Westwood Shared Internet Components
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/5/2009 6:42:23 PM | Computer Name = CFMEAST | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OutlookExpressHandler.1 cannot be loaded.
Error description: .

Error - 11/5/2009 6:42:23 PM | Computer Name = CFMEAST | Source = Windows Search Service | ID = 3083
Description = The protocol handler uncfatph.UNCFATHandler.1 cannot be loaded. Error
description: .

Error - 11/5/2009 6:42:23 PM | Computer Name = CFMEAST | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.HistoryHandler cannot be loaded. Error description:
.

Error - 11/5/2009 6:42:23 PM | Computer Name = CFMEAST | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
.

Error - 11/5/2009 6:42:23 PM | Computer Name = CFMEAST | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.FileHandler.1 cannot be loaded. Error
description: .

Error - 11/5/2009 6:42:23 PM | Computer Name = CFMEAST | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error
description: .

Error - 11/5/2009 6:42:23 PM | Computer Name = CFMEAST | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OutlookExpressHandler.1 cannot be loaded.
Error description: .

Error - 11/5/2009 6:42:23 PM | Computer Name = CFMEAST | Source = Windows Search Service | ID = 3083
Description = The protocol handler uncfatph.UNCFATHandler.1 cannot be loaded. Error
description: .

Error - 11/6/2009 4:08:19 AM | Computer Name = CFMEAST | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 11/6/2009 4:08:19 AM | Computer Name = CFMEAST | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

[ Application Events ]
Error - 11/5/2009 6:42:23 PM | Computer Name = CFMEAST | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OutlookExpressHandler.1 cannot be loaded.
Error description: .

Error - 11/5/2009 6:42:23 PM | Computer Name = CFMEAST | Source = Windows Search Service | ID = 3083
Description = The protocol handler uncfatph.UNCFATHandler.1 cannot be loaded. Error
description: .

Error - 11/5/2009 6:42:23 PM | Computer Name = CFMEAST | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.HistoryHandler cannot be loaded. Error description:
.

Error - 11/5/2009 6:42:23 PM | Computer Name = CFMEAST | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
.

Error - 11/5/2009 6:42:23 PM | Computer Name = CFMEAST | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.FileHandler.1 cannot be loaded. Error
description: .

Error - 11/5/2009 6:42:23 PM | Computer Name = CFMEAST | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error
description: .

Error - 11/5/2009 6:42:23 PM | Computer Name = CFMEAST | Source = Windows Search Service | ID = 3083
Description = The protocol handler Search.OutlookExpressHandler.1 cannot be loaded.
Error description: .

Error - 11/5/2009 6:42:23 PM | Computer Name = CFMEAST | Source = Windows Search Service | ID = 3083
Description = The protocol handler uncfatph.UNCFATHandler.1 cannot be loaded. Error
description: .

Error - 11/6/2009 4:08:19 AM | Computer Name = CFMEAST | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 11/6/2009 4:08:19 AM | Computer Name = CFMEAST | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

[ System Events ]
Error - 11/5/2009 4:51:36 AM | Computer Name = CFMEAST | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 11/5/2009 5:06:15 AM | Computer Name = CFMEAST | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 30 minutes. NtpClient has no source of accurate
time.

Error - 11/5/2009 5:09:41 AM | Computer Name = CFMEAST | Source = BROWSER | ID = 8020
Description = The browser was unable to promote itself to master browser. The computer
that currently believes it is the master browser is unknown.

Error - 11/5/2009 5:36:16 AM | Computer Name = CFMEAST | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 60 minutes. NtpClient has no source of accurate
time.

Error - 11/5/2009 1:17:39 PM | Computer Name = CFMEAST | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.

Error - 11/5/2009 1:42:18 PM | Computer Name = CFMEAST | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WindowsShell.manifest.
Reference
error message: Error Message is unavailable .

Error - 11/5/2009 1:42:51 PM | Computer Name = CFMEAST | Source = W32Time | ID = 39452718
Description = The time service encountered an error and was forced to shut down.
The error was: 0x8007046A

Error - 11/5/2009 6:37:57 PM | Computer Name = CFMEAST | Source = Service Control Manager | ID = 7034
Description = The PC Tools AntiVirus Engine service terminated unexpectedly. It
has done this 1 time(s).

Error - 11/5/2009 6:41:45 PM | Computer Name = CFMEAST | Source = Service Control Manager | ID = 7034
Description = The Smith Micro Connection Manager Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/5/2009 8:29:22 PM | Computer Name = CFMEAST | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

< End of report >

#7 TJS12

New Member

Authentic Member
17 posts

Posted 06 November 2009 - 04:26 AM

I also am now getting the following msgs anytime I open any program... The application dll C:\windows\system32\vupeleha.dll is not a valid windows image. The application dll C:\windows\system32\lumimume.dll is not a valid windows image.

#8 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 06 November 2009 - 08:12 AM

Hi TJS12,

Your system has been infected by one or more Backdoor Trojans and Info Stealers.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

Its very possible that anything could have been installed on your computer by the remote attacker, including opening other backdoors and installing rootkits. While we can attempt to clean what we see in your logs, we cannot guarantee that your computer will be completely in the clear since we have no way of knowing that has been done to the computer. Your computer could be completely compromised at this moment. It may be prudent to backup your information, reformat, and reinstall.

More information on Remote Access Trojans can be found here.

I strongly suggest you do the following immediately:

Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

To help you make your decision, here are a few related articles that i suggest you read:

Next, Double click on OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [siluyidez] C:\WINDOWS\System32\lumimane.DLL ()
O20 - AppInit_DLLs: (vupeteho.dll) - C:\WINDOWS\System32\vupeteho.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\lumimane.dll) - C:\WINDOWS\system32\lumimane.dll ()
O20 - HKLM Winlogon: Shell - (logon.exe) - C:\WINDOWS\System32\logon.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
O21 - SSODL: vonidayej - {59525165-7be5-45e0-8a3f-5ede338f846f} - C:\WINDOWS\system32\lumimane.dll ()
O22 - SharedTaskScheduler: {59525165-7be5-45e0-8a3f-5ede338f846f} - jugezatag - C:\WINDOWS\system32\lumimane.dll ()
[2009/11/06 03:07:40 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2009/11/06 05:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\hutpahxf.job
[2009/07/31 15:49:30 | 00,060,928 | -HS- | C] () -- C:\WINDOWS\System32\yikavaji.dll
[2009/07/27 15:43:06 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\vupeteho.dll
[2009/07/27 15:43:06 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\lemejudi.dll
[2009/07/27 15:42:34 | 00,090,112 | -HS- | C] () -- C:\WINDOWS\System32\huyasuzo.dll
[2009/07/26 10:04:23 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\vebiwoju.dll

:Commands
[emptytemp]
[start explorer]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with

OTL fix log
combofix log

How's the computer now?

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#9 TJS12

New Member

Authentic Member
17 posts

Posted 06 November 2009 - 12:43 PM

ComboFix 09-11-05.05 - CFM East 11/06/2009 13:22.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2962 [GMT -5:00]
Running from: c:\documents and settings\CFM East\Desktop\ComboFix.exe
AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning enabled* (Outdated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
* Created a new restore point
.
ADS - system32: deleted 142 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000115_.tmp.dll
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.

2009-11-06 17:43 . 2009-11-06 17:43 -------- d-----w- C:\_OTL
2009-11-05 22:42 . 2009-11-05 22:42 -------- d-s---w- c:\windows\system32\%USERPROFILE%
2009-11-05 13:36 . 2009-11-05 13:36 -------- d-----w- C:\VundoFix Backups
2009-11-05 10:58 . 2009-11-05 10:58 117760 ----a-w- c:\documents and settings\CFM East\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-05 10:57 . 2009-11-05 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-05 10:57 . 2009-11-05 10:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-05 10:57 . 2009-11-05 10:57 -------- d-----w- c:\documents and settings\CFM East\Application Data\SUPERAntiSpyware.com
2009-11-05 10:56 . 2009-11-05 10:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-05 10:51 . 2009-11-05 10:51 -------- d-----w- c:\documents and settings\CFM East\Application Data\Malwarebytes
2009-11-05 10:51 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-05 10:51 . 2009-11-05 10:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-05 10:51 . 2009-11-05 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-05 10:51 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-05 10:44 . 2009-11-06 18:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-05 10:32 . 2009-11-05 10:32 0 ----a-w- c:\windows\nsreg.dat
2009-11-05 10:32 . 2009-11-05 10:32 -------- d-----w- c:\documents and settings\CFM East\Local Settings\Application Data\Mozilla
2009-11-03 22:58 . 2009-11-03 22:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-01 13:26 . 2009-11-01 13:27 -------- d-----w- c:\documents and settings\CFM East\Local Settings\Application Data\Temp
2009-10-30 16:49 . 2009-10-30 16:49 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2009-10-30 16:49 . 2009-10-30 16:49 -------- d-----w- c:\documents and settings\CFM East\Local Settings\Application Data\Skyhook Wireless
2009-10-30 01:00 . 2009-10-30 01:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-10-30 01:00 . 2009-10-30 01:00 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Windows Search
2009-10-28 19:36 . 2009-10-28 19:36 -------- d-----w- c:\documents and settings\CFM East\TOSHIBA
2009-10-28 19:36 . 2003-10-01 09:31 135168 ----a-w- c:\windows\system32\SNMP_PP.DLL
2009-10-26 22:40 . 2009-10-26 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-10-26 22:39 . 2009-10-26 22:39 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-10-26 21:43 . 2009-10-26 21:43 36864 ----a-w- c:\documents and settings\CFM East\Application Data\Autodesk\AutoCAD 2010\R18.0\enu\ContextualTabSelectorRules.dll
2009-10-26 21:43 . 2009-10-26 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-26 19:22 . 2009-11-02 22:29 -------- d-----w- c:\documents and settings\CFM East\Local Settings\Application Data\CutePDF Writer
2009-10-26 19:11 . 2009-10-26 19:12 -------- d-----w- c:\program files\GPLGS
2009-10-26 19:10 . 2007-07-13 02:33 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2009-10-26 19:10 . 2009-10-26 19:10 -------- d-----w- c:\program files\Acro Software
2009-10-26 15:56 . 2003-06-18 21:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-10-26 15:55 . 2009-10-26 15:55 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-26 15:19 . 2009-10-26 15:19 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-10-26 15:18 . 2009-10-26 15:20 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-10-26 15:18 . 2009-10-26 15:20 -------- d-----w- c:\program files\AutoCAD 2010
2009-10-26 15:18 . 2009-10-26 15:18 -------- d-----w- c:\documents and settings\CFM East\Local Settings\Application Data\Autodesk
2009-10-26 15:18 . 2009-10-26 15:18 -------- d-----w- c:\documents and settings\CFM East\Application Data\Autodesk
2009-10-26 15:18 . 2009-10-26 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-10-26 15:18 . 2008-03-05 19:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-10-26 15:18 . 2008-02-06 03:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-10-26 15:18 . 2008-03-05 19:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-10-26 15:17 . 2009-10-26 15:17 -------- d-----w- c:\windows\Logs
2009-10-26 14:56 . 2009-10-26 14:56 -------- d-----w- C:\Autodesk
2009-10-26 14:43 . 2009-10-26 14:43 -------- d-----w- c:\documents and settings\CFM East\Application Data\AdobeUM
2009-10-24 13:14 . 2009-10-24 13:14 -------- d-----w- c:\windows\system32\LogFiles
2009-10-24 11:45 . 2009-10-24 11:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-24 11:11 . 2009-10-24 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-10-08 11:05 . 2009-10-08 11:05 -------- d-----w- c:\program files\Microsoft Works
2009-10-08 11:04 . 2009-10-08 11:04 -------- d-----w- c:\program files\Microsoft.NET
2009-10-08 11:02 . 2009-10-08 11:02 -------- d-----r- C:\MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 18:29 . 2009-09-08 10:05 0 ----a-w- c:\documents and settings\CFM East\Local Settings\Application Data\WavXMapDrive.bat
2009-10-27 10:20 . 2009-07-28 05:30 100864 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 10:20 . 2009-07-28 05:41 100864 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-26 22:39 . 2009-09-11 13:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-22 07:34 . 2009-09-11 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-30 13:46 . 2009-09-30 13:46 -------- d-----w- c:\documents and settings\CFM East\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-09-30 12:32 . 2009-09-30 12:32 -------- d-----w- c:\documents and settings\CFM East\Application Data\CyberLink
2009-09-30 12:32 . 2009-09-30 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-09-29 15:51 . 2009-07-28 04:58 53196 ----a-w- c:\windows\system32\nvModes.dat
2009-09-23 08:02 . 2009-09-14 06:54 -------- d-----w- c:\program files\Google
2009-09-14 06:54 . 2009-09-14 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-12 07:08 . 2009-07-28 05:08 -------- d-----w- c:\program files\Windows Desktop Search
2009-09-12 07:00 . 2009-09-12 07:00 -------- d-----w- c:\program files\MSXML 4.0
2009-09-11 14:18 . 2008-04-25 16:16 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 13:28 . 2009-09-11 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-11 13:17 . 2008-04-25 21:42 -------- d-----w- c:\program files\MSBuild
2009-09-11 13:08 . 2009-09-11 13:08 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-11 13:07 . 2009-09-11 13:07 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-09-08 10:20 . 2009-09-08 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DellUCM
2009-09-08 10:13 . 2009-09-08 10:13 -------- d-----w- c:\documents and settings\CFM East\Application Data\Windows Search
2009-09-04 21:03 . 2008-04-25 16:16 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2008-04-25 16:16 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-14 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-28 86016]
"OA001Mon"="c:\windows\OA001Mon.exe" [2009-03-30 24576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-28 148888]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-02-26 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-04-22 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-04-22 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-04-22 15360]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-07-28 2220032]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-04-10 1810432]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-10-17 442536]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"combofix"="c:\combofix\CF13108.exe" [2009-11-06 389120]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-08-28 1630208]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2008-08-28 90112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-10-26 25214]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-4-9 1106720]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\searchindexer.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\Program Files\\Internet Explorer\\iexplore.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\system32\\rundll32.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 5:56 AM 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 11:07 AM 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 10:19 AM 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 10:19 AM 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [4/9/2009 2:02 PM 447264]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [4/10/2009 12:08 PM 77824]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/28/2009 2:50 AM 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [7/28/2009 2:50 AM 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [7/28/2009 2:50 AM 244368]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [7/28/2009 2:50 AM 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [7/28/2009 2:50 AM 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [7/28/2009 2:50 AM 280096]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [7/28/2009 12:35 AM 232744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/14/2009 1:55 AM 133104]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-14 06:54]

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 06:55]

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 06:55]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.live.com
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8A177687-28EB-48DB-9CCB-5C5254D10568} - file://d:\setup\Requirements\EduSpeak.EduSpeakX\EduSpeakX.cab
FF - ProfilePath - c:\documents and settings\CFM East\Application Data\Mozilla\Firefox\Profiles\28wjzkua.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 13:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\System32\BCMLogon.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL

- - - - - - - > 'lsass.exe'(988)
c:\windows\system32\wvauth.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\bcmwltry.exe
c:\drivers\audio\r213367\stacsv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2009-11-06 13:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-06 18:34

Pre-Run: 223,539,417,088 bytes free
Post-Run: 223,310,766,080 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 14C76F8411FAF3BB4460F9FC7949C2A7

#10 TJS12

New Member

Authentic Member
17 posts

Posted 06 November 2009 - 12:45 PM

All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\siluyidez deleted successfully. C:\WINDOWS\system32\lumimane.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:vupeteho.dll deleted successfully. C:\WINDOWS\system32\vupeteho.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\lumimane.dll deleted successfully. File C:\WINDOWS\system32\lumimane.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:logon.exe deleted successfully. C:\WINDOWS\system32\logon.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully. File move failed. C:\WINDOWS\system32\sdra64.exe scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vonidayej deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59525165-7be5-45e0-8a3f-5ede338f846f}\ deleted successfully. File C:\WINDOWS\system32\lumimane.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{59525165-7be5-45e0-8a3f-5ede338f846f} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59525165-7be5-45e0-8a3f-5ede338f846f}\ not found. File C:\WINDOWS\system32\lumimane.dll not found. File move failed. C:\WINDOWS\System32\lowsec\ scheduled to be moved on reboot. C:\WINDOWS\tasks\hutpahxf.job moved successfully. C:\WINDOWS\system32\yikavaji.dll moved successfully. File C:\WINDOWS\System32\vupeteho.dll not found. C:\WINDOWS\system32\lemejudi.dll moved successfully. C:\WINDOWS\system32\huyasuzo.dll moved successfully. C:\WINDOWS\system32\vebiwoju.dll moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: All Users User: CFM East ->Temp folder emptied: 94687884 bytes ->Temporary Internet Files folder emptied: 60773164 bytes ->Java cache emptied: 28677162 bytes ->FireFox cache emptied: 42231548 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 66820 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2577 bytes Windows Temp folder emptied: 42129756 bytes RecycleBin emptied: 173416379 bytes Total Files Cleaned = 421.70 mb OTL by OldTimer - Version 3.1.3.4 log created on 11062009_124327 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\system32\sdra64.exe scheduled to be moved on reboot. Folder move failed. C:\WINDOWS\System32\lowsec\ scheduled to be moved on reboot. Registry entries deleted on Reboot...

Advertisements

Register to Remove

#11 TJS12

New Member

Authentic Member
17 posts

Posted 06 November 2009 - 01:06 PM

Computer appears to be functioning correctly. All .dll popups and internet popups have stopped. The computer now powers down correctly. Reading the beginning of your post regarding RATs, should I be considering a reformat/reinstall???

#12 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 06 November 2009 - 07:31 PM

Hi TJS12,

That depends entirely on you and what you use this computer for. We can remove everything we find or detect. As mentioned before

While we can attempt to clean what we see in your logs, we cannot guarantee that your computer will be completely in the clear since we have no way of knowing that has been done to the computer.

It is possible that as security programs catchup to malware, something may turn up at a later date. On the other hand, we may be completely successfull in cleaning this machine.

Please review the links I gave you and decide. Let me know if you wish to contine cleaning this computer and I will post further instructions.

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#13 TJS12

New Member

Authentic Member
17 posts

Posted 07 November 2009 - 12:31 AM

Let's continue cleaning

#14 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 07 November 2009 - 07:29 AM

Hi TJS12,

Next, Double click on OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:OTL
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()

:Reg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\WINDOWS\system32\taskmgr.exe"=-
"c:\WINDOWS\explorer.exe"=-
"c:\WINDOWS\system32\rundll32.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=-

:Files
C:\VundoFix Backups
:Commands
[Reboot]

Then click the Run Fix button at the top

Let the program run unhindered

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

Click the Update tab
Click Check for Updates
If an update is found, it will download and install the latest version.
The program will close to update and reopen.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back with

MBAM log
new OTL scan log

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#15 TJS12

New Member

Authentic Member
17 posts

Posted 07 November 2009 - 05:42 PM

Malwarebytes' Anti-Malware 1.41 Database version: 3119 Windows 5.1.2600 Service Pack 3 11/7/2009 6:42:20 PM mbam-log-2009-11-07 (18-42-20).txt Scan type: Quick Scan Objects scanned: 110312 Time elapsed: 2 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Body Background

skin color theme