Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Closes & Auto updates wont turn on


  • This topic is locked This topic is locked
10 replies to this topic

#1 john1983

john1983

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 24 November 2009 - 04:22 PM

Hi there,

I have been receiving help from Garmanma in the "Am I infected? What do I do?" forum. I was asked to post in this forum as there were programs and custom scripts which might help but couldnt be used in the other forum. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/271048/ie-closes-auto-updates-wont-turn-on/ ~ OB

I seem to be having numerous problems with my Dell Inspiron 1525 laptop. Everytime I open IE it closes. It tries to reopen 3 times then crashes. I initially tried Ad-aware and Spybot and McAfee but the problem remained. I tried to get an online virus scanner but IE crashes before it can open. I tried to restore to factory settings but it wouldnt do this either and I cant seem to turn auto update on.


I've ran a number of scans on various programs as recommended and I have enclosed the logs below.
Logs listed are:

Rootrepeal
Win32kDiag
Eventlog
DDS/HJT log + attached zip log

Any help would be greatly appreciated.

Thanks,

John




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/15 16:51
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8B800000 Size: 892928 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA648B000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\ProgramData\Documents
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1249011a-cfd4-11de-b130-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{18f5041e-cbe1-11de-a3ce-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1e8d1f61-ca57-11de-abc4-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{26cb1ef4-c726-11de-aa69-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3949c8ac-9335-11de-8ba5-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3ddc505c-9407-11de-abf2-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6c62609a-98d5-11de-860e-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8a2b4b3b-9e2c-11de-846f-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{95d12b96-9086-11de-a79f-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9c8180a6-c719-11de-8414-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9c8180ba-c719-11de-8414-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a452bd34-b25a-11de-98a2-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a780edb1-bce3-11de-bb4a-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a780edc4-bce3-11de-bb4a-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b001f727-bc03-11de-b9f3-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b001f72f-bc03-11de-b9f3-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b001f739-bc03-11de-b9f3-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b001f745-bc03-11de-b9f3-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b8c437e2-bce1-11de-a80e-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c50d46fc-7f7b-11de-9819-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c5c7a649-88b4-11de-994f-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c89d858c-97ec-11de-bc1e-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{cb850ca9-90a4-11de-a804-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{dfa6dd6d-c73e-11de-af97-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{dfa6dd79-c73e-11de-af97-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fbad2054-9493-11de-a0d7-0015831368bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.XSL
Status: Locked to the Windows API!

Path: c:\windows\temp\mcafee_elsidmi3z8kshem
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Users\gary\Documents\My Music
Status: Locked to the Windows API!

Path: C:\Windows\PLA\Reports\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\Rules\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\System\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d21850
4d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe7680
6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df5
6e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f
59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.c
at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8
cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f2
1d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8d
d7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c
0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e
1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949
b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.c
at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.
cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a
620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.c
at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003
bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d
131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0ef
b442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0e
bd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11d
f268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_ab
ac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.
cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053
e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f3
9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea
1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddf
c6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b
5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.c
at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_b9851a92245b1b73\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_b9c9d6ad3dacfd87\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_bb08077221cc7808\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_bbf4f6033a9f4c2e\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_en-us_bd4ece0e1eaaafd1\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c
\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11
\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3
\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648
\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7c8b5cbf426fb0d2\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230_none_65bfcd5b5c1529e5\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.1638
6_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_33db43850c7307a2\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_34c832162545dbc8\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_2e6f68d711833115\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_2eb424f22ad51329\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_2ff255b70ef48daa\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_30df444827c761d0\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_c4f661e592b1c88e\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_c53b1e00ac03aaa2\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_c6794ec590232523\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_c7663d56a8f5f949\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_cab9e41b8efd69ed\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_cafea036a84f4c01\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_cc3cd0fb8c6ec682\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_cd29bf8ca5419aa8\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_f87832f6f02b1a0c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_f8bcef12097cfc20\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_f9fb1fd6ed9c76a1\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_74dcd7a292078251\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_752193bdab596465\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_765fc4828f78dee6\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_774cb313a84bb30c\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6000.16708_none_c29392a082f7409d\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.20864_none_24101549d032590a\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_fae80e68066f4ac7\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_c8512a7445976b57\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.16720_none_7081409dee51e2d7
\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.20883_none_59b9574207f427ca
\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.18111_none_705c2553eea3ef78
\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.22230_none_599095f00849688b
\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7cb07809421da431\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.20883_none_65e88ead5bbfe924\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_f49cbb9015dc43b3\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ddd4d2342f7e88a6\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_f477a046162e5054\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ddac10e22fd3c967\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_7ab8208b3397ed7d\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_7afcdca64ce9cf91\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_7c3b0d6b31094a12\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_7d27fbfc49dc1e38\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_807ba2c12fe38edc\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_80c05edc493570f0\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_81fe8fa12d54eb71\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_82eb7e324627bf97\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_c71adcbf2e98b7f5\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_c75f98da47ea9a09\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_c89dc99f2c0a148a\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_c98ab83044dce8b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.16708_none_9958372092944487\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.20864_none_999cf33babe6269b\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.18096_none_9adb24009005a11c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.22208_none_9bc81291a8d87542\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~2.INI
Status: Locked to the Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1276 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Handle [Index: 292, Type: UnknownType]
Process: unsecapp.exe (PID: 5348) Address: 0x846c1388 Size: -

Object: Hidden Handle [Index: 308, Type: UnknownType]
Process: unsecapp.exe (PID: 5348) Address: 0x86b91380 Size: -

==EOF==


Running from: C:\Users\gary\Desktop\Win32kDiag.exe

Log file at : C:\Users\gary\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-11-21 15:22:19 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-11-21 15:22:18 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-11-21 15:22:19 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-11-21 15:22:18 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2009-11-21 15:23:19 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()



Cannot access: C:\Windows\winsxs\Temp\PendingRenames\06c4c148f850ca01c7160000c80fec10.PresentationFontCache.cat

[1] 2009-10-19 20:11:03 7307 C:\Windows\winsxs\Temp\PendingRenames\06c4c148f850ca01c7160000c80fec10.PresentationFontCache.cat ()



Cannot access: C:\Windows\winsxs\Temp\PendingRenames\76635e47f850ca01c6160000c80fec10.GlobalUserInterface.CompositeFont

[1] 2009-10-19 20:11:01 37665 C:\Windows\winsxs\Temp\PendingRenames\76635e47f850ca01c6160000c80fec10.GlobalUserInterface.CompositeFont ()





Finished!













Volume in drive C is OS
Volume Serial Number is F2CD-2524

Directory of C:\Windows\System32

21/01/2008 02:24 177,152 scecli.dll

Directory of C:\Windows\System32

21/01/2008 02:24 592,384 netlogon.dll
2 File(s) 769,536 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12

21/01/2008 02:24 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e

11/04/2009 06:28 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857

21/01/2008 02:24 592,384 netlogon.dll
1 File(s) 592,384 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3

11/04/2009 06:28 592,896 netlogon.dll
1 File(s) 592,896 bytes

Total Files Listed:
6 File(s) 2,309,120 bytes
0 Dir(s) 177,831,878,656 bytes free












DDS (Ver_09-10-26.01) - NTFSx86
Run by gary at 21:55:23.31 on 22/11/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.44.1033.18.2037.1141 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\lxducoms.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\McAfee\MSK\mskagent.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\gary\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5081114
BHO: {089FD14D-132B-48FC-8861-0048AE113215} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptcl.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\gary\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-11-7 28552]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-11-13 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-11-5 210216]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-1 1153368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-14 111616]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2008-5-24 98984]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]

=============== Created Last 30 ================

2009-11-21 15:22:12 193820990 ----a-w- c:\windows\MEMORY.DMP
2009-11-15 16:30:51 0 d-----w- c:\users\gary\appdata\roaming\Malwarebytes
2009-11-15 16:30:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 16:30:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-15 16:30:44 0 d-----w- c:\programdata\Malwarebytes
2009-11-15 16:30:44 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 23:50:14 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-07 23:50:08 0 d-----w- c:\program files\Panda Security
2009-11-07 21:36:47 0 d-----w- c:\program files\CCleaner
2009-11-07 19:11:51 0 d-sh--w- C:\found.023
2009-11-05 22:11:35 0 d-----w- c:\programdata\SiteAdvisor
2009-11-05 22:11:05 319456 ----a-w- c:\windows\system32\difxapi.dll
2009-11-05 22:10:47 0 d-----w- C:\Intel
2009-11-05 22:10:46 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-11-02 19:29:59 7562 ----a-w- c:\windows\system32\Config.MPF
2009-11-02 19:28:30 143360 ----a-w- c:\windows\system32\dunzip32.dll
2009-11-02 19:27:53 37480 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-02 19:27:53 32008 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-02 19:27:52 71496 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-02 19:27:52 34184 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-02 19:27:52 170408 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-02 19:27:33 120360 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-02 19:27:11 0 d-----w- c:\program files\McAfee.com
2009-11-02 19:27:09 0 d-----w- c:\program files\common files\McAfee
2009-11-02 19:27:03 0 d-----w- c:\program files\McAfee
2009-11-02 18:55:07 0 d-----w- c:\users\gary\appdata\roaming\AVG8
2009-11-02 00:12:03 0 d-----w- c:\program files\ESET
2009-11-01 23:51:00 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 22:30:09 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-01 22:28:17 0 d-----w- c:\programdata\Lavasoft
2009-11-01 21:17:10 4370 ----a-w- c:\windows\wininit.ini
2009-11-01 20:48:37 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-01 20:48:37 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-01 20:42:11 0 d-----w- c:\program files\InterMute

==================== Find3M ====================

2009-11-05 22:11:45 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-05 22:11:45 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-05 22:11:40 86016 ----a-w- c:\windows\inf\infstor.dat
2009-08-28 12:39:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2008-11-14 07:14:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-11-14 07:03:03 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 21:55:59.90 ===============

Attached Files


Edited by Orange Blossom, 24 November 2009 - 05:29 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:55 PM

Posted 29 November 2009 - 03:46 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 john1983

john1983
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 01 December 2009 - 12:19 PM

Hi Myrti,

Thanks for getting back to me. I havent done anything accept what I have described in the original post to this forum. I have ran the OTL application as requested and I attach the 2 logs below.

Regards,

John



OTL logfile created on: 01/12/2009 16:54:21 - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\gary\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.90% Memory free
4.00 Gb Paging File | 2.91 Gb Available in Paging File | 72.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.28 Gb Total Space | 165.48 Gb Free Space | 75.12% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.44 Gb Free Space | 44.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GARY-PC
Current User Name: gary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/01 16:51:06 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\gary\Desktop\OTL.exe
PRC - [2009/06/04 19:03:32 | 00,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/10/29 06:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/26 14:58:12 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/26 14:58:10 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/07/15 10:12:48 | 01,226,024 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/07/03 12:29:10 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2008/07/03 12:29:08 | 03,563,520 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2008/07/03 12:28:16 | 02,654,208 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2008/06/23 12:45:42 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2008/05/30 01:04:45 | 00,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
PRC - [2008/05/30 01:04:41 | 00,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
PRC - [2008/05/24 00:58:34 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe
PRC - [2008/05/04 09:25:32 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 09:25:26 | 00,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 09:25:26 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 09:25:26 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/05/02 13:09:04 | 00,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/06 07:58:24 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/03/06 07:58:14 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/03/06 07:58:10 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/02/22 16:01:38 | 01,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/21 02:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 02:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/21 02:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/21 02:23:32 | 00,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/12/21 09:58:06 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 11:07:20 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 11:07:16 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/11/01 18:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/03/09 17:21:04 | 00,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/02/13 12:09:12 | 00,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
PRC - [2007/01/25 18:01:58 | 00,643,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/01/23 19:16:12 | 00,906,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPS\mps.exe
PRC - [2007/01/19 20:57:56 | 00,352,856 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/01/17 17:30:34 | 00,029,264 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/01/17 17:30:24 | 00,152,144 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\MSK\mskagent.exe
PRC - [2007/01/16 18:03:36 | 00,362,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2007/01/16 17:42:02 | 00,304,680 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPS\mpsevh.exe
PRC - [2007/01/15 11:25:22 | 00,248,416 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
PRC - [2006/12/22 16:02:26 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2006/11/03 17:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2009/12/01 16:51:06 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\gary\Desktop\OTL.exe
MOD - [2009/02/11 11:06:38 | 00,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/01/21 02:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/23 15:52:32 | 00,315,776 | ---- | M] (McAfee, Inc.) -- C:\Windows\Temp\0082451259686059mcinst.exe -- (0082451259686059mcinstcleanup) McAfee Application Installer Cleanup (0082451259686059)
SRV - [2009/06/04 19:03:06 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/13 22:53:35 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/26 14:58:12 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/07/03 12:29:10 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/06/23 12:45:42 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2008/05/24 00:58:34 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008/05/24 00:58:22 | 00,098,984 | ---- | M] () -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2008/05/02 13:09:04 | 00,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/03/24 06:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/01/21 02:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/11/12 11:07:20 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 11:07:16 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/03/09 17:21:04 | 00,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/02/13 12:09:12 | 00,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service)
SRV - [2007/01/25 18:01:58 | 00,643,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/01/23 19:16:12 | 00,906,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPS\mps.exe -- (MPS9)
SRV - [2007/01/19 20:57:56 | 00,352,856 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/01/17 17:30:34 | 00,029,264 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/01/16 18:03:36 | 00,362,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/01/15 11:25:22 | 00,248,416 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe -- (McRedirector)
SRV - [2007/01/12 16:13:24 | 00,341,584 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe -- (Emproxy)
SRV - [2006/12/22 16:02:26 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)


========== Driver Services (SafeList) ==========

DRV - [2009/06/30 10:37:16 | 00,028,552 | ---- | M] (Panda Security, S.L.) -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/04 18:43:16 | 00,330,264 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/07/03 12:28:42 | 01,207,288 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/07/03 12:28:02 | 00,018,424 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/23 12:45:44 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/06/23 12:45:40 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/06/23 12:45:40 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/06/23 12:45:40 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2008/06/23 12:45:38 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/05/04 09:25:24 | 00,164,400 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/03/06 07:58:44 | 00,111,616 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/06 07:58:12 | 02,016,256 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/21 02:24:49 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/01/21 02:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:23:25 | 00,220,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/21 02:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 02:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:23:21 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/21 02:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/14 02:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/11/12 11:07:28 | 00,330,240 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/29 05:31:54 | 00,278,528 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/06 16:35:16 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 16:35:14 | 00,039,936 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 16:35:12 | 00,042,496 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/11 03:10:50 | 00,034,704 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/05/09 01:59:40 | 00,036,496 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007/03/05 06:00:04 | 00,027,792 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/03/05 05:59:04 | 00,018,320 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/05 05:56:18 | 00,035,600 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/05 05:55:12 | 00,020,880 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007/03/05 05:53:18 | 00,044,304 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007/03/05 05:52:18 | 00,034,448 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2007/03/02 14:17:34 | 00,120,360 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006/12/22 16:02:40 | 00,071,496 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/12/22 16:02:34 | 00,170,408 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/12/22 16:02:34 | 00,037,480 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2006/12/22 16:02:34 | 00,034,184 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/12/22 16:02:34 | 00,032,008 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2006/11/02 09:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 06:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-443468265-3107721192-2443639074-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=5081114
IE - HKU\S-1-5-21-443468265-3107721192-2443639074-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-443468265-3107721192-2443639074-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-443468265-3107721192-2443639074-1000\S-1-5-21-443468265-3107721192-2443639074-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/01 16:47:36 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - No CLSID value found.
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-443468265-3107721192-2443639074-1000\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-443468265-3107721192-2443639074-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\mskagent.exe (McAfee Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-443468265-3107721192-2443639074-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{96505f97-7d32-11de-8acb-806e6f6e6963}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{96505fc1-7d32-11de-8acb-0015831368bd}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{d91038c1-7d2e-11de-9851-0015831368bd}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{f2a207a6-ea38-11dd-b236-00219bebd0dd}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008/01/21 02:23:31 | 00,013,312 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/01 16:50:51 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Users\gary\Desktop\OTL.exe
[2009/11/15 16:49:57 | 00,472,064 | ---- | C] ( ) -- C:\Users\gary\Desktop\RootRepeal.exe
[2009/11/15 16:30:51 | 00,000,000 | ---D | C] -- C:\Users\gary\AppData\Roaming\Malwarebytes
[2009/11/15 16:30:46 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/15 16:30:44 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/15 16:30:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/15 16:30:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/15 16:25:55 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\gary\Desktop\zztoy.exe.exe
[2009/11/07 23:50:14 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2009/11/07 23:50:08 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/11/07 21:36:47 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/11/07 19:11:51 | 00,000,000 | -HSD | C] -- C:\found.023
[2009/11/05 22:11:35 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/11/05 22:11:05 | 00,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2009/11/05 22:10:47 | 00,000,000 | ---D | C] -- C:\Intel
[2009/11/05 22:10:46 | 00,330,264 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys
[2009/11/05 22:10:42 | 00,000,000 | ---D | C] -- C:\Users\gary\AppData\Roaming\InstallShield
[2009/11/02 19:28:30 | 00,143,360 | ---- | C] (Inner Media, Inc.) -- C:\Windows\System32\dunzip32.dll
[2009/11/02 19:27:53 | 00,037,480 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys
[2009/11/02 19:27:53 | 00,032,008 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2009/11/02 19:27:52 | 00,170,408 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2009/11/02 19:27:52 | 00,071,496 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2009/11/02 19:27:52 | 00,034,184 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2009/11/02 19:27:33 | 00,120,360 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2009/11/02 19:27:11 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/11/02 19:27:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/11/02 19:27:03 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/11/02 18:55:07 | 00,000,000 | ---D | C] -- C:\Users\gary\AppData\Roaming\AVG8
[2009/11/02 00:12:03 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/01 23:51:00 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/11/01 22:30:09 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2009/11/01 22:28:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/11/01 21:14:24 | 77,086,488 | ---- | C] (Lavasoft ) -- C:\Users\gary\Desktop\Ad-AwareInstallation.exe
[2009/11/01 20:48:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/11/01 20:48:37 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/01 20:42:11 | 00,000,000 | ---D | C] -- C:\Program Files\InterMute
[2009/11/01 20:30:19 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\gary\Desktop\spybotsd162.exe
[2009/01/04 18:17:42 | 00,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2009/01/04 18:17:42 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2009/01/04 18:17:42 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2009/01/04 18:17:41 | 00,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2009/01/04 18:17:40 | 01,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2009/01/04 18:17:40 | 00,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2009/01/04 18:17:40 | 00,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2009/01/04 18:17:38 | 00,679,936 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2009/01/04 18:17:36 | 00,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2009/01/04 18:17:35 | 00,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[1 C:\Users\gary\AppData\Roaming\*.tmp files -> C:\Users\gary\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/01 16:54:36 | 03,670,016 | -HS- | M] () -- C:\Users\gary\NTUSER.DAT
[2009/12/01 16:51:06 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\gary\Desktop\OTL.exe
[2009/12/01 16:42:48 | 00,007,872 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/12/01 16:42:20 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/01 16:42:20 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/01 16:42:15 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/01 16:42:12 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/01 16:42:10 | 21,370,42944 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/24 21:24:29 | 00,524,288 | -HS- | M] () -- C:\Users\gary\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/24 21:24:29 | 00,065,536 | -HS- | M] () -- C:\Users\gary\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/24 21:23:44 | 02,823,048 | -H-- | M] () -- C:\Users\gary\AppData\Local\IconCache.db
[2009/11/22 21:58:05 | 00,001,442 | ---- | M] () -- C:\Users\gary\Desktop\Attach.zip
[2009/11/22 21:51:35 | 00,024,064 | ---- | M] () -- C:\Users\gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/21 16:42:57 | 00,047,616 | ---- | M] () -- C:\Users\gary\Desktop\Win32kDiag.exe
[2009/11/21 15:22:40 | 19,382,0990 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/15 16:50:42 | 00,000,000 | ---- | M] () -- C:\Users\gary\Desktop\settings.dat
[2009/11/15 16:30:48 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/15 16:26:48 | 00,472,064 | ---- | M] ( ) -- C:\Users\gary\Desktop\RootRepeal.exe
[2009/11/15 16:25:55 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\gary\Desktop\zztoy.exe.exe
[2009/11/08 14:34:34 | 00,000,554 | ---- | M] () -- C:\Users\gary\Documents\cc_20091108_143429.reg
[2009/11/07 23:38:36 | 00,000,622 | ---- | M] () -- C:\Users\gary\Documents\cc_20091107_233759.reg
[2009/11/07 21:51:13 | 00,015,820 | ---- | M] () -- C:\Users\gary\Documents\cc_20091107_215055.reg
[2009/11/07 21:36:48 | 00,001,672 | ---- | M] () -- C:\Users\gary\Desktop\CCleaner.lnk
[2009/11/07 19:19:10 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/11/05 22:07:37 | 00,000,104 | ---- | M] () -- C:\Users\gary\Desktop\Internet - Shortcut.lnk
[2009/11/02 19:33:56 | 00,000,350 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/11/02 19:33:56 | 00,000,348 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/11/02 19:29:25 | 00,000,813 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2009/11/02 18:10:41 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/02 18:10:41 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/02 18:10:41 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/01 22:30:06 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2009/11/01 21:17:29 | 00,004,370 | ---- | M] () -- C:\Windows\wininit.ini
[2009/11/01 21:14:28 | 77,086,488 | ---- | M] (Lavasoft ) -- C:\Users\gary\Desktop\Ad-AwareInstallation.exe
[2009/11/01 20:48:43 | 00,001,057 | ---- | M] () -- C:\Users\gary\Desktop\Spybot - Search & Destroy.lnk
[2009/11/01 20:42:11 | 00,001,867 | ---- | M] () -- C:\Users\gary\Desktop\CWShredder.lnk
[2009/11/01 20:30:20 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\gary\Desktop\spybotsd162.exe
[1 C:\Users\gary\AppData\Roaming\*.tmp files -> C:\Users\gary\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/22 21:58:05 | 00,001,442 | ---- | C] () -- C:\Users\gary\Desktop\Attach.zip
[2009/11/21 16:42:52 | 00,047,616 | ---- | C] () -- C:\Users\gary\Desktop\Win32kDiag.exe
[2009/11/21 15:22:12 | 19,382,0990 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/11/15 16:50:42 | 00,000,000 | ---- | C] () -- C:\Users\gary\Desktop\settings.dat
[2009/11/15 16:30:48 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/08 14:34:31 | 00,000,554 | ---- | C] () -- C:\Users\gary\Documents\cc_20091108_143429.reg
[2009/11/07 23:38:01 | 00,000,622 | ---- | C] () -- C:\Users\gary\Documents\cc_20091107_233759.reg
[2009/11/07 21:50:58 | 00,015,820 | ---- | C] () -- C:\Users\gary\Documents\cc_20091107_215055.reg
[2009/11/07 21:36:48 | 00,001,672 | ---- | C] () -- C:\Users\gary\Desktop\CCleaner.lnk
[2009/11/07 17:43:50 | 21,370,42944 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/07 17:08:43 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/11/05 22:07:37 | 00,000,104 | ---- | C] () -- C:\Users\gary\Desktop\Internet - Shortcut.lnk
[2009/11/02 19:29:59 | 00,007,872 | ---- | C] () -- C:\Windows\System32\Config.MPF
[2009/11/02 19:29:25 | 00,000,813 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2009/11/02 19:27:19 | 00,000,348 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2009/11/02 19:27:18 | 00,000,350 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2009/11/01 21:17:10 | 00,004,370 | ---- | C] () -- C:\Windows\wininit.ini
[2009/11/01 20:48:43 | 00,001,057 | ---- | C] () -- C:\Users\gary\Desktop\Spybot - Search & Destroy.lnk
[2009/11/01 20:42:11 | 00,001,867 | ---- | C] () -- C:\Users\gary\Desktop\CWShredder.lnk
[2009/09/10 17:17:58 | 00,000,276 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/05/15 15:05:32 | 00,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2009/01/04 18:52:24 | 00,000,260 | ---- | C] () -- C:\Users\gary\AppData\Roaming\wklnhst.dat
[2009/01/04 18:31:50 | 00,360,448 | ---- | C] () -- C:\Windows\System32\lxducoin.dll
[2009/01/04 18:26:38 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2009/01/04 18:23:55 | 01,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2009/01/04 18:23:55 | 00,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2009/01/04 18:23:55 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2009/01/04 18:21:31 | 00,000,044 | ---- | C] () -- C:\Windows\System32\lxdurwrd.ini
[2009/01/04 18:17:43 | 00,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2009/01/04 18:17:37 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2009/01/04 18:15:42 | 00,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2008/12/27 12:09:25 | 00,005,972 | ---- | C] () -- C:\Users\gary\AppData\Local\d3d9caps.dat
[2008/12/25 08:50:37 | 00,024,064 | ---- | C] () -- C:\Users\gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/14 07:14:36 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/11/14 07:14:36 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/11/14 07:14:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/11/14 07:14:36 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/11/14 07:14:36 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/11/14 07:14:33 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/11/13 22:39:24 | 00,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >








OTL Extras logfile created on: 01/12/2009 16:54:21 - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\gary\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.90% Memory free
4.00 Gb Paging File | 2.91 Gb Available in Paging File | 72.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.28 Gb Total Space | 165.48 Gb Free Space | 75.12% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.44 Gb Free Space | 44.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GARY-PC
Current User Name: gary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1401DFB2-2A5A-4435-954B-CC408A1F93CB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A433E5F-D151-46D4-8CE3-4B1297736A2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C9EF51-3882-4008-AD90-FAA5A2259913}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1E7A5CB5-0379-4E88-B8DE-65FB073CD3D9}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdupswx.exe |
"{2461BE33-5427-4297-BF80-40BB0A950153}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{26AFBEBF-ED78-4E5B-9992-D3A0387D48FE}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{354E3C8E-BD2F-4C5D-A7C8-61FC374A3055}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{43D8D275-2DA7-43CF-BB8F-6924B97EDECC}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{47B12F0C-8CFC-4C5B-A3C7-BF105D5A1F87}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{4B31B4DB-AF22-4C40-A02F-5A3B85344CB7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{5B5E4AC3-014A-4C5A-A1BC-16F91CDDBFB4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{666EF46C-5FBE-4E89-99A9-CF66378E4A04}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{73C33A49-7C0E-449F-B9DE-4517C88A4BF3}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{96840F69-31F5-4D9D-88A9-8B33B3FACA9C}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{B1605079-A8B8-4898-9507-02C3632C18A8}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{BCA63BB0-7346-4983-A5CE-879267C60251}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{BE3A1D3C-5B4A-46B5-A293-43ECCEF46B20}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{C101C914-720B-4020-A5FD-16E3AEAB71C2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdupswx.exe |
"{C7864930-7916-42C5-B2AE-9147EC59F3B5}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{D163B3DE-AE0F-4F6D-A596-07E03AA67FF1}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{D71871E2-3FA0-413C-A43D-D11F5274FC23}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{E252ACDF-D690-42FE-86F7-ED4E1EEA3AAA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E4D490C9-4972-459C-B601-3789407DCD26}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{F26D3EA8-953B-478B-9808-CBEFAF35DC65}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{F6C81DE0-B4C3-4961-A7AA-E3EDF4CA239C}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"djDecks" = djDecks (remove only)
"ESET Online Scanner" = ESET Online Scanner v3
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/11/2009 15:23:17 | Computer Name = gary-PC | Source = MsiInstaller | ID = 1018
Description =

Error - 02/11/2009 15:24:07 | Computer Name = gary-PC | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 8.0.6001.18813, time stamp
0x4a6621ae, faulting module Dxtrans.dll, version 8.0.6001.18702, time stamp 0x49b3ac97,
exception code 0xc000001d, fault offset 0x00001c00, process id 0x15f4, application
start time 0x01ca5bf2019e1804.

Error - 02/11/2009 15:40:24 | Computer Name = gary-PC | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 8.0.6001.18813, time stamp
0x4a6621ae, faulting module Dxtrans.dll, version 8.0.6001.18702, time stamp 0x49b3ac97,
exception code 0xc0000096, fault offset 0x00001d8b, process id 0x13a8, application
start time 0x01ca5bf43492a44b.

Error - 02/11/2009 17:06:40 | Computer Name = gary-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18813, time stamp
0x4a6621ae, faulting module Dxtrans.dll, version 8.0.6001.18702, time stamp 0x49b3ac97,
exception code 0xc0000096, fault offset 0x00001d8b, process id 0xf04, application
start time 0x01ca5c005d8c275f.

Error - 05/11/2009 16:50:05 | Computer Name = gary-PC | Source = EventSystem | ID = 4609
Description =

Error - 05/11/2009 17:35:57 | Computer Name = gary-PC | Source = EventSystem | ID = 4609
Description =

Error - 05/11/2009 17:37:03 | Computer Name = gary-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =

Error - 05/11/2009 18:11:20 | Computer Name = gary-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 05/11/2009 18:11:23 | Computer Name = gary-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 05/11/2009 18:12:24 | Computer Name = gary-PC | Source = EventSystem | ID = 4621
Description =

[ Broadcom Wireless LAN Events ]
Error - 24/08/2009 11:12:23 | Computer Name = gary-PC | Source = WLAN-Tray | ID = 0
Description = 16:12:23, Mon, Aug 24, 09 Error - User "" does not have administrative
privileges on this system


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:55 PM

Posted 01 December 2009 - 12:30 PM

Hi,

the log does not show any obvious signs of infections. So let's check for better hidden malware. Please run a scan with gmer for rootkits:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Also please try to reset your Intenret Explorer to default settings and let me know if that stops the crashes: How to Reset Internet Explorer Settings

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 john1983

john1983
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 01 December 2009 - 01:44 PM

Hi,

Thanks for the quick reply. I tried resetting Internet Explorer but the problem remained. It still crashed even after the reset. I managed to get GMER to finish a scan. It crashed a couple of times in normal and safe mode. The scan that did complete was run in normal mode. I have posted the log below. I also saved the log it produces automatically and I've posted that after the GMER log.

Thanks,

John



GMER LOG:

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-01 18:36:31
Windows 6.0.6001 Service Pack 1
Running: r0cmsnu9.exe; Driver: C:\Users\gary\AppData\Local\Temp\pxldqpob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA66D24FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA66D2525]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA66D250F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA66D24E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwTerminateProcess 81FFAF80 5 Bytes JMP A66D24EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8203EF86 5 Bytes JMP A66D24FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 8204E89E 7 Bytes JMP A66D2513 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 820AC171 5 Bytes JMP A66D2529 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4724] kernel32.dll!SetUnhandledExceptionFilter 75F36E2D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4724] kernel32.dll!GetProcAddress 75F5B8B6 5 Bytes JMP 01DBE090 c:\PROGRA~1\mcafee\SITEAD~1\saPlugin.dll (SiteAdvisor/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----







AUTOMATIC LOG:

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit quick scan 2009-12-01 18:16:35
Windows 6.0.6001 Service Pack 1
Running: r0cmsnu9.exe; Driver: C:\Users\gary\AppData\Local\Temp\pxldqpob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA66D24FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA66D2525]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA66D250F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA66D24E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:55 PM

Posted 02 December 2009 - 02:57 PM

Hi,

please try reinstalling Internet Explorer as a next step. You can download Internet Explorer here: Internet Explorer 8.

If that does not fix it, we are going to run a system file integrity check. For this we would need your Windows-CD, do you have it?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 john1983

john1983
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 02 December 2009 - 06:08 PM

Hi Myrti,

It wouldnt let me install IE8 as it said the laptop currently had a newer version installed. I unfortunatley dont have access to the windows CD as the laptop actually belongs to my younger cousin who's asked me to try and fix it for him.

Would it be worth trying to install a different browser eg Safari?

John

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:55 PM

Posted 02 December 2009 - 07:03 PM

Hi,

Please try running Fix IE to fix your problems with Internet Explorer: Download. Simply extract from the zip-folder and double click it to launch it. Let me know if that works.

Are you Updates still not working either?

Using a different browser such as safari, firefox or opera very probably would fix the problem and let you surf without problems.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 john1983

john1983
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 08 December 2009 - 03:58 PM

Hi Myrti,

I tried running the IE fix but it didnt correct the problem. I then installed firefox and the problem seems to be fixed! The other problems such as auto updates failing to install still remains but my cousin says he is happy to sort them out at a later date. Ive just given him back the laptop and he's very pleased to be able to get on the internet again so thanks very much for all your help.

Best regards,

John

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:55 PM

Posted 11 December 2009 - 11:01 AM

Hi,

I'm terribly sorry for the delay. :( I had unexpected family issues to deal with, which left me without internet access for most of the week, but I'm back in the internet connected world now and I hope there won't be any more delays.

Do you still have access to the PC or no longer? Should we continue this thread, or should I close it?

Sorry once more,
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:55 PM

Posted 21 December 2009 - 08:38 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users