Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Virus

Started by poplawsk , Dec 14 2009 08:10 PM

  • Please log in to reply

#1
poplawsk
Posted 14 December 2009 - 08:10 PM

poplawsk

    Member

  • Member
  • PipPip
  • 33 posts
I think I have a virus and I was told to post here. My computer is going a lot slower, won't load and will continually freeze if I am using it. I am still having trouble running McAfee virus scan and I ran MBAM but there are no infections:

Malwarebytes' Anti-Malware 1.42
Database version: 3362
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

12/14/2009 6:02:27 PM
mbam-log-2009-12-14 (18-02-27).txt

Scan type: Quick Scan
Objects scanned: 89241
Time elapsed: 2 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Attatched are the OTL Results:

OTL logfile created on: 12/14/2009 6:02:02 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Andrew\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 79.71% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 411.94 Gb Free Space | 91.32% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.86 Gb Free Space | 46.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREW-PC
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/14 18:01:55 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Downloads\OTL.exe
PRC - [2009/12/03 16:14:00 | 01,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/11/06 12:57:07 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe


========== Modules (SafeList) ==========

MOD - [2009/12/14 18:01:55 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Downloads\OTL.exe
MOD - [2008/01/20 18:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/21 21:06:28 | 00,053,760 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2009/09/16 10:23:32 | 00,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2009/09/16 09:15:32 | 00,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/04/06 10:03:00 | 00,268,288 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/04/06 10:02:30 | 00,089,600 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 11:05:28 | 00,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/11/17 16:55:56 | 00,832,552 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV:64bit: - [2008/01/20 18:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe -- (MpfService)
SRV - [2009/09/21 18:47:09 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/23 13:00:06 | 00,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/21 05:59:08 | 00,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/07/27 10:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/03/24 04:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/11/02 05:34:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: [email protected]:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/06 12:57:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/09 23:34:56 | 00,000,000 | ---D | M]

[2009/10/02 20:45:42 | 00,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
[2009/12/13 19:46:18 | 00,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\wivwulus.default\extensions
[2009/12/14 17:57:35 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 19:06:38 | 00,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 19:08:35 | 00,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/14 16:28:31 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Malwarebytes
[2009/12/14 16:28:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/14 16:28:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/14 16:28:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/12/13 01:02:47 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2009/12/12 15:49:24 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\dvdcss
[2009/12/12 15:49:10 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\vlc
[2009/12/12 15:46:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2009/12/04 10:25:10 | 00,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Move Networks
[1 C:\Users\Andrew\Documents\*.tmp files -> C:\Users\Andrew\Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/14 18:00:31 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/12/14 18:00:31 | 00,594,698 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/12/14 18:00:31 | 00,100,766 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/12/14 17:57:11 | 00,014,271 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2009/12/14 17:56:12 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/14 17:53:22 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/14 17:53:22 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/14 17:53:17 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/14 17:44:37 | 02,097,152 | -HS- | M] () -- C:\Users\Andrew\NTUSER.DAT
[2009/12/14 17:38:11 | 00,058,912 | ---- | M] () -- C:\Users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/14 17:35:53 | 00,269,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/12/14 17:35:15 | 00,524,288 | -HS- | M] () -- C:\Users\Andrew\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/12/14 17:35:15 | 00,065,536 | -HS- | M] () -- C:\Users\Andrew\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/12/14 16:28:30 | 00,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/14 16:12:20 | 01,048,576 | -HS- | M] () -- C:\Users\Andrew\NTUSER.DAT{c328fef0-6a85-11db-9fbd-cf3689cba3de}.TxR.2.regtrans-ms
[2009/12/14 16:12:20 | 01,048,576 | -HS- | M] () -- C:\Users\Andrew\NTUSER.DAT{c328fef0-6a85-11db-9fbd-cf3689cba3de}.TxR.1.regtrans-ms
[2009/12/14 16:12:19 | 01,048,576 | -HS- | M] () -- C:\Users\Andrew\NTUSER.DAT{c328fef0-6a85-11db-9fbd-cf3689cba3de}.TxR.0.regtrans-ms
[2009/12/14 16:12:19 | 00,065,536 | -HS- | M] () -- C:\Users\Andrew\NTUSER.DAT{c328fef0-6a85-11db-9fbd-cf3689cba3de}.TxR.blf
[2009/12/14 16:10:26 | 00,000,162 | -H-- | M] () -- C:\Users\Andrew\Documents\~$dnell Mentor.docx
[2009/12/14 16:10:12 | 00,010,568 | ---- | M] () -- C:\Users\Andrew\Documents\Ridnell Mentor.docx
[2009/12/14 15:51:28 | 00,016,423 | ---- | M] () -- C:\Users\Andrew\Documents\Resume 2009 Mentor.docx
[2009/12/14 15:51:00 | 00,000,162 | -H-- | M] () -- C:\Users\Andrew\Documents\~$sume 2009 Mentor.docx
[2009/12/14 15:11:15 | 00,000,732 | ---- | M] () -- C:\Users\Andrew\AppData\Local\d3d9caps64.dat
[2009/12/14 13:07:09 | 00,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/12/14 11:19:05 | 00,035,328 | ---- | M] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/14 09:38:17 | 00,943,208 | ---- | M] () -- C:\Users\Andrew\Documents\FTP.docx
[2009/12/13 17:07:22 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{25FDCE3A-23D0-4117-BEF2-6E7B1AB29641}.job
[2009/12/13 01:01:35 | 00,001,771 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2009/12/12 15:46:43 | 00,000,903 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009/12/11 15:29:26 | 00,020,839 | ---- | M] () -- C:\Users\Andrew\Documents\Nagle-Sandal Final.docx
[2009/12/09 11:11:46 | 00,002,651 | ---- | M] () -- C:\Users\Andrew\Desktop\Microsoft Office Word 2007.lnk
[2009/12/09 11:09:26 | 00,031,744 | ---- | M] () -- C:\Users\Andrew\Documents\Andrew Poplawski - Tutor Availability.doc
[2009/12/09 10:19:06 | 00,068,506 | ---- | M] () -- C:\Users\Andrew\Documents\Poplawski DecemberTutorlog1.pdf
[2009/12/09 10:13:42 | 00,069,068 | ---- | M] () -- C:\Users\Andrew\Documents\Poplawski DecemberTutorlog.pdf
[2009/12/09 10:10:27 | 00,068,830 | ---- | M] () -- C:\Users\Andrew\Documents\Poplawski DecemberTutorlog3.pdf
[2009/12/09 10:07:02 | 00,068,652 | ---- | M] () -- C:\Users\Andrew\Documents\Poplawski DecemberTutorlog2.pdf
[2009/12/08 13:49:53 | 00,019,804 | ---- | M] () -- C:\Users\Andrew\Documents\Jerry Maguire.docx
[2009/12/08 13:49:49 | 00,021,482 | ---- | M] () -- C:\Users\Andrew\Documents\Leadership.docx
[2009/12/08 13:23:36 | 00,040,197 | ---- | M] () -- C:\Users\Andrew\Documents\MGMT 380 Maguire Essay.docx
[2009/12/08 00:22:32 | 02,849,041 | ---- | M] () -- C:\Users\Andrew\Documents\HomeworkProblems_Set1.pdf
[2009/12/07 09:59:46 | 00,028,358 | ---- | M] () -- C:\Users\Andrew\Documents\BETH 351 - Final Essay.docx
[2009/12/05 15:55:12 | 00,071,680 | ---- | M] () -- C:\Users\Andrew\Documents\Final Paper Instructions.doc
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/03 16:13:58 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/02 15:51:38 | 00,102,912 | ---- | M] () -- C:\Users\Andrew\Documents\Against the Smoking Policy.ppt
[2009/11/30 20:51:44 | 00,032,768 | ---- | M] () -- C:\Users\Andrew\Documents\TM Finance.xls
[2009/11/30 20:45:34 | 00,110,080 | ---- | M] () -- C:\Users\Andrew\Documents\FINANCE COMPUTERASSIGN340F_09.doc
[1 C:\Users\Andrew\Documents\*.tmp files -> C:\Users\Andrew\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/14 16:28:30 | 00,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/14 16:28:27 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/14 16:12:20 | 01,048,576 | -HS- | C] () -- C:\Users\Andrew\NTUSER.DAT{c328fef0-6a85-11db-9fbd-cf3689cba3de}.TxR.2.regtrans-ms
[2009/12/14 16:12:20 | 01,048,576 | -HS- | C] () -- C:\Users\Andrew\NTUSER.DAT{c328fef0-6a85-11db-9fbd-cf3689cba3de}.TxR.1.regtrans-ms
[2009/12/14 16:12:19 | 01,048,576 | -HS- | C] () -- C:\Users\Andrew\NTUSER.DAT{c328fef0-6a85-11db-9fbd-cf3689cba3de}.TxR.0.regtrans-ms
[2009/12/14 16:12:19 | 00,065,536 | -HS- | C] () -- C:\Users\Andrew\NTUSER.DAT{c328fef0-6a85-11db-9fbd-cf3689cba3de}.TxR.blf
[2009/12/14 16:10:26 | 00,000,162 | -H-- | C] () -- C:\Users\Andrew\Documents\~$dnell Mentor.docx
[2009/12/14 16:09:56 | 00,010,568 | ---- | C] () -- C:\Users\Andrew\Documents\Ridnell Mentor.docx
[2009/12/14 15:51:00 | 00,000,162 | -H-- | C] () -- C:\Users\Andrew\Documents\~$sume 2009 Mentor.docx
[2009/12/14 15:50:59 | 00,016,423 | ---- | C] () -- C:\Users\Andrew\Documents\Resume 2009 Mentor.docx
[2009/12/14 14:59:10 | 00,000,732 | ---- | C] () -- C:\Users\Andrew\AppData\Local\d3d9caps64.dat
[2009/12/12 15:46:43 | 00,000,903 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009/12/11 15:29:25 | 00,020,839 | ---- | C] () -- C:\Users\Andrew\Documents\Nagle-Sandal Final.docx
[2009/12/09 11:09:26 | 00,031,744 | ---- | C] () -- C:\Users\Andrew\Documents\Andrew Poplawski - Tutor Availability.doc
[2009/12/09 10:47:29 | 00,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2009/12/09 10:47:27 | 00,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2009/12/09 10:47:27 | 00,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2009/12/09 10:19:06 | 00,068,506 | ---- | C] () -- C:\Users\Andrew\Documents\Poplawski DecemberTutorlog1.pdf
[2009/12/09 10:13:42 | 00,069,068 | ---- | C] () -- C:\Users\Andrew\Documents\Poplawski DecemberTutorlog.pdf
[2009/12/09 10:10:15 | 00,068,830 | ---- | C] () -- C:\Users\Andrew\Documents\Poplawski DecemberTutorlog3.pdf
[2009/12/09 10:07:02 | 00,068,652 | ---- | C] () -- C:\Users\Andrew\Documents\Poplawski DecemberTutorlog2.pdf
[2009/12/09 10:05:29 | 00,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2009/12/09 10:05:14 | 05,686,272 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/12/09 10:05:10 | 07,005,696 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/12/09 10:05:10 | 01,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/12/09 10:05:09 | 01,426,432 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/12/09 10:05:09 | 00,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/12/09 10:05:08 | 00,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2009/12/09 10:05:07 | 00,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/12/09 10:05:07 | 00,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/12/09 10:05:07 | 00,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/12/09 10:05:06 | 01,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2009/12/09 10:05:06 | 00,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2009/12/09 10:05:06 | 00,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2009/12/09 10:05:06 | 00,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2009/12/09 10:05:06 | 00,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/12/09 10:05:06 | 00,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/12/09 10:05:05 | 01,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/12/09 10:04:58 | 00,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2009/12/09 10:04:58 | 00,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2009/12/08 00:22:32 | 02,849,041 | ---- | C] () -- C:\Users\Andrew\Documents\HomeworkProblems_Set1.pdf
[2009/12/05 19:31:05 | 00,040,197 | ---- | C] () -- C:\Users\Andrew\Documents\MGMT 380 Maguire Essay.docx
[2009/12/04 17:38:51 | 00,021,482 | ---- | C] () -- C:\Users\Andrew\Documents\Leadership.docx
[2009/12/04 02:59:31 | 00,019,804 | ---- | C] () -- C:\Users\Andrew\Documents\Jerry Maguire.docx
[2009/12/02 15:51:37 | 00,102,912 | ---- | C] () -- C:\Users\Andrew\Documents\Against the Smoking Policy.ppt
[2009/12/01 22:17:10 | 00,943,208 | ---- | C] () -- C:\Users\Andrew\Documents\FTP.docx
[2009/12/01 00:39:56 | 00,028,358 | ---- | C] () -- C:\Users\Andrew\Documents\BETH 351 - Final Essay.docx
[2009/10/24 00:29:42 | 00,035,328 | ---- | C] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/05 08:48:22 | 00,000,680 | ---- | C] () -- C:\Users\Andrew\AppData\Local\d3d9caps.dat
[2009/10/02 20:55:52 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/01/20 18:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/12/14 14:46:33 | 00,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/13 17:07:22 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{25FDCE3A-23D0-4117-BEF2-6E7B1AB29641}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 18:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 18:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 18:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/24 19:26:24 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009/04/10 23:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009/04/24 19:26:24 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/04/06 10:47:28 | 00,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Drivers\storage\R216105\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 18:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 18:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/10 23:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 18:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 18:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 18:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 18:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 18:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 18:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 18:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 18:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/10 23:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

OTL Extras logfile created on: 12/14/2009 6:02:02 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Andrew\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 79.71% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 411.94 Gb Free Space | 91.32% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.86 Gb Free Space | 46.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREW-PC
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A253E64-FC1C-4682-AB93-8CBF60B77CCF}" = lport=137 | protocol=17 | dir=in | app=system |
"{0C082A99-104D-4032-B52D-C97453EBB194}" = lport=139 | protocol=6 | dir=in | app=system |
"{75DB807E-88E3-4781-90D8-925B76FB6887}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7AE70A2D-CF99-41F6-AE26-DC954D54D7CA}" = rport=139 | protocol=6 | dir=out | app=system |
"{95DB6F60-E9C8-4D91-A684-5E8A7D6A215A}" = lport=138 | protocol=17 | dir=in | app=system |
"{CCC805AF-96B2-4C1F-AD30-9B9CA1AEEADC}" = lport=445 | protocol=6 | dir=in | app=system |
"{D5F919DB-5F03-4C5A-863A-35AAA0B239D0}" = rport=445 | protocol=6 | dir=out | app=system |
"{DE5EAB4A-42E1-4057-9F96-6623FD647FC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E9361C75-E03C-4A55-A681-E87EB860F0C3}" = rport=138 | protocol=17 | dir=out | app=system |
"{ECDBC0DC-BA74-4F35-9029-9574572FEF2A}" = rport=137 | protocol=17 | dir=out | app=system |
"{F3A71BB9-238A-455F-B112-0E4241969B51}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FDFA4DE2-6017-4F26-BEB3-20CEB24906FC}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05234CA9-ACA0-463C-B4F9-04E50DD6BED3}" = protocol=58 | dir=out | [email protected],-28546 |
"{25FC023F-CD85-4B84-9EB1-AC44CCB7C359}" = protocol=1 | dir=out | [email protected],-28544 |
"{326AE4DF-52DD-4F00-970D-B6417E213239}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{4D8498B2-792B-4247-99EB-B7EF25925B7C}" = protocol=58 | dir=in | [email protected],-28545 |
"{52E493FB-216C-47E4-8AD7-82D304896ACC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5D061E89-F138-4BC3-9A87-3F978115CCAB}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{72A78743-4EC8-4608-85CE-F0961B5E8A27}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A8E0AC12-B850-426A-BC7A-F6E21BD65562}" = protocol=1 | dir=in | [email protected],-28543 |
"{A8F21E15-2ABB-4D09-9362-88E841C5E8D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B523769F-52B8-4005-AA10-1327D15189F8}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{C0A9BA8E-A59F-4AFA-8726-B55ED9D0A1D2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C567DD1F-DC6F-4E48-9B64-FEC0F2D2B44B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{F4546CAE-461B-4FF2-BA72-75B073335001}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{FADC4E6A-33C1-445A-9987-F64B8DB4B3A2}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java™ 6 Update 13 (64-bit)
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.6600
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"Creative OA013" = Integrated Webcam Driver (1.00.04.0310)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSC" = McAfee SecurityCenter
"Picasa 3" = Picasa 3
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/24/2009 1:45:18 PM | Computer Name = Andrew-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/24/2009 1:45:18 PM | Computer Name = Andrew-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/24/2009 1:45:18 PM | Computer Name = Andrew-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/24/2009 1:45:18 PM | Computer Name = Andrew-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/24/2009 1:45:18 PM | Computer Name = Andrew-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/24/2009 1:45:20 PM | Computer Name = Andrew-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/24/2009 1:45:20 PM | Computer Name = Andrew-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/24/2009 1:45:20 PM | Computer Name = Andrew-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/24/2009 1:45:20 PM | Computer Name = Andrew-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/25/2009 6:22:09 PM | Computer Name = Andrew-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3593 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1344 Start Time: 01ca6d2de41d8440 Termination Time: 109

[ System Events ]
Error - 11/12/2009 2:00:19 AM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/12/2009 2:00:19 AM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/12/2009 2:02:12 AM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/12/2009 2:02:12 AM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/12/2009 2:09:32 AM | Computer Name = Andrew-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:08:31 PM on 11/11/2009 was unexpected.

Error - 11/16/2009 1:14:21 PM | Computer Name = Andrew-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:37:51 AM on 11/16/2009 was unexpected.

Error - 11/24/2009 1:44:02 PM | Computer Name = Andrew-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:42:15 PM on 11/23/2009 was unexpected.

Error - 11/27/2009 9:37:30 PM | Computer Name = Andrew-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:36:21 PM on 11/27/2009 was unexpected.

Error - 12/14/2009 6:49:35 PM | Computer Name = Andrew-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:46:31 PM on 12/14/2009 was unexpected.

Error - 12/14/2009 6:52:59 PM | Computer Name = Andrew-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:50:49 PM on 12/14/2009 was unexpected.


< End of report >


My computer recently got a virus I think. When I try and run a scan with McAfee, the computer freezes. Also, it takes a long time to turn on and continually pauses when loaded. What steps can I take to see if I have a virus? The computer still works in Safemode for now. Hope someone can help.


REPLY:


Hello

Please follow the instructions listed here in the Malware Removal Guide. If that does not work post in the Malware removal forum and the experts will assist you.

Thanks
Germando
  • 0

Advertisements

#2
poplawsk
Posted 14 December 2009 - 09:11 PM

poplawsk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
McAfee keeps breaking at C:\windows\system32\wsdmon.dll
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP