Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unidentified malware on Admin user account

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Unidentified malware on Admin user account

Unread postby helpintoledo » August 10th, 2010, 9:53 am

ATF Cleaner ran without issue. However, GMER crashed in the middle of run. Adding screenshot.
You do not have the required permissions to view the files attached to this post.
helpintoledo
Regular Member
 
Posts: 52
Joined: February 24th, 2010, 9:39 pm
Advertisement
Register to Remove

Re: Unidentified malware on Admin user account

Unread postby helpintoledo » August 10th, 2010, 9:53 am

One note here, I disabled NAV again (I have been disbaling it for 5 hours at a time) prior to running GMER. So that should not have conflicted.
helpintoledo
Regular Member
 
Posts: 52
Joined: February 24th, 2010, 9:39 pm

Re: Unidentified malware on Admin user account

Unread postby Dakeyras » August 10th, 2010, 1:48 pm

Hi. :)

Try booting up into Safe Mode and rerun GMER again please.

If not sure how to boot-up into the aforementioned Safe Mode, instructions can be read here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Unidentified malware on Admin user account

Unread postby helpintoledo » August 10th, 2010, 9:28 pm

Gmer... safe mode:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-10 21:24:04
Windows 6.0.6002 Service Pack 2
Running: ubxot9vs.exe; Driver: C:\Users\MARKYO~1\AppData\Local\Temp\kwpdraoc.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\fastfat \Fat 805E4A7A

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
helpintoledo
Regular Member
 
Posts: 52
Joined: February 24th, 2010, 9:39 pm

Re: Unidentified malware on Admin user account

Unread postby Dakeyras » August 11th, 2010, 1:15 am

Hi. :)

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start >> All Programs >>ERUNT >> Right-click on ERUNT and select Run as Administrator.

  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
  • System registry
  • Current user registry
  • Next click on OK
  • When the Question pop-up appears click on Yes
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper


When completed the above, please post back the following in the order asked for:

  • How is the computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Unidentified malware on Admin user account

Unread postby helpintoledo » August 11th, 2010, 7:27 pm

I am having a problem running ComboFix. It hangs after completing the system restore point. The last message in the command window is "attempting to create a system restore point" , but this continues to display even after the restore point console complets. I have left it running and am awaiting advise. I did hard boot once and this is the second attempt. In between I attempted safe mode and it failed entirely.
helpintoledo
Regular Member
 
Posts: 52
Joined: February 24th, 2010, 9:39 pm

Re: Unidentified malware on Admin user account

Unread postby Dakeyras » August 11th, 2010, 7:36 pm

You should have left it alone the first time and it would have completed eventually.

OK just let ComboFix be and in the event it does not complete for a protracted period of time open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then ComboFix should continue.

If that happened please inform myself which process you had to end in your next reply, thank you. :)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Unidentified malware on Admin user account

Unread postby helpintoledo » August 11th, 2010, 8:07 pm

It is still running, none of the mentioned processes were present. What should I do next?
You do not have the required permissions to view the files attached to this post.
helpintoledo
Regular Member
 
Posts: 52
Joined: February 24th, 2010, 9:39 pm

Re: Unidentified malware on Admin user account

Unread postby helpintoledo » August 11th, 2010, 8:09 pm

Not sure what happened to the picture, but it does list all the running processes.
helpintoledo
Regular Member
 
Posts: 52
Joined: February 24th, 2010, 9:39 pm

Re: Unidentified malware on Admin user account

Unread postby helpintoledo » August 11th, 2010, 8:20 pm

One more note, I just stopped the iTunesHelper process successfully via TaskMan, but then tried the GoogleToolbarNotifier, and got an access denied error. Everything else I have left just as it is in the picture.
helpintoledo
Regular Member
 
Posts: 52
Joined: February 24th, 2010, 9:39 pm

Re: Unidentified malware on Admin user account

Unread postby helpintoledo » August 11th, 2010, 8:22 pm

Also, I failed to mention, I left it running the first time nearly 2 hours, and the only movement it made was in the first 3 minutes. I had to go to work and did not want to leave it running the entire day ground to a halt as it was.
helpintoledo
Regular Member
 
Posts: 52
Joined: February 24th, 2010, 9:39 pm

Re: Unidentified malware on Admin user account

Unread postby Dakeyras » August 12th, 2010, 5:12 am

Hi. :)

Be prepared we may have to consider a reformat and reinstallation of the Windows operating system as only so much I can advise without physical access to a machine.

Anyway I am going to ask for a different scan so I can in turn work out what exactly is going on with this machine at this point in time as follows.

Scan with OTL:

  • Please download OTL and save it to your Desktop.
Make sure that OTL.exe is on the your Desktop before running the application!
  • Close all other open windows, then right-click OTL.exe and select Run as Administrator to start the application.
  • Under Output, ensure that Minimal Output is selected.
  • Under the Standard Registry box change it to All
  • Check the following:
      Scan all users.
      Lop check.
      Purity check
  • Copy the text in the code box below and paste it into the Custom Scans/Fixes box:
    Code: Select all
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg 
    %systemroot%\*.jpg 
    %systemroot%\*.png 
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav 
    %PROGRAMFILES%|bak;true;false;false /fp
    %systemroot%\system32|bak;true;false;false /fp
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x 
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click Quick Scan in upper left of window.
  • When the scan is finished, two Notepad files will open:
      OTListIt.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these two Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is the computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Unidentified malware on Admin user account

Unread postby helpintoledo » August 12th, 2010, 7:33 am

PC is running well again, no sluggishness noted yesterday. No new issues.
helpintoledo
Regular Member
 
Posts: 52
Joined: February 24th, 2010, 9:39 pm

Re: Unidentified malware on Admin user account

Unread postby helpintoledo » August 12th, 2010, 7:34 am

OTL logfile created on: 8/12/2010 6:50:10 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Mark Young\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,021.00 Mb Total Physical Memory | 515.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 89.05 Gb Free Space | 59.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARK-CADB77FA37
Current User Name: Mark Young
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Mark Young\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
PRC - C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
PRC - C:\Windows\System32\dlcxcoms.exe ( )


========== Modules (SafeList) ==========

MOD - C:\Users\Mark Young\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Norton AntiVirus) -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
SRV - (dlcx_device) -- C:\Windows\System32\dlcxcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys File not found
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys File not found
DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys File not found
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\NAV\1002000.007\SYMREDRV.SYS File not found
DRV - (SYMDNS) -- C:\Windows\System32\drivers\NAV\1002000.007\SYMDNS.SYS File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100811.040\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100811.040\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\NAV\1008000.029\ccHPx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100809.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NAV\1008000.029\SRTSP.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NAV\1008000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\NAV\1008000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {2731C719-B8C5-4282-993D-B5AD0E77531D} - C:\Program Files\MapQuest Toolbar\mqtb.dll (MapQuest)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1214440339-1935655697-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-1214440339-1935655697-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1214440339-1935655697-725345543-1003\..\URLSearchHook: {2731C719-B8C5-4282-993D-B5AD0E77531D} - C:\Program Files\MapQuest Toolbar\mqtb.dll (MapQuest)
IE - HKU\S-1-5-21-1214440339-1935655697-725345543-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1214440339-1935655697-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214440339-1935655697-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/11 17:44:25 | 000,000,000 | ---D | M]

[2010/04/04 19:20:34 | 000,000,000 | ---D | M] -- C:\Users\Mark Young\AppData\Roaming\Mozilla\Firefox\Profiles\ycu092w0.default\extensions
[2009/10/08 16:19:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark Young\AppData\Roaming\Mozilla\Firefox\Profiles\ycu092w0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/08 17:01:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/21 20:43:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/06/18 03:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: ([2010/08/08 21:40:15 | 000,000,021 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (MapQuest Toolbar Loader) - {E34F0E11-AB79-487c-9773-36C594DFF5AA} - C:\Program Files\MapQuest Toolbar\mqtb.dll (MapQuest)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MapQuest Toolbar) - {57ABF0DD-577C-4ec6-855C-8DC29768C2B0} - C:\Program Files\MapQuest Toolbar\mqtb.dll (MapQuest)
O3 - HKU\S-1-5-21-1214440339-1935655697-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1214440339-1935655697-725345543-1003\..\Toolbar\WebBrowser: (MapQuest Toolbar) - {57ABF0DD-577C-4EC6-855C-8DC29768C2B0} - C:\Program Files\MapQuest Toolbar\mqtb.dll (MapQuest)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1214440339-1935655697-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Julie Young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Marissa Young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Mark Young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles File not found
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1214440339-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: &MapQuest Toolbar Search - C:\ProgramData\MapQuest Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_57E73FA0B01DF7F6.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll File not found
O24 - Desktop BackupWallPaper: C:\Users\Mark Young\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a3b1b1e6-224d-11dd-9871-0019d106f861}\Shell - "" = AutoRun
O33 - MountPoints2\{a3b1b1e6-224d-11dd-9871-0019d106f861}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/12 06:46:28 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Mark Young\Desktop\OTL.exe
[2010/08/11 19:59:17 | 000,000,000 | ---D | C] -- C:\Users\Mark Young\AppData\Local\Apple
[2010/08/11 19:06:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/11 19:06:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/11 07:12:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/11 07:12:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/11 07:12:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/11 07:11:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/11 07:03:41 | 000,000,000 | ---D | C] -- C:\Users\Mark Young\AppData\Local\Apple Computer
[2010/08/09 19:09:53 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\fsbl.exe
[2010/08/08 20:58:05 | 000,000,000 | ---D | C] -- C:\Users\Mark Young\AppData\Roaming\Malwarebytes
[2010/08/08 20:07:48 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/08/08 20:06:00 | 000,520,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mark Young\Desktop\OTM.exe
[2010/08/08 20:00:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/08 19:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/08 19:54:12 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Mark Young\Desktop\erunt-setup.exe
[2010/08/08 18:17:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/04 22:43:09 | 000,000,000 | ---D | C] -- C:\rsit
[2010/07/28 19:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/28 19:03:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/28 19:03:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/28 19:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/28 19:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/26 22:14:25 | 000,000,000 | ---D | C] -- C:\Users\Mark Young\AppData\Local\Symantec
[2010/07/20 09:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/17 15:34:30 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010/07/17 15:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/07/15 11:04:09 | 000,310,320 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1008000.029\SymEFA.sys
[2010/07/15 11:04:09 | 000,217,136 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1008000.029\symtdi.sys
[2010/07/15 11:04:09 | 000,089,904 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1008000.029\symfw.sys
[2010/07/15 11:04:09 | 000,048,688 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1008000.029\symndisv.sys
[2010/07/15 11:04:09 | 000,036,400 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1008000.029\symndis.sys
[2010/07/15 11:04:09 | 000,033,072 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1008000.029\symids.sys
[2010/07/15 11:04:08 | 000,308,272 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1008000.029\srtsp.sys
[2010/07/15 11:04:08 | 000,259,632 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1008000.029\BHDrvx86.sys
[2010/07/15 11:04:08 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1008000.029\srtspx.sys
[2010/07/15 11:03:36 | 000,482,432 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1008000.029\cchpx86.sys
[2010/07/15 11:03:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1008000.029
[2010/07/15 10:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2010/07/15 10:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations Meijer
[2010/07/15 10:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations Meijer
[2010/07/14 17:48:03 | 000,025,648 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2010/07/14 17:47:53 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/07/14 17:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/07/14 17:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/07/14 17:47:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2010/07/14 17:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010/07/14 17:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/07/13 16:16:51 | 000,000,000 | ---D | C] -- C:\Users\Mark Young\AppData\Local\swbjxyfqp
[2010/05/21 22:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/01/30 16:04:14 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2006/10/11 17:52:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2006/10/11 17:51:16 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2006/10/11 17:41:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/12 06:51:42 | 002,080,310 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1008000.029\Cat.DB
[2010/08/12 06:48:46 | 003,407,872 | -HS- | M] () -- C:\Users\Mark Young\ntuser.dat
[2010/08/12 06:42:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mark Young\Desktop\OTL.exe
[2010/08/12 06:01:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/12 04:57:31 | 000,002,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/12 04:57:31 | 000,002,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/12 00:01:41 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/08/11 19:05:55 | 003,816,460 | R--- | M] () -- C:\Users\Mark Young\Desktop\ComboFix.exe
[2010/08/11 19:00:05 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/08/11 18:57:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/11 18:57:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/11 18:57:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/11 18:57:22 | 1071,558,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/11 18:56:52 | 000,524,288 | -HS- | M] () -- C:\Users\Mark Young\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/11 18:56:52 | 000,065,536 | -HS- | M] () -- C:\Users\Mark Young\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/10 06:51:24 | 000,293,376 | ---- | M] () -- C:\Users\Mark Young\Desktop\ubxot9vs.exe
[2010/08/09 22:38:03 | 000,000,273 | ---- | M] () -- C:\Users\Mark Young\Desktop\Dakeyras.bat
[2010/08/09 19:05:42 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\fsbl.exe
[2010/08/08 21:40:15 | 000,000,021 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/08 20:01:48 | 000,520,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mark Young\Desktop\OTM.exe
[2010/08/08 19:58:26 | 000,000,733 | ---- | M] () -- C:\Users\Mark Young\Desktop\NTREGOPT.lnk
[2010/08/08 19:58:26 | 000,000,714 | ---- | M] () -- C:\Users\Mark Young\Desktop\ERUNT.lnk
[2010/08/08 19:22:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Mark Young\Desktop\erunt-setup.exe
[2010/08/08 15:06:15 | 000,715,876 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/08 15:06:15 | 000,612,592 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/08 15:06:15 | 000,107,654 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/04 10:05:14 | 000,339,991 | ---- | M] () -- C:\Users\Mark Young\Desktop\RSIT.exe
[2010/08/04 10:05:02 | 000,869,051 | ---- | M] () -- C:\Users\Mark Young\Desktop\SecurityCheck.exe
[2010/07/28 19:03:11 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 22:56:20 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/07/20 22:56:20 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/07/20 19:03:13 | 003,407,872 | -HS- | M] () -- C:\Users\Mark Young\ntuser.dat_previous
[2010/07/20 19:03:13 | 000,070,656 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2010/07/17 16:30:04 | 000,002,125 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/07/17 15:52:13 | 000,767,928 | ---- | M] () -- C:\Windows\BDTSupport.dll.old
[2010/07/15 11:04:11 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/07/15 11:04:11 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/07/15 11:04:11 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/07/15 11:03:37 | 000,482,432 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1008000.029\cchpx86.sys
[2010/07/15 11:03:35 | 000,001,562 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1008000.029\SymNetV.inf
[2010/07/15 11:03:35 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1008000.029\isolate.ini
[2010/07/15 11:03:34 | 000,009,412 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1008000.029\symnetv.cat
[2010/07/15 10:52:46 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations Meijer.lnk
[2010/07/13 16:32:45 | 000,002,305 | ---- | M] () -- C:\Users\Mark Young\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/11 03:32:17 | 000,273,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/09 09:41:18 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/06/07 20:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010/05/20 15:47:31 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/11 18:57:22 | 1071,558,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/11 07:12:05 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/11 07:12:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/11 07:12:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/11 07:12:05 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/11 07:12:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/11 07:06:20 | 003,816,460 | R--- | C] () -- C:\Users\Mark Young\Desktop\ComboFix.exe
[2010/08/10 06:56:58 | 000,293,376 | ---- | C] () -- C:\Users\Mark Young\Desktop\ubxot9vs.exe
[2010/08/09 22:32:44 | 000,000,273 | ---- | C] () -- C:\Users\Mark Young\Desktop\Dakeyras.bat
[2010/08/08 19:58:26 | 000,000,733 | ---- | C] () -- C:\Users\Mark Young\Desktop\NTREGOPT.lnk
[2010/08/08 19:58:26 | 000,000,714 | ---- | C] () -- C:\Users\Mark Young\Desktop\ERUNT.lnk
[2010/08/04 22:39:08 | 000,869,051 | ---- | C] () -- C:\Users\Mark Young\Desktop\SecurityCheck.exe
[2010/08/04 22:39:06 | 000,339,991 | ---- | C] () -- C:\Users\Mark Young\Desktop\RSIT.exe
[2010/07/28 19:03:10 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/17 16:36:06 | 002,080,310 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1008000.029\Cat.DB
[2010/07/17 15:34:32 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/07/15 11:04:09 | 000,009,402 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1008000.029\SymNet.cat
[2010/07/15 11:04:09 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1008000.029\SymEFA.inf
[2010/07/15 11:04:09 | 000,001,561 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1008000.029\SymNet.inf
[2010/07/15 11:04:08 | 000,007,431 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1008000.029\SymEFA.cat
[2010/07/15 11:04:08 | 000,007,429 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1008000.029\srtspx.cat
[2010/07/15 11:04:08 | 000,007,425 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1008000.029\srtsp.cat
[2010/07/15 11:04:08 | 000,007,400 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1008000.029\BHDrvx86.CAT
[2010/07/15 11:04:08 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1008000.029\ccHPx86.cat
[2010/07/15 11:04:08 | 000,001,752 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1008000.029\ccHPx86.inf
[2010/07/15 11:04:08 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1008000.029\srtspx.inf
[2010/07/15 11:04:08 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1008000.029\srtsp.inf
[2010/07/15 11:04:08 | 000,000,640 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1008000.029\BHDrvx86.inf
[2010/07/15 11:03:35 | 000,001,562 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1008000.029\SymNetV.inf
[2010/07/15 11:03:35 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1008000.029\isolate.ini
[2010/07/15 11:03:34 | 000,009,412 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1008000.029\symnetv.cat
[2010/07/15 10:52:46 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations Meijer.lnk
[2010/07/14 17:47:53 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/07/14 17:47:53 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/07/14 17:47:50 | 000,002,125 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/05/20 15:47:31 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/22 17:30:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/13 15:41:39 | 000,000,153 | ---- | C] () -- C:\Windows\ACROREAD.INI
[2009/01/30 16:04:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2009/01/30 16:04:46 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2009/01/30 16:04:14 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2008/08/05 17:33:51 | 000,000,202 | ---- | C] () -- C:\Windows\DLCS.INI
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/28 10:31:44 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2006/10/20 20:07:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2006/10/20 20:06:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2006/10/20 20:03:28 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2006/10/20 19:57:40 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2006/10/20 19:56:52 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2006/10/20 19:55:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2006/10/20 19:54:42 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2006/10/20 19:48:38 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2006/10/20 19:46:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2006/09/22 07:42:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006/09/06 06:13:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006/04/24 15:09:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2006/03/19 19:03:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll

========== LOP Check ==========

[2008/07/03 16:16:49 | 000,000,000 | ---D | M] -- C:\Users\Mark Young\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/05 15:05:41 | 000,000,000 | ---D | M] -- C:\Users\Mark Young\AppData\Roaming\Fisher-Price
[2008/05/12 21:19:27 | 000,000,000 | ---D | M] -- C:\Users\Mark Young\AppData\Roaming\LimeWire
[2006/11/02 09:09:53 | 000,000,484 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/05/01 00:08:56 | 000,000,353 | -HS- | M] () -- C:\Boot.BAK
[2008/05/01 01:17:42 | 000,000,353 | RHS- | M] () -- C:\Boot.ini.saved
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/05/01 01:17:42 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/08/09 22:25:38 | 003,399,726 | ---- | M] () -- C:\fsbl-20100809232244.log
[2010/08/09 19:05:42 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\fsbl.exe
[2010/08/11 18:57:22 | 1071,558,656 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/29 23:49:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/04/29 23:49:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/10 07:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/08/11 18:57:19 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/04/23 22:59:17 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/20 01:33:28 | 000,117,760 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\dlcxdrpp.dll
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/12/18 13:53:41 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/05/01 01:17:28 | 006,619,136 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/05/01 01:17:27 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/05/01 01:17:28 | 000,045,056 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/05/01 01:17:38 | 015,683,584 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/05/01 01:17:40 | 006,053,888 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%|bak;true;false;false /fp >

< %systemroot%\system32|bak;true;false;false /fp >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-04 07:01:43

========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
helpintoledo
Regular Member
 
Posts: 52
Joined: February 24th, 2010, 9:39 pm

Re: Unidentified malware on Admin user account

Unread postby helpintoledo » August 12th, 2010, 7:35 am

OTL Extras logfile created on: 8/12/2010 6:50:10 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Mark Young\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,021.00 Mb Total Physical Memory | 515.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 89.05 Gb Free Space | 59.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARK-CADB77FA37
Current User Name: Mark Young
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" File not found
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5D135B54-AA4E-420C-83B5-ABB0C2DE2760}" = rport=1723 | protocol=6 | dir=out | app=system |
"{7840A4E0-1737-40BF-96CF-D75FDC179805}" = lport=1723 | protocol=6 | dir=in | app=system |
"{8B57AB9F-0A4E-423B-8D43-EC701A7C9240}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AA7D0A25-856A-4E73-A191-BA279BCB1897}" = rport=1701 | protocol=17 | dir=out | app=system |
"{B37D7558-D55C-4F29-AA75-06E382C10213}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D18B35AA-0A8B-414B-90AA-3D8BEAB51E5D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DB37C272-4086-48CA-8EFC-3FEA672C1BCA}" = lport=1701 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13B41013-BA11-46C5-A002-8A561C07097B}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{2778F335-782D-4BA1-B493-04667CC58941}" = protocol=6 | dir=out | app=system |
"{325B0B25-5471-490F-9AEA-7F80CD3B42AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{36907F77-8573-42A1-ABE5-795871580369}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{3E7316DE-2880-480A-8900-183E778F5E62}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4B1B504B-6EF7-4A75-8B8E-21F403C68F39}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{50503D14-742D-4171-815B-4BAF949B0CA1}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{798BAD0B-5851-4672-A16B-23C1C67B118D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{86C3B76E-5120-4410-AD6D-B12A0FD6B202}" = protocol=6 | dir=out | app=%systemroot%\system32\msra.exe |
"{8C541136-9EF6-4B47-9F6A-B7E2A3773BA2}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{8C648375-F83F-433E-AD98-EEDE68C56DD6}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{B266503E-9355-4577-9EA7-1FA143B58CD9}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{B38BC7E6-4B7E-4019-A235-F756D0B573E8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B3F659E2-957D-40E7-A2E4-ABA2B2E16D41}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B9FC1EF8-3A7C-454F-948E-8746099C9959}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BFFE5315-331C-4495-9979-C3E5E5E8E737}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{C45BF14C-8850-46A5-B3EB-F3EA73ED6AFB}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{C62536EA-3A78-4AB6-8464-4368CFBDDECF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E7980EBF-1231-4DD1-B652-5D5BB2F3D6D5}" = protocol=6 | dir=in | app=%systemroot%\system32\msra.exe |
"{E9559B3B-4200-4A6D-8F98-C184C3001F99}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{46D3AB67-49A4-4F38-A636-B5C997346450}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{7CF6E87B-1E48-42DA-A8E0-AA992A0AC686}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{94DB016A-ED15-4762-99EE-3B796E62EC6B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{F94BC1AB-C1DD-4756-89AC-DD8EC7EB491B}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3374B4A6-5595-4667-882D-755ABE093806}" = Lyra Jukebox Applications
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{896D642C-7125-44F0-AC49-A23ABF82209C}" = CDBurnerXP Pro 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D16248-E39A-46A4-8CBD-0DAE9C7444B4}" = MSN Toolbar
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{C3AC8DD1-A754-46D6-A777-6155D627D196}" = My Fantasy Wedding
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"360Share Pro" = 360Share Pro(remove only)
"Adobe Acrobat Reader 3.0" = Adobe Acrobat Reader 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"FamilyRC" = Fisher-Price® Ready for School Family Resource Center
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations Meijer" = HP Photo Creations Meijer
"KG_1.0" = Kindergarten v1.0
"Kinder32" = Fisher-Price® Ready for School Kindergarten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapQuest Toolbar" = MapQuest Toolbar for Internet Explorer
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NAV" = Norton AntiVirus
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"VLC media player" = VideoLAN VLC media player 0.8.6c

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1214440339-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/8/2010 8:16:50 PM | Computer Name = mark-cadb77fa37 | Source = Application Error | ID = 1000
Description = Faulting application OTM.exe, version 3.1.15.0, time stamp 0x2a425e19,
faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7, exception
code 0xc0000005, fault offset 0x00004665, process id 0x9dc, application start time
0x01cb3756c5d5873f.

Error - 8/9/2010 10:38:39 PM | Computer Name = mark-cadb77fa37 | Source = VSS | ID = 12289
Description =

Error - 8/9/2010 10:39:27 PM | Computer Name = mark-cadb77fa37 | Source = VSS | ID = 12289
Description =

Error - 8/10/2010 7:01:17 AM | Computer Name = mark-cadb77fa37 | Source = Application Error | ID = 1000
Description = Faulting application ubxot9vs.exe, version 1.0.15.15281, time stamp
0x4b2763f0, faulting module ubxot9vs.exe, version 1.0.15.15281, time stamp 0x4b2763f0,
exception code 0xc0000005, fault offset 0x0000c4b1, process id 0x8d8, application
start time 0x01cb387b01d5d701.

Error - 8/10/2010 6:51:55 PM | Computer Name = mark-cadb77fa37 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 8/10/2010 6:54:38 PM | Computer Name = mark-cadb77fa37 | Source = Perflib | ID = 1008
Description = The Open Procedure for service "BITS" in DLL "C:\Windows\system32\bitsperf.dll"
failed. Performance data for this service will not be available. The first four
bytes (DWORD) of the Data section contains the error code.

Error - 8/10/2010 6:54:38 PM | Computer Name = mark-cadb77fa37 | Source = Perflib | ID = 1010
Description = The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll"
generated an exception or returned an invalid status. The performance data returned
by the counter DLL will not be returned in the Perf Data Block. The first four
bytes (DWORD) of the Data section contains the exception code or status code.

Error - 8/10/2010 6:54:38 PM | Computer Name = mark-cadb77fa37 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service performance object. The first four
bytes (DWORD) of the Data section contains the status code.

Error - 8/10/2010 6:54:38 PM | Computer Name = mark-cadb77fa37 | Source = PerfNet | ID = 2002
Description = Unable to open the Redirector service performance object. The first
four bytes (DWORD) of the Data section contains the status code.

Error - 8/11/2010 6:55:05 PM | Computer Name = mark-cadb77fa37 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ Media Center Events ]
Error - 5/30/2008 3:40:43 PM | Computer Name = mark-cadb77fa37 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 11:18:51 AM | Computer Name = mark-cadb77fa37 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 7:47:21 AM | Computer Name = mark-cadb77fa37 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/7/2009 9:34:48 PM | Computer Name = mark-cadb77fa37 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/9/2009 1:33:33 PM | Computer Name = mark-cadb77fa37 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 9:27:43 AM | Computer Name = mark-cadb77fa37 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/6/2009 3:29:16 PM | Computer Name = mark-cadb77fa37 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/2/2009 9:27:43 PM | Computer Name = mark-cadb77fa37 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/16/2009 7:30:14 PM | Computer Name = mark-cadb77fa37 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 4:02:00 PM | Computer Name = mark-cadb77fa37 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/11/2010 6:55:07 PM | Computer Name = mark-cadb77fa37 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service fdPHost with
arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

Error - 8/11/2010 6:55:07 PM | Computer Name = mark-cadb77fa37 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service netman with
arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 8/11/2010 6:55:07 PM | Computer Name = mark-cadb77fa37 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service netprofm with
arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

Error - 8/11/2010 6:55:07 PM | Computer Name = mark-cadb77fa37 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/11/2010 6:55:07 PM | Computer Name = mark-cadb77fa37 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/11/2010 6:55:41 PM | Computer Name = mark-cadb77fa37 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/11/2010 6:55:42 PM | Computer Name = mark-cadb77fa37 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Error - 8/11/2010 6:55:42 PM | Computer Name = mark-cadb77fa37 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 8/11/2010 6:55:43 PM | Computer Name = mark-cadb77fa37 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/11/2010 6:59:15 PM | Computer Name = mark-cadb77fa37 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon


< End of report >
helpintoledo
Regular Member
 
Posts: 52
Joined: February 24th, 2010, 9:39 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware