Hi there and thanks for replying
virustotal
File 311B811D000BCA4A286F0239A424B700D965AECE.exe received on 2010.03.02 06:16:00 (UTC)
Current status: finished
Result: 27/41 (65.85%)
Compact Print results Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.02 Trojan.Win32.Tibs!IK
AhnLab-V3 5.0.0.2 2010.02.28 -
AntiVir 8.2.1.176 2010.03.01 SPR/Credalert
Antiy-AVL 2.0.3.7 2010.03.02 Backdoor/Win32.Frauder.gen
Authentium 5.2.0.5 2010.03.02 -
Avast 4.8.1351.0 2010.03.01 Win32:Small-ET
AVG 9.0.0.730 2010.03.01 Downloader.Generic9.ACFU
BitDefender 7.2 2010.03.02 -
CAT-QuickHeal 10.00 2010.03.01 Backdoor.Frauder.bxn
ClamAV 0.96.0.0-git 2010.03.02 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.02 BackDoor.Siggen.7741
eSafe 7.0.17.0 2010.03.01 -
eTrust-Vet 35.2.7334 2010.03.01 Win32/DesktopDefender2010.A
F-Prot 4.5.1.85 2010.03.01 -
F-Secure 9.0.15370.0 2010.03.02 -
Fortinet 4.0.14.0 2010.02.28 -
GData 19 2010.03.02 Win32:Small-ET
Ikarus T3.1.1.80.0 2010.03.02 Trojan.Win32.Tibs
Jiangmin 13.0.900 2010.03.02 Backdoor/Frauder.bmp
K7AntiVirus 7.10.986 2010.03.01 -
Kaspersky 7.0.0.125 2010.03.02 Backdoor.Win32.Frauder.bxn
McAfee 5907 2010.03.01 Generic Downloader.x!dco
McAfee+Artemis 5907 2010.03.01 Generic Downloader.x!dco
McAfee-GW-Edition 6.8.5 2010.03.02 Heuristic.LooksLike.Win32.Trojan.H
Microsoft 1.5502 2010.03.01 TrojanDownloader:Win32/FakeRean
NOD32 4907 2010.03.02 probably a variant of Win32/TrojanDownloader.FakeAlert.DR
Norman 6.04.08 2010.03.01 -
nProtect 2009.1.8.0 2010.03.02 Backdoor/W32.Frauder.141312
Panda 10.0.2.2 2010.03.01 Adware/RichVideoCodec
PCTools 7.0.3.5 2010.03.02 Adware.CWSIEFeats
Prevx 3.0 2010.03.02 Medium Risk Malware
Rising 22.37.01.03 2010.03.02 Trojan.Win32.Generic.51F9E9A6
Sophos 4.50.0 2010.03.02 -
Sunbelt 5716 2010.03.01 Trojan-Downloader.Win32.Femad.gen
Symantec 20091.2.0.41 2010.03.02 Adware.CWSIEFeats
TheHacker 6.5.1.7.218 2010.03.02 Backdoor/Frauder.bxn
TrendMicro 9.120.0.1004 2010.03.02 -
VBA32 3.12.12.2 2010.03.01 Backdoor.Win32.Frauder.bxn
ViRobot 2010.3.2.2207 2010.03.02 -
VirusBuster 5.0.27.0 2010.03.01 Backdoor.Frauder.DWY
Additional information
File size: 141312 bytes
MD5 : 6cabb3e42e712d74b0f8766dece7ccc1
SHA1 : 097ffc358f82b6a7aaebaf19042a31e4beb8c2a9
SHA256: 2b593609ae9a96c8d0654bd794712d0b1a37e6e04112706dadf69db39407499b
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0xA5FE
timedatestamp.....: 0x4B580996 (Thu Jan 21 09:00:22 2010)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10AA1 0x10C00 6.53 fe8779ac2b20ea793d03185b00ab48bb
.rdata 0x12000 0x44DC 0x4600 4.52 eb9dc0083877ab689e950904f2cc5125
.data 0x17000 0x2B38 0x1400 3.20 8781cdb433cbbac80875f621765dbd58
.rsrc 0x1A000 0xBC30 0xBE00 5.91 e362ff79381042c030861caaffb3fa89
( 9 imports )
> advapi32.dll: RegDeleteValueW, RegCreateKeyW, RegSetValueExW, RegOpenKeyExW, RegEnumKeyExW, RegQueryValueExW, RegCloseKey
> kernel32.dll: WriteFile, lstrcatW, MoveFileW, DeleteFileW, GetTempFileNameW, CreateFileW, lstrcpyW, GetSystemDirectoryW, GetCurrentThreadId, GetLocalTime, Module32FirstW, CreateToolhelp32Snapshot, Process32NextW, Process32FirstW, GetVersionExW, FindClose, FindNextFileW, FindFirstFileW, GetSystemTimeAsFileTime, GetVolumeInformationA, GetDriveTypeA, HeapAlloc, GetProcessHeap, HeapFree, GetLongPathNameW, GetTempPathW, CopyFileW, Thread32Next, SuspendThread, ResumeThread, OpenThread, Thread32First, GetModuleFileNameW, GetModuleHandleW, WaitForSingleObject, CreateMutexW, ReadFile, SetFilePointer, GetFileSize, GetLastError, WideCharToMultiByte, Sleep, TerminateProcess, GetFullPathNameW, CreateProcessW, OpenMutexW, IsDebuggerPresent, GetSystemInfo, VirtualProtect, GetLocaleInfoA, GetStringTypeW, GetStringTypeA, GetCPInfo, GetOEMCP, GetACP, IsBadCodePtr, IsBadReadPtr, HeapSize, IsBadWritePtr, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetModuleFileNameA, GetFileType, GetStdHandle, SetHandleCount, GetTickCount, OpenProcess, CloseHandle, lstrlenW, LoadLibraryA, GetProcAddress, FreeLibrary, InitializeCriticalSection, SetStdHandle, FlushFileBuffers, QueryPerformanceCounter, GetCurrentProcessId, lstrcmpiA, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, UnhandledExceptionFilter, GetCurrentProcess, ExitProcess, LCMapStringW, MultiByteToWideChar, LCMapStringA, VirtualQuery, InterlockedExchange, SetUnhandledExceptionFilter, TlsGetValue, TlsSetValue, TlsFree, SetLastError, TlsAlloc, GetVersionExA, GetCommandLineA, GetStartupInfoA, RtlUnwind, RaiseException, GetModuleHandleA
> ole32.dll: CoCreateInstance, CoInitialize, CLSIDFromString
> psapi.dll: EnumProcesses, EnumProcessModules, GetModuleBaseNameW, GetDeviceDriverBaseNameW, EnumDeviceDrivers
> rpcrt4.dll: UuidCreate, UuidToStringW, RpcStringFreeW
> shell32.dll: SHGetSpecialFolderPathW, ShellExecuteW
> urlmon.dll: URLDownloadToCacheFileW
> user32.dll: CharLowerBuffW, GetKeyboardLayoutList, wvsprintfW, wsprintfW
> wininet.dll: InternetReadFile, HttpQueryInfoA, HttpQueryInfoW, InternetCloseHandle, InternetOpenUrlW, InternetOpenW, InternetQueryOptionW
( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 3072:nbYw/yr+ncW1Hje82qXUYlVQT+iHVs4+y:nbYw6CncW1dBQq6C
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Prevx Info:
http://info.prevx.com/aboutprogramtext. ... 00D965AECE PEiD : -
RDS : NSRL Reference Data Set
Rkill logs
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as User on 04/01/2010 at 10:00:22.
Processes terminated by Rkill or while it was running:
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\XU86TA7Z\rkill[1].exe
Rkill completed on 04/01/2010 at 10:00:25.
and heres the Otl
OTL logfile created on: 4/1/2010 10:05:59 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\User's Guide
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 630.00 Mb Available Physical Memory | 62.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 33.33 Gb Free Space | 44.72% Space Free | Partition Type: NTFS
Drive D: | 1.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DELLD600
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\User's Guide\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\ls26dgruqdesu.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - c:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (SafeList) ========== MOD - C:\User's Guide\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (WISTechVIDCAP) -- C:\WINDOWS\system32\drivers\wisgostrm.sys (WIS Technologies)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (PCX504) -- C:\WINDOWS\system32\drivers\PCX504.sys (Cisco Systems)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-436374069-926492609-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKU\S-1-5-21-436374069-926492609-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKU\S-1-5-21-436374069-926492609-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2009/01/31 15:03:50 | 000,000,783 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 91.207.117.244 browser-security.microsoft.com
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-436374069-926492609-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe File not found
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe File not found
O4 - HKLM..\Run: [Dell QuickSet] c:\program files\dell\quickset\quickset .exe .exe .exe File not found
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe File not found
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe File not found
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe File not found
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe File not found
O4 - HKLM..\Run: [ls26dgruqdesu] C:\WINDOWS\system32\ls26dgruqdesu.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Documents and Settings\User\Desktop\mbam-installer\explorer.exe File not found
O4 - HKLM..\Run: [QuickTime Task] c:\program files\quicktime\qttask .exe File not found
O4 - HKU\S-1-5-21-436374069-926492609-725345543-1003..\Run: [asr64_ldm.exe] C:\DOCUME~1\User\LOCALS~1\Temp\asr64_ldm.exe File not found
O4 - HKU\S-1-5-21-436374069-926492609-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-926492609-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://javadl-esd.sun.com/update/1.4.1/ ... s-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}
http://tools.ebayimg.com/eps/wl/activex ... 0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
http://java.sun.com/products/plugin/1.4 ... s-i586.cab (Java Plug-in 1.4.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (cru629.dat) - File not found
O20 - AppInit_DLLs: (lerosusi.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\komafubi.dll) - C:\WINDOWS\System32\komafubi.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\lukomowi.dll) - C:\WINDOWS\System32\lukomowi.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/11 09:09:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{aeb4abe7-cfdc-11de-b338-0014a422667f}\Shell - "" = AutoRun
O33 - MountPoints2\{aeb4abe7-cfdc-11de-b338-0014a422667f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aeb4abe7-cfdc-11de-b338-0014a422667f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/04/01 09:47:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/08 19:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/04 16:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\mbam-installer
[2010/03/04 06:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Dr. Guard
[2010/03/04 06:28:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\_VOIDjismqrxnkb
[2010/03/03 21:20:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/03 21:20:36 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/03 21:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/07 14:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/05 16:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/04/17 11:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2007/04/17 11:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2007/01/11 11:40:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/01/11 09:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/01/11 09:14:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/01/11 09:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/04/01 10:00:25 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\dihsvzwj.job
[2010/04/01 10:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/04/01 09:43:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/01 09:42:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/01 09:42:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/01 09:42:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/01 09:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/31 20:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/03/31 19:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/03/31 18:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/03/31 17:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/03/31 16:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/03/31 12:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/03/29 21:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/03/28 23:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/03/28 22:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/03/28 18:01:49 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2010/03/28 17:30:40 | 000,000,558 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/28 15:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/03/28 14:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/03/28 13:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/03/28 11:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/03/28 09:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/03/28 08:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/03/25 06:12:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/03/25 06:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/03/25 05:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/03/25 04:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/03/25 03:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/03/25 02:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/03/25 01:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/03/25 00:02:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/03/22 17:18:55 | 000,403,486 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/22 17:18:55 | 000,348,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/22 17:18:55 | 000,050,374 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/08 19:47:48 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2010/03/06 08:00:11 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/03/04 17:03:49 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\surerata
[2010/03/04 06:26:07 | 000,020,992 | ---- | M] () -- C:\WINDOWS\System32\bfro.fto
[2010/03/04 06:25:24 | 000,006,775 | ---- | M] () -- C:\Documents and Settings\User\.plugin141.trace
[2010/03/03 22:01:28 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\surerata
[2010/03/08 19:47:48 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/03/04 06:28:51 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/03/04 06:28:50 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/03/04 06:28:50 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/03/04 06:28:50 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/03/04 06:28:50 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/03/04 06:28:49 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/03/04 06:26:40 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\bfro.fto
[2010/03/03 21:20:43 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/27 18:24:46 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/09 23:00:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/04 11:39:52 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2007/01/12 08:15:16 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/01/12 08:15:15 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/01/11 11:06:19 | 000,000,394 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/01/11 09:58:36 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2007/01/11 09:18:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2004/08/04 05:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 05:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 05:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 05:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 05:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/11/15 10:13:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CInsX500.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\User\Desktop\User's Guide.pdf:SummaryInformation
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 4/1/2010 10:05:59 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\User's Guide
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 630.00 Mb Available Physical Memory | 62.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 33.33 Gb Free Space | 44.72% Space Free | Partition Type: NTFS
Drive D: | 1.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DELLD600
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe" = C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe:*:Enabled:ZCfgSvc -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DAFB84-2421-488F-B17D-102FF53396AA}" = Ulead DVD Player
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76BB7B2D-748F-4AE9-89C3-78C051833EA1}" = OpenOffice.org 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2C1E44-7685-4D05-8342-B0DC6422FA47}" = Ulead Straight-to-Disc SDK
"{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}" = Ulead VideoStudio 9.0 SE DVD
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A4526249-944F-4108-B686-A435B4A62BA5}" = TI_Inst
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CD0159C9-17FB-11D6-A76A-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ADS Tech Master Installer V3.8" = ADS Tech Master Installer V3.8
"ADS Tech V3.8 DVD Xpress DX2 CapWiz" = ADS Tech V3.8 DVD Xpress DX2 CapWiz
"After Dark Games" = After Dark Games
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"Dr. Guard" = Dr. Guard
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{A4526249-944F-4108-B686-A435B4A62BA5}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"Java Web Start" = Java Web Start
"MainApp.exe_is1" = BlazeDVDCopy 4.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"Product_Name" = Impossible Golf
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickTime" = QuickTime
"Sierra Utilities" = Sierra Utilities
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-436374069-926492609-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 2/27/2010 8:23:48 PM | Computer Name = DELLD600 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2/27/2010 8:29:41 PM | Computer Name = DELLD600 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/1/2010 7:05:01 PM | Computer Name = DELLD600 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/4/2010 7:26:19 AM | Computer Name = DELLD600 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/5/2010 7:45:57 PM | Computer Name = DELLD600 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/5/2010 8:00:14 PM | Computer Name = DELLD600 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18876, fault address 0x00085b7c.
Error - 3/22/2010 6:39:05 PM | Computer Name = DELLD600 | Source = Google Update | ID = 20
Description =
Error - 3/22/2010 10:13:13 PM | Computer Name = DELLD600 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server returned an invalid or unrecognized response
Error - 3/23/2010 5:04:55 PM | Computer Name = DELLD600 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server returned an invalid or unrecognized response
Error - 3/23/2010 7:20:48 PM | Computer Name = DELLD600 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server returned an invalid or unrecognized response
[ System Events ]
Error - 4/1/2010 10:26:10 AM | Computer Name = DELLD600 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding
Error - 4/1/2010 10:43:20 AM | Computer Name = DELLD600 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep
Error - 4/1/2010 10:43:52 AM | Computer Name = DELLD600 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding
Error - 4/1/2010 10:44:04 AM | Computer Name = DELLD600 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding
Error - 4/1/2010 10:46:32 AM | Computer Name = DELLD600 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 4/1/2010 10:46:32 AM | Computer Name = DELLD600 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 4/1/2010 10:46:32 AM | Computer Name = DELLD600 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\DOCUME~1\User\LOCALS~1\Temp\RarSFX0\redist.dll.
Reference
error message: The operation completed successfully. .
Error - 4/1/2010 10:52:46 AM | Computer Name = DELLD600 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding
Error - 4/1/2010 10:52:46 AM | Computer Name = DELLD600 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding
Error - 4/1/2010 11:00:00 AM | Computer Name = DELLD600 | Source = Schedule | ID = 7901
Description = The At11.job command failed to start due to the following error: %%2147942402
< End of report >
Thanks again for helping,Justin