Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware/Virus?

Started by Isabel.reyes2 , Mar 29 2010 09:14 PM

Please log in to reply

#1
Isabel.reyes2

Posted 29 March 2010 - 09:14 PM

Member

Member
12 posts

Hello, I have a laptop using Windows 7. Some applications are unable to open and Norton Anti-virus tells me someone continuously attempts to intrude the computer and "logs" in. It may be causing Microsoft Word to not function properly, too. I will post the MBAM from several weeks ago (that was when a suspicious file was found). I couldn't run GMER, though. I really appreciate the help!

OTL logfile created on: 3/29/2010 10:48:53 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Isabel Reyes\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 36.82 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
Drive D: | 397.30 Gb Total Space | 369.35 Gb Free Space | 92.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ISABELREYES-PC
Current User Name: Isabel Reyes
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/29 22:45:42 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Isabel Reyes\Downloads\OTL.exe
PRC - [2009/12/09 05:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\17.5.0.127\ccsvchst.exe
PRC - [2009/07/21 20:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- D:\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/06 22:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/05/20 20:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/20 20:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/04 17:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
PRC - [2009/05/04 17:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
PRC - [2008/12/18 02:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

========== Modules (SafeList) ==========

MOD - [2010/03/29 22:45:42 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Isabel Reyes\Downloads\OTL.exe
MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/25 16:15:16 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/10/04 23:33:00 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/09/21 13:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/09/21 13:03:06 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2009/09/21 13:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/07/01 06:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2008/12/18 02:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009/12/22 20:58:42 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/12/09 05:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe -- (NAV)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/23 04:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/05/20 20:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/04 17:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010/03/22 22:30:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\plugins

[2010/03/01 15:09:16 | 000,000,000 | ---D | M] -- C:\Users\Isabel Reyes\AppData\Roaming\Mozilla\Extensions
[2010/03/01 15:09:16 | 000,000,000 | ---D | M] -- C:\Users\Isabel Reyes\AppData\Roaming\Mozilla\Firefox\Profiles\d2v4i3si.default\extensions

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.5.0.127\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellComms] C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/29 22:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/03/29 22:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipSE
[2010/03/29 22:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Self-Extractor
[2010/03/29 20:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/03/29 20:09:44 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/03/29 20:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/03/29 20:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/03/29 20:02:27 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/03/28 18:32:57 | 000,000,000 | ---D | C] -- C:\Users\Isabel Reyes\AppData\Roaming\Tific
[2010/03/28 18:32:56 | 000,000,000 | ---D | C] -- C:\Users\Isabel Reyes\AppData\Local\Symantec
[2010/03/28 10:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2010/03/27 18:35:28 | 000,000,000 | ---D | C] -- C:\Users\Isabel Reyes\Documents\OneNote Notebooks
[2010/03/22 22:31:47 | 000,000,000 | ---D | C] -- C:\Users\Isabel Reyes\Documents\Symantec
[2010/03/22 22:30:45 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/03/22 22:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/03/22 22:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/03/22 22:30:32 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\cchpx64.sys
[2010/03/22 22:30:32 | 000,504,880 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\srtsp64.sys
[2010/03/22 22:30:32 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\symtdiv.sys
[2010/03/22 22:30:32 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\symds64.sys
[2010/03/22 22:30:32 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\symefa64.sys
[2010/03/22 22:30:32 | 000,148,528 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\ironx64.sys
[2010/03/22 22:30:32 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\srtspx64.sys
[2010/03/22 22:30:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F
[2010/03/22 22:29:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2010/03/22 22:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2010/03/22 22:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/03/16 12:57:28 | 000,000,000 | ---D | C] -- C:\Users\Isabel Reyes\AppData\Roaming\Malwarebytes
[2010/03/16 12:57:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/16 12:57:21 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/16 12:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/22 11:01:16 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Isabel Reyes\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 14 Days ==========

[2010/03/29 22:51:20 | 001,310,720 | -HS- | M] () -- C:\Users\Isabel Reyes\NTUSER.DAT
[2010/03/29 22:34:04 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-743007355-2876945642-380048850-1000UA.job
[2010/03/29 22:23:41 | 001,114,868 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\Cat.DB
[2010/03/29 21:58:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/29 21:58:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/29 21:55:54 | 000,000,507 | ---- | M] () -- C:\Users\Isabel Reyes\Desktop\NTREGOPT.lnk
[2010/03/29 21:55:54 | 000,000,494 | ---- | M] () -- C:\Users\Isabel Reyes\Desktop\ERUNT.lnk
[2010/03/29 21:51:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/29 21:50:47 | 000,341,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/29 21:50:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/29 21:50:21 | 3061,215,232 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/29 21:48:59 | 003,767,935 | -H-- | M] () -- C:\Users\Isabel Reyes\AppData\Local\IconCache.db
[2010/03/29 21:16:03 | 000,079,152 | ---- | M] () -- C:\Users\Isabel Reyes\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/29 20:48:13 | 000,002,693 | ---- | M] () -- C:\Users\Isabel Reyes\Desktop\Microsoft Word.lnk
[2010/03/29 20:00:05 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/29 20:00:05 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/29 20:00:05 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/29 15:36:24 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/29 00:40:21 | 000,001,930 | ---- | M] () -- C:\Users\Isabel Reyes\AppData\Roaming\wklnhst.dat
[2010/03/27 23:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-743007355-2876945642-380048850-1000Core.job
[2010/03/24 20:34:43 | 000,002,250 | ---- | M] () -- C:\Users\Isabel Reyes\Desktop\Google Chrome.lnk
[2010/03/23 17:43:23 | 008,653,312 | ---- | M] (Dell, Inc. ) -- C:\Users\Isabel Reyes\AppData\Roaming\DataSafeDotNet.exe
[2010/03/22 22:30:42 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/03/22 22:30:42 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/03/22 22:30:42 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/03/22 22:30:36 | 000,002,430 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/03/16 20:00:13 | 000,000,886 | ---- | M] () -- C:\Users\Isabel Reyes\Desktop\Mozilla Firefox.lnk
[2010/03/16 19:59:34 | 000,001,048 | ---- | M] () -- C:\Users\Isabel Reyes\Desktop\CCleaner.lnk
[2010/03/16 12:57:26 | 000,000,558 | ---- | M] () -- C:\Users\Public\Desktop\Malware Bytes.lnk

========== Files Created - No Company Name ==========

[2010/03/29 21:55:54 | 000,000,507 | ---- | C] () -- C:\Users\Isabel Reyes\Desktop\NTREGOPT.lnk
[2010/03/29 21:55:54 | 000,000,494 | ---- | C] () -- C:\Users\Isabel Reyes\Desktop\ERUNT.lnk
[2010/03/29 20:48:13 | 000,002,693 | ---- | C] () -- C:\Users\Isabel Reyes\Desktop\Microsoft Word.lnk
[2010/03/22 22:30:47 | 001,114,868 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\Cat.DB
[2010/03/22 22:30:45 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/03/22 22:30:45 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/03/22 22:30:36 | 000,002,430 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/03/22 22:30:32 | 000,007,787 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\symnetv64.cat
[2010/03/22 22:30:32 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\srtspx64.cat
[2010/03/22 22:30:32 | 000,007,412 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\symefa64.cat
[2010/03/22 22:30:32 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\srtsp64.cat
[2010/03/22 22:30:32 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\symds64.cat
[2010/03/22 22:30:32 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\iron.cat
[2010/03/22 22:30:32 | 000,007,368 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\symnet64.cat
[2010/03/22 22:30:32 | 000,007,345 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\cchpx64.cat
[2010/03/22 22:30:32 | 000,003,374 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\symefa.inf
[2010/03/22 22:30:32 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\symds.inf
[2010/03/22 22:30:32 | 000,001,840 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\cchpx64.inf
[2010/03/22 22:30:32 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\symnetv.inf
[2010/03/22 22:30:32 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\symnet.inf
[2010/03/22 22:30:32 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\srtsp64.inf
[2010/03/22 22:30:32 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\srtspx64.inf
[2010/03/22 22:30:32 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\iron.inf
[2010/03/22 22:30:32 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1105000.07F\isolate.ini
[2010/03/16 20:00:13 | 000,000,886 | ---- | C] () -- C:\Users\Isabel Reyes\Desktop\Mozilla Firefox.lnk
[2010/03/16 19:59:34 | 000,001,048 | ---- | C] () -- C:\Users\Isabel Reyes\Desktop\CCleaner.lnk
[2010/03/16 12:57:26 | 000,000,558 | ---- | C] () -- C:\Users\Public\Desktop\Malware Bytes.lnk
[2010/02/23 17:00:15 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/21 17:31:58 | 000,004,608 | ---- | C] () -- C:\Users\Isabel Reyes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/21 16:36:34 | 000,001,930 | ---- | C] () -- C:\Users\Isabel Reyes\AppData\Roaming\wklnhst.dat
[2009/12/23 12:34:15 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/12/23 12:34:15 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/10/29 22:06:24 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/10/29 22:06:24 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/02/23 16:40:46 | 000,000,000 | ---D | M] -- C:\Users\Isabel Reyes\AppData\Roaming\acccore
[2010/03/01 09:37:22 | 000,000,000 | ---D | M] -- C:\Users\Isabel Reyes\AppData\Roaming\EPSON
[2010/02/22 12:21:55 | 000,000,000 | ---D | M] -- C:\Users\Isabel Reyes\AppData\Roaming\Leadertech
[2010/02/23 17:03:51 | 000,000,000 | ---D | M] -- C:\Users\Isabel Reyes\AppData\Roaming\NVD
[2010/03/29 19:44:59 | 000,000,000 | ---D | M] -- C:\Users\Isabel Reyes\AppData\Roaming\SoftGrid Client
[2010/02/21 16:38:24 | 000,000,000 | ---D | M] -- C:\Users\Isabel Reyes\AppData\Roaming\Template
[2010/03/28 18:32:57 | 000,000,000 | ---D | M] -- C:\Users\Isabel Reyes\AppData\Roaming\Tific
[2010/03/29 22:38:54 | 000,000,000 | ---D | M] -- C:\Users\Isabel Reyes\AppData\Roaming\TP
[2009/07/14 01:08:49 | 000,032,384 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/13 21:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/13 21:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
< End of report >

_______________________________________________________________________________________________________

OTL Extras logfile created on: 3/29/2010 10:48:53 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Isabel Reyes\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 36.82 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
Drive D: | 397.30 Gb Total Space | 369.35 Gb Free Space | 92.96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ISABELREYES-PC
Current User Name: Isabel Reyes
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Isabel Reyes\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java™ 6 Update 16 (64-bit)
"{3E12E400-C29C-4DF2-BF9E-B1981C5BB0F9}" = Intel® Wireless Display
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{949E81C4-5D94-4783-B054-B73119159C53}" = Intel® PROSet/Wireless WiFi Software
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"EPSON WorkForce 600 Series" = EPSON WorkForce 600 Series Printer Uninstall
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}" = Dell Communications (Support Software)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Complete Care Consumer Service Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AIM_7" = AIM 7
"Dell Webcam Central" = Dell Webcam Central
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NAV" = Norton AntiVirus
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/28/2010 7:36:35 PM | Computer Name = IsabelReyes-PC | Source = Application Virtualization Client | ID = 6096
Description =

Error - 3/29/2010 12:09:46 AM | Computer Name = IsabelReyes-PC | Source = Application Virtualization Client | ID = 6096
Description =

Error - 3/29/2010 12:09:46 AM | Computer Name = IsabelReyes-PC | Source = Application Virtualization Client | ID = 6096
Description =

Error - 3/29/2010 3:21:11 PM | Computer Name = IsabelReyes-PC | Source = Application Virtualization Client | ID = 6096
Description =

Error - 3/29/2010 3:21:11 PM | Computer Name = IsabelReyes-PC | Source = Application Virtualization Client | ID = 6096
Description =

Error - 3/29/2010 3:25:49 PM | Computer Name = IsabelReyes-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Microsoft Office Client Virtualization Handler'
could not be shut down.

Error - 3/29/2010 3:26:08 PM | Computer Name = IsabelReyes-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Application or service 'Application Virtualization Client' could not
be restarted.

Error - 3/29/2010 3:26:08 PM | Computer Name = IsabelReyes-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Application or service 'Client Virtualization Handler' could not be
restarted.

Error - 3/29/2010 3:26:08 PM | Computer Name = IsabelReyes-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Application or service 'Office Software Protection Platform' could
not be restarted.

Error - 3/29/2010 3:26:08 PM | Computer Name = IsabelReyes-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Application or service 'Application Virtualization Service Agent'
could not be restarted.

[ System Events ]
Error - 3/27/2010 5:56:59 PM | Computer Name = IsabelReyes-PC | Source = Serial | ID = 393252
Description = While validating that \Device\Serial0 was really a serial port, the
contents of the divisor latch register was identical to the interrupt enable and
the receive registers. The device is assumed not to be a serial port and will be
deleted.

Error - 3/28/2010 11:49:56 AM | Computer Name = IsabelReyes-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 3/28/2010 1:02:14 PM | Computer Name = IsabelReyes-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 3/28/2010 2:11:08 PM | Computer Name = IsabelReyes-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 3/28/2010 2:55:14 PM | Computer Name = IsabelReyes-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 3/28/2010 3:34:34 PM | Computer Name = IsabelReyes-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 3/28/2010 7:34:39 PM | Computer Name = IsabelReyes-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 3/28/2010 9:02:03 PM | Computer Name = IsabelReyes-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 3/28/2010 9:02:07 PM | Computer Name = IsabelReyes-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{5800E4D4-E1B5-44D5-988A-8DC4EFB9C859}
because another computer on the network has the same name. The server could not
start.

Error - 3/28/2010 9:02:03 PM | Computer Name = IsabelReyes-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

< End of report >

________________________________________________________________________________________

Malwarebytes' Anti-Malware 1.44
Database version: 3873
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/16/2010 1:03:42 PM
mbam-log-2010-03-16 (13-03-42).txt

Scan type: Quick Scan
Objects scanned: 101226
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#2
emeraldnzl

Posted 29 March 2010 - 09:54 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello Isabel.reyes2

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop
Double click the setup file to run it
Accept the agreement
A pop up window will appear.
On the Autoscan panel check all items
Click on Start Scan
When finished (this can take some time... just be patient and let it do its job) click the Report button
Click the + button left top to expand the critical events
Highlight Ctrl A and copy Ctrl C
Save to Notepad Ctrl V

Copy and past the report back here.

Click exit to uninstall Kaspersky AVP. Click yes to the prompts to complete the process.

Note: This tool will self uninstall when you click Exit so please save the log before closing it.

#3
Isabel.reyes2

Posted 30 March 2010 - 11:17 AM

Member

Topic Starter
Member
12 posts

Hello, this is the report:

Autoscan: completed 9 minutes ago (events: 14, objects: 279939, time: 02:08:18)
3/30/2010 10:59:05 AM Task started
3/30/2010 11:56:50 AM Detected: Trojan-Downloader.Java.Agent.ax D:\ISABELREYES-PC\Backup Set 2010-02-24 211841\Backup Files 2010-03-15 213255\Backup files 1.zip/C\Users\Isabel Reyes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7d3ddcb6-335ba356/dev/s/AdgredY.class
3/30/2010 11:57:06 AM Detected: Trojan-Downloader.Java.Agent.ax D:\ISABELREYES-PC\Backup Set 2010-03-22 214802\Backup Files 2010-03-22 214802\Backup files 1.zip/C\Users\Isabel Reyes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7d3ddcb6-335ba356/dev/s/AdgredY.class
3/30/2010 12:00:11 PM Deleted: Trojan-Downloader.Java.Agent.ax D:\ISABELREYES-PC\Backup Set 2010-02-24 211841\Backup Files 2010-03-15 213255\Backup files 1.zip/C\Users\Isabel Reyes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7d3ddcb6-335ba356/dev/s/AdgredY.class
3/30/2010 12:00:15 PM Detected: Trojan-Downloader.Java.Agent.ax D:\ISABELREYES-PC\Backup Set 2010-02-24 211841\Backup Files 2010-03-15 213255\Backup files 1.zip/C\Users\Isabel Reyes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7d3ddcb6-335ba356/dev/s/DyesyasZ.class
3/30/2010 12:00:24 PM Deleted: Trojan-Downloader.Java.Agent.ax D:\ISABELREYES-PC\Backup Set 2010-02-24 211841\Backup Files 2010-03-15 213255\Backup files 1.zip/C\Users\Isabel Reyes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7d3ddcb6-335ba356/dev/s/DyesyasZ.class
3/30/2010 12:00:29 PM Detected: Trojan-Downloader.Java.Agent.ax D:\ISABELREYES-PC\Backup Set 2010-02-24 211841\Backup Files 2010-03-15 213255\Backup files 1.zip/C\Users\Isabel Reyes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7d3ddcb6-335ba356/dev/s/LoaderX.class
3/30/2010 12:00:35 PM Deleted: Trojan-Downloader.Java.Agent.ax D:\ISABELREYES-PC\Backup Set 2010-03-22 214802\Backup Files 2010-03-22 214802\Backup files 1.zip/C\Users\Isabel Reyes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7d3ddcb6-335ba356/dev/s/AdgredY.class
3/30/2010 12:00:40 PM Detected: Trojan-Downloader.Java.Agent.ax D:\ISABELREYES-PC\Backup Set 2010-03-22 214802\Backup Files 2010-03-22 214802\Backup files 1.zip/C\Users\Isabel Reyes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7d3ddcb6-335ba356/dev/s/DyesyasZ.class
3/30/2010 12:00:42 PM Deleted: Trojan-Downloader.Java.Agent.ax D:\ISABELREYES-PC\Backup Set 2010-02-24 211841\Backup Files 2010-03-15 213255\Backup files 1.zip/C\Users\Isabel Reyes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7d3ddcb6-335ba356/dev/s/LoaderX.class
3/30/2010 12:00:45 PM Deleted: Trojan-Downloader.Java.Agent.ax D:\ISABELREYES-PC\Backup Set 2010-03-22 214802\Backup Files 2010-03-22 214802\Backup files 1.zip/C\Users\Isabel Reyes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7d3ddcb6-335ba356/dev/s/DyesyasZ.class
3/30/2010 12:00:50 PM Detected: Trojan-Downloader.Java.Agent.ax D:\ISABELREYES-PC\Backup Set 2010-03-22 214802\Backup Files 2010-03-22 214802\Backup files 1.zip/C\Users\Isabel Reyes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7d3ddcb6-335ba356/dev/s/LoaderX.class
3/30/2010 12:00:54 PM Deleted: Trojan-Downloader.Java.Agent.ax D:\ISABELREYES-PC\Backup Set 2010-03-22 214802\Backup Files 2010-03-22 214802\Backup files 1.zip/C\Users\Isabel Reyes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7d3ddcb6-335ba356/dev/s/LoaderX.class
3/30/2010 1:07:23 PM Task completed

#4
emeraldnzl

Posted 30 March 2010 - 01:05 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello Isabel.reyes2,

Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

Click on the Upload button
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Next

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Commands
[emptyflash]
[emptytemp]
[resethosts]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

So when you return please post
Virscan report
OTL fix log
and tell me how your computer is now

#5
Isabel.reyes2

Posted 30 March 2010 - 03:11 PM

Member

Topic Starter
Member
12 posts

Hello, I did the tests. I noticed Norton continuously says C:/WINDOWS/SYSTEM32CONHOST.EXE had "unauthorized access logged (Access Process Data)." Should I be concerned?

VirSCAN.org Scanned Report :
Scanned time : 2010/03/30 17:09:21 (EDT)
Scanner results: Scanners did not find malware!
File Name : PanDhcpDns.exe
File Size : 315664 byte
File Type : PE32+ executable for MS Windows (console)
MD5 : d285d0539016be299a55ff997b44da33
SHA1 : f6029c2655a010cfa9f82ee4d8354a7ec9de0504
Online report : http://virscan.org/r...cce8ea347e.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100330223420 2010-03-30 0.08 -
AhnLab V3 2010.03.30.06 2010.03.30 2010-03-30 0.08 -
AntiVir 8.2.1.204 7.10.6.5 2010-03-30 0.25 -
Antiy 2.0.18 20100330.4116242 2010-03-30 0.12 -
Arcavir 2009 201003300340 2010-03-30 0.03 -
Authentium 5.1.1 201003301555 2010-03-30 1.27 -
AVAST! 4.7.4 100330-1 2010-03-30 0.02 -
AVG 8.5.720 271.1.1/2779 2010-03-30 0.25 -
BitDefender 7.81008.5555192 7.31022 2010-03-30 3.51 -
ClamAV 0.95.3 10666 2010-03-30 0.05 -
Comodo 3.13.579 4442 2010-03-30 0.08 -
CP Secure 1.3.0.5 2010.03.30 2010-03-30 0.08 -
Dr.Web 5.0.2.3300 2010.03.31 2010-03-31 6.21 -
F-Prot 4.4.4.56 20100330 2010-03-30 1.25 -
F-Secure 7.02.73807 2010.03.30.17 2010-03-30 0.17 -
Fortinet 4.0.14 11.638 2010-03-30 0.08 -
GData 19.10907/19.854 20100330 2010-03-30 0.08 -
ViRobot 20100330 2010.03.30 2010-03-30 0.08 -
Ikarus T3.1.01.80 2010.03.30.75513 2010-03-30 5.43 -
JiangMin 13.0.900 2010.03.30 2010-03-30 0.08 -
Kaspersky 5.5.10 2010.03.30 2010-03-30 0.13 -
KingSoft 2009.2.5.15 2010.3.30.20 2010-03-30 0.11 -
McAfee 5.3.00 5936 2010-03-30 3.86 -
Microsoft 1.5605 2010.03.30 2010-03-30 0.08 -
Norman 6.04.10 6.04.00 2010-03-30 6.01 -
Panda 9.05.01 2010.03.30 2010-03-30 0.08 -
Trend Micro 9.120-1004 6.960.10 2010-03-30 0.03 -
Quick Heal 10.00 2010.03.30 2010-03-30 0.08 -
Rising 20.0 22.41.01.03 2010-03-30 0.08 -
Sophos 3.05.4 4.51 2010-03-31 3.82 -
Sunbelt 3.9.2412.2 6117 2010-03-30 0.08 -
Symantec 1.3.0.24 20100329.002 2010-03-29 0.10 -
nProtect 20100330.01 7873424 2010-03-30 0.08 -
The Hacker 6.5.2.0 v00248 2010-03-30 0.08 -
VBA32 3.12.12.2 20100330.0816 2010-03-30 2.74 -
VirusBuster 4.5.11.10 10.122.22/2012387 2010-03-30 2.42 -
_____________________________________________________________________________________________________

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Isabel Reyes
->Flash cache emptied: 1151 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Isabel Reyes
->Temp folder emptied: 399037 bytes
->Temporary Internet Files folder emptied: 4295201 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32552994 bytes
->Google Chrome cache emptied: 12144125 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 494 bytes

Total Files Cleaned = 47.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.37.3 log created on 03302010_164740

Files\Folders moved on Reboot...
C:\Users\Isabel Reyes\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#6
Isabel.reyes2

Posted 30 March 2010 - 03:13 PM

Member

Topic Starter
Member
12 posts

Sorry it's C:/WINDOWS/SYSTEM32/CONHOST.EXE

#7
emeraldnzl

Posted 30 March 2010 - 03:23 PM

GeekU Instructor

GeekU Moderator
20,051 posts

I noticed Norton continuously says C:/WINDOWS/SYSTEM32CONHOST.EXE had "unauthorized access logged (Access Process Data)

I think you mean C:/WINDOWS/SYSTEM32/CONHOST.EXE

My guess is that this is a false positive from Norton. Conhost.exe is part of Windows 7... this link might be of interest to you:

http://superuser.com...-is-conhost-exe

A number of anti-malware programs have picked it up as a virus. You might mention it to Norton as a user of their product.

How is your machine now?

#8
emeraldnzl

Posted 30 March 2010 - 03:27 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Oh, I see we cross posted there.

You have confirmed it's C:/WINDOWS/SYSTEM32/CONHOST.EXE

#9
Isabel.reyes2

Posted 30 March 2010 - 03:31 PM

Member

Topic Starter
Member
12 posts

It's working fine now. Thank you very much for all your help! Have a great day!

#10
emeraldnzl

Posted 30 March 2010 - 03:37 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello again Isabel.reyes2,

I think your machine is clean.

Now

We have a couple of last steps to perform and then you're all set. Posted Image

Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
Click on the CleanUp! button
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. Erunt can also be uninstalled via the add/remove programs utility, for some though, it may be a useful backup program to hold on to.

Next, we need to clean your restore points and set a new one:

Please go here for directions on how to do this. You need to turn System Protection off to delete all old restore points, reboot and then turn System Protection back on to create a new restore point.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

Download from here Java Runtime Environment (JDK) Update
Scroll to where it says
Windows 7/XP/Vista/2000/2003/2008 Offline (32-bit)
or if you have a 64bit machine
Windows 7/XP/Vista/2003/2008 (64-bit)

download and follow the instructions to install.

Reboot your computer.
You also need to uininstall older versions of Java.

Click Start > Control Panel > Programs
Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program:

TFC

--------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* Consider using an alternate browser.

Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known.

Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Addblock Plus is a good Add-on for Firefox. It helps stop popups.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some suggestions you can look at:

It is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > Automatic Updates
* Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
* Click Apply then OK.
And to keep your system clean, consider choosing from these free malware scanners.

Update and run weekly.

Be aware of what emails you open and websites you visit.

An antivirus program is essential.

Here are a three good anti-virus programs to choose from (these are also free for personal use):

Avast
AVIRA Note: AVIRA free comes with adware that promotes their paid for version each time it updates.
Microsoft Security Essientials Note: MSE can conflict with other anti-malware programs. Go here for a resolution - the guide is for MBAM but the same instructions apply for other programs. This one also works well with Windows Firewall without downloading another Firewall.

A firewall is essential to help prevent hackers from infiltrating your computer.

Here are two good firewalls free for personal use:

Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Go here for some good advice about how to prevent infection.