Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible security issue on computer


  • This topic is locked This topic is locked
6 replies to this topic

#1 cmhcwh

cmhcwh

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 26 January 2010 - 04:23 PM

I had financial information stolen possibly from my computer. I was told I could possibly have a keylogger virus and am not sure how to check for it.

DDS (Ver_09-12-01.01) - NTFSx86
Run by paulh at 21:34:58.00 on Mon 01/25/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.888 [GMT -6:00]

SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcicoms.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Dell AIO Printer 946\DLCImon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Windows\sttray.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICUA.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\paulh\Documents\RCA Detective\RCADetective.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\upgrade.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\consent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\consent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\paulh\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070321
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON Stylus Photo R1900 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticua.exe /fu "c:\windows\temp\E_S72CC.tmp" /EF "HKCU"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\PhotoDownloader.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [FaxCenterServer] "c:\program files\dell fax solutions\fm3032.exe" /s
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DLCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCItime.dll,_RunDLLEntry@16
mRun: [dlcimon.exe] "c:\program files\dell aio printer 946\dlcimon.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
StartupFolder: c:\users\paulh\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\paulh\appdata\roaming\micros~1\windows\startm~1\programs\startup\rcadet~1.lnk - c:\users\paulh\documents\rca detective\RCADetective.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{53a01cc6-14b0-4512-a2e7-10d39bf83dc4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {541AEDD4-20E8-4E6F-B12B-0FDD38BB712F} - hxxps://pacsweb-stl.ssmhc.com/ami/install/amiviewer.cab
DPF: {5C885ED3-9E77-4140-B63E-134BF7B19DEC} - hxxps://pacsweb-stl.ssmhc.com/ami/install/amiviewer.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {988E583E-D78B-4BC5-8011-7F6674484D9C} - hxxps://pacsweb-stl.ssmhc.com/AMI/install/amiviewer.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-11-23 40840]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-11-23 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-11-23 81288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-5-1 214664]
R1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\system32\drivers\NEOFLTR_630_13725.sys [2008-11-21 64480]
R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-5-1 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-5-1 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-5-1 40552]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-11-10 19456]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-5-1 34248]

=============== Created Last 30 ================

2010-01-19 02:26:32 345384 ----a-w- c:\windows\system32\dsNcCredProv.dll
2010-01-13 13:35:55 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 13:35:55 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-12-29 01:09:14 110 ----a-w- c:\windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
2009-12-29 01:08:46 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-29 01:07:20 0 d-----w- c:\programdata\Leapfrog
2009-12-29 00:49:39 0 d-----w- c:\program files\LeapFrog

==================== Find3M ====================

2010-01-19 02:25:18 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-19 02:25:17 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-19 02:25:12 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-18 13:05:50 833024 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14:30 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 13:22:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20:16 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-14 17:36:12 174 --sha-w- c:\program files\desktop.ini
2009-05-14 17:16:15 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-02-26 17:04:55 16384 --sha-w- c:\windows\temp\cookies\index.dat
2008-02-26 17:04:55 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-02-26 17:04:55 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2007-03-21 14:14:48 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 21:36:33.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 26 January 2010 - 04:48 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you! cool.gif

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

I need some more info.

Please do this.......

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

With your next post please provide:

* OTL.txt
* Extra.txt
* Gmer log
* Please copy and paste all these logs directly into your reply.

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 cmhcwh

cmhcwh
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 26 January 2010 - 11:32 PM

OTL Extras logfile created on: 1/26/2010 10:02:21 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\paulh\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.00 Gb Total Space | 77.06 Gb Free Space | 56.25% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.32 Gb Free Space | 53.21% Space Free | Partition Type: NTFS
Drive E: | 1.27 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAULH-PC
Current User Name: paulh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\system\rundll32.exe" = C:\Windows\system\rundll32.exe:*:Enabled:rundll32 -- File not found
"C:\Users\paulh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OK5PAX1\installer_00002[2].exe" = C:\Users\paulh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OK5PAX1\installer_00002[2].exe:*:Enabled:installer -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0010D6E8-246F-4B0E-8AF8-034FCB65600F}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 946\dlciaiox.exe |
"{085014B3-C21E-4F1B-A715-0498FD5B4ECC}" = protocol=6 | dir=in | app=c:\windows\system32\dlcicoms.exe |
"{1530C178-1F08-438E-B704-4BD827298FF3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{17BD28C6-40F4-48AA-92B4-B2A8BEC2B5EB}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{1A558341-0E13-485F-BCE9-6ABCBF634668}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\ttax.exe |
"{32E24097-2C5B-4C61-888E-7E4E73023CD5}" = protocol=17 | dir=in | app=c:\windows\system32\dlcicoms.exe |
"{4507FF1A-830D-4D71-9EAC-155D2BCA0BD5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{47B474DF-EA7C-47B5-AF44-0102395A529D}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 946\dlciaiox.exe |
"{629653A3-0C7C-41C8-88AD-DD6A042BE138}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{643B2BA4-AE5F-48FB-B608-7807C25FB754}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{728A4E3A-39FE-404A-B260-E3A41DE52366}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 946\dlcimon.exe |
"{74AE5F52-BE7D-43C3-A26C-F7EBCE620B6B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlcipswx.exe |
"{7BDF87D7-E619-41C6-A775-BD944C51CFD8}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{88AC97B3-E219-46B0-B22C-65E480812FA1}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\updatemgr.exe |
"{9C40EEF8-2830-41CA-9D69-000862C328F7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{9EB6338B-4480-4C1B-9315-D7F6C67ABAE7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A0EC5901-5ED2-46E4-B8EA-6E76BA8B2705}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{D8951C1A-B8FD-4818-A11E-DF02ACA9944C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DA6E1136-4240-472A-8AA8-006668985476}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DC500B0A-CD76-4886-8BEF-CF52F05E6286}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\ttax.exe |
"{DEB1472E-90D6-4898-B573-71D08726C64A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{F67FA5B1-1311-4AE6-BA0B-F625E03A02D4}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\updatemgr.exe |
"{FB156C58-A414-41D7-AE5F-99ED7D8AF717}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 946\dlcimon.exe |
"{FFFB48D3-4FC3-4C2B-BFB4-F0112A7CB0A6}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlcipswx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03875A07-53D1-44EE-9D8D-C70EAF038E52}" = PrintingPress Extreme
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{530AFAFF-6F0A-48BB-88D0-04F9658322D3}" = Adobe Premiere Elements 3.0.2
"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6EACDDF4-4220-49A3-9204-984C86852C3D}" = Adobe Premiere Elements 3.0.2 Templates
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7C49EA42-5647-4051-84C2-E6404F25A931}" = Yahoo! Music Jukebox
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E15C4B8-85FC-4539-94F2-8280C0B213A3}" = LeapFrog Tag Plugin
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9833D727-8FF5-40AE-A193-525747555FF1}" = BlackBerry Desktop Software 4.7
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A0A480EB-6D21-4CD7-91F0-4C93606A2F32}" = 946plv32
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC93F461-132C-4A10-983D-7DAFE2917D67}" = Roxio Media Manager
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"BBMediaSyncUninstall" = BlackBerry Media Sync
"BlackBerry_{9833D727-8FF5-40AE-A193-525747555FF1}" = BlackBerry Desktop Software 4.7
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Curlz_is1" = Curlz 1.00
"Dell AIO Printer 946" = Dell AIO Printer 946
"Dell Fax Solutions" = Dell PC Fax
"Dell_ENA" = Dell Wireless Software Uninstall
"EPSON Printer and Utilities" = EPSON Printer Software
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.480
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"PremElem30" = Adobe Premiere Elements 3.0.2
"RCA Detective_is1" = RCA Detective 2.0.0.95
"RCA Memory Manager_is1" = RCA Memory Manager 2.0.0.107
"Scholastic's I SPY Fun House" = Scholastic's I SPY Fun House
"Silent Package Run-Time Sample" = EPSON R1900 INFORMATION CENTER
"Spyware Doctor" = Spyware Doctor 6.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"TurboTax Premier 2007" = TurboTax Premier 2007
"UPCShell" = LeapFrog Connect
"WildTangent dell Master Uninstall" = Dell Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Xvid Codec_is1" = Xvid Codec 1.1.3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2972194437-3200149986-3658755093-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/24/2009 6:22:47 PM | Computer Name = paulh-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 7.0.8.218, time stamp 0x446abf60,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x24002bcb, process id 0x16cc, application start time 0x01c9f4490cfdcf40.

Error - 7/8/2009 5:41:52 PM | Computer Name = paulh-PC | Source = Application Error | ID = 1000
Description = Faulting application DesktopMgr.exe, version 4.7.0.25, time stamp
0x48d3f144, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x00043387, process id 0x161c, application
start time 0x01ca0014b3711900.

Error - 7/8/2009 5:51:50 PM | Computer Name = paulh-PC | Source = Application Hang | ID = 1002
Description = The program MediaManager9.exe version 9.4.3.82 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 10f8 Start Time: 01ca0015569fb1e0 Termination Time: 144

Error - 7/8/2009 9:47:31 PM | Computer Name = paulh-PC | Source = EventSystem | ID = 4621
Description =

Error - 7/9/2009 11:36:57 PM | Computer Name = paulh-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18248, time stamp
0x49f1c24f, faulting module WINHTTP.dll, version 6.0.6001.18178, time stamp 0x493a0262,
exception code 0xc0000005, fault offset 0x00003689, process id 0xb94, application
start time 0x01ca010984caff30.

Error - 7/9/2009 11:42:21 PM | Computer Name = paulh-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 7.0.8.218, time stamp 0x446abf60,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc000001d, fault offset 0x0c2efe8b, process id 0xd70, application start time 0x01ca011062567c20.

Error - 7/15/2009 10:08:25 PM | Computer Name = paulh-PC | Source = EventSystem | ID = 4621
Description =

Error - 8/5/2009 6:35:33 PM | Computer Name = paulh-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18294 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1d88 Start Time: 01ca161cbec81740 Termination Time: 36

Error - 8/5/2009 10:25:24 PM | Computer Name = paulh-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18294, time stamp
0x4a6199f8, faulting module AcroPDF.dll, version 7.0.9.0, time stamp 0x456b3ba3,
exception code 0xc0000005, fault offset 0x0002f3d3, process id 0xfe8, application
start time 0x01ca16392f350030.

Error - 8/14/2009 10:24:33 PM | Computer Name = paulh-PC | Source = Application Error | ID = 1000
Description = Faulting application SoftwareUpdate.exe, version 2.1.1.116, time stamp
0x488a4f1f, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x0006a786, process id 0x1c10, application
start time 0x01ca1d4f7e03f190.

[ System Events ]
Error - 1/25/2010 10:06:24 PM | Computer Name = paulh-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 1/25/2010 10:06:24 PM | Computer Name = paulh-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 1/25/2010 10:46:29 PM | Computer Name = paulh-PC | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.

Error - 1/25/2010 10:46:37 PM | Computer Name = paulh-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.3 for the Network Card with network address
001A929802F3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 1/26/2010 10:09:02 AM | Computer Name = paulh-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/26/2010 10:09:06 AM | Computer Name = paulh-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.2 for the Network Card with network address
001A929802F3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 1/26/2010 5:08:02 PM | Computer Name = paulh-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.3 for the Network Card with network address
001A929802F3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 1/26/2010 5:47:35 PM | Computer Name = paulh-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.2 for the Network Card with network address
001A929802F3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 1/26/2010 10:07:51 PM | Computer Name = paulh-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.3 for the Network Card with network address
001A929802F3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 1/26/2010 10:36:49 PM | Computer Name = paulh-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.2 for the Network Card with network address
001A929802F3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).


< End of report >

OTL logfile created on: 1/26/2010 10:02:21 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\paulh\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.00 Gb Total Space | 77.06 Gb Free Space | 56.25% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.32 Gb Free Space | 53.21% Space Free | Partition Type: NTFS
Drive E: | 1.27 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAULH-PC
Current User Name: paulh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/26 21:56:33 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Users\paulh\Desktop\OTL.exe
PRC - [2009/12/28 19:15:29 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/12/18 09:42:45 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/11/10 10:14:38 | 00,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/11/10 09:28:06 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/27 18:19:10 | 00,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/07/17 21:12:12 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/11/21 02:33:32 | 00,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/10/29 00:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/25 08:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/10/09 13:47:42 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/09/19 15:06:42 | 00,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/08/25 12:36:36 | 01,168,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/06/02 16:22:56 | 01,560,968 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\Upgrade.exe
PRC - [2008/03/06 11:45:28 | 01,110,016 | ---- | M] (Audiovox Electronics Corp.) -- C:\Users\paulh\Documents\RCA Detective\RCADetective.exe
PRC - [2008/01/19 01:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 01:33:12 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2008/01/19 01:33:05 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/04/10 06:00:00 | 00,182,272 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATICUA.EXE
PRC - [2007/02/07 23:11:04 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/01/12 15:52:12 | 00,435,696 | ---- | M] (Dell) -- C:\Program Files\Dell AIO Printer 946\DLCImon.exe
PRC - [2007/01/02 20:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/12/22 06:31:50 | 00,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/12/22 06:29:56 | 00,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006/12/10 20:52:38 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006/12/10 20:51:08 | 00,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2006/12/08 02:17:44 | 00,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcicoms.exe
PRC - [2006/11/27 16:56:04 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2006/11/27 16:56:02 | 01,540,096 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2006/11/27 16:55:48 | 01,716,224 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2006/11/21 19:09:02 | 00,842,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2006/11/17 17:52:40 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/11/15 12:07:58 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2006/11/15 12:07:56 | 00,106,496 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2006/11/12 01:19:46 | 00,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/11 17:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2006/11/08 18:47:14 | 01,066,528 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/11/03 17:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2010/01/26 21:56:33 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Users\paulh\Desktop\OTL.exe
MOD - [2008/08/25 12:36:46 | 00,146,312 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smumhook.dll
MOD - [2008/06/19 12:42:00 | 00,225,280 | ---- | M] () -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
MOD - [2008/06/02 14:29:54 | 00,100,864 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\klg.dat
MOD - [2008/01/19 01:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/28 19:15:21 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/11/10 09:28:06 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/27 12:28:00 | 00,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/11/21 02:33:32 | 00,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/09 13:47:42 | 01,079,176 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/26 12:23:24 | 00,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2008/08/26 12:23:20 | 00,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2008/08/26 12:23:02 | 01,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/02/26 11:04:38 | 00,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/19 01:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/02/28 01:00:14 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/02/28 01:00:14 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/12/22 06:31:50 | 00,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/12/08 02:17:44 | 00,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcicoms.exe -- (dlci_device)
SRV - [2006/11/27 16:56:04 | 00,024,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2006/11/11 17:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/11/08 15:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 15:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/11/07 12:27:02 | 00,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/09/14 13:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/10 09:27:06 | 00,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 11:32:26 | 00,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/11/21 02:37:14 | 00,064,480 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\System32\drivers\NEOFLTR_630_13725.sys -- (NEOFLTR_630_13725) Juniper Networks TDI Filter Driver (NEOFLTR_630_13725)
DRV - [2008/11/21 02:15:54 | 00,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/08/25 12:36:30 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 12:36:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 12:36:28 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/05/20 19:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/01/18 23:57:15 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/03/21 08:14:46 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/03/21 08:14:46 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/03/21 08:14:46 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/02/07 23:11:04 | 00,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/01/18 10:24:58 | 00,026,496 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/11/27 16:55:54 | 00,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006/11/20 13:13:58 | 00,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 13:13:58 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 13:13:56 | 00,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/17 17:52:38 | 00,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/15 12:07:56 | 01,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/11 17:10:40 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/11 17:10:40 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/11/11 17:10:40 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/11 17:10:38 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/11 17:10:38 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/08 01:02:38 | 00,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006/11/02 03:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 00,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 01:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 01:30:53 | 00,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 00:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/05 19:58:00 | 00,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 12:18:08 | 00,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 00,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 00,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 00,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 00,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 00,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 00,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 00,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 14:43:52 | 00,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/11 10:05:58 | 00,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 09:35:18 | 00,012,920 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 00,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 10:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2972194437-3200149986-3658755093-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=6070321
IE - HKU\S-1-5-21-2972194437-3200149986-3658755093-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2972194437-3200149986-3658755093-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2972194437-3200149986-3658755093-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2972194437-3200149986-3658755093-1000\S-1-5-21-2972194437-3200149986-3658755093-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2972194437-3200149986-3658755093-1000\S-1-5-21-2972194437-3200149986-3658755093-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/01/18 22:18:55 | 00,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2972194437-3200149986-3658755093-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe File not found
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLCICATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCItime.DLL ()
O4 - HKLM..\Run: [dlcimon.exe] C:\Program Files\Dell AIO Printer 946\dlcimon.exe (Dell)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2972194437-3200149986-3658755093-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2972194437-3200149986-3658755093-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2972194437-3200149986-3658755093-1000..\Run: [EPSON Stylus Photo R1900 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICUA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2972194437-3200149986-3658755093-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2972194437-3200149986-3658755093-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2972194437-3200149986-3658755093-1000..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKU\S-1-5-21-2972194437-3200149986-3658755093-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\paulh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\paulh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Users\paulh\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2972194437-3200149986-3658755093-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2972194437-3200149986-3658755093-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {541AEDD4-20E8-4E6F-B12B-0FDD38BB712F} https://pacsweb-stl.ssmhc.com/ami/install/amiviewer.cab (Centricity Web ViewApp Control 3.0 SPa02)
O16 - DPF: {5C885ED3-9E77-4140-B63E-134BF7B19DEC} https://pacsweb-stl.ssmhc.com/ami/install/amiviewer.cab (Centricity Web ViewApp Control 3.0 SPa07)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mpix.com/customer/uploading/act...geUploader5.cab (Image Uploader Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab (HPDDClientExec Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {988E583E-D78B-4BC5-8011-7F6674484D9C} https://pacsweb-stl.ssmhc.com/AMI/install/amiviewer.cab (Centricity Web ViewApp Control 3.0 SPa05)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\paulh\Pictures\5F8B2356fs-2.jpg
O24 - Desktop BackupWallPaper: C:\Users\paulh\Pictures\5F8B2356fs-2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a415ec2e-f841-11dd-921e-00188bb4ed8c}\Shell\AutoRun\command - "" = F:\rcasw_setup.exe -- File not found
O33 - MountPoints2\{a415ec2e-f841-11dd-921e-00188bb4ed8c}\Shell\Manage your videos\command - "" = RCAMemoryMgr.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/05/14 11:19:52 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - File not found
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010/01/26 21:56:19 | 00,548,352 | ---- | C] (OldTimer Tools) -- C:\Users\paulh\Desktop\OTL.exe
[2010/01/25 21:46:00 | 00,472,064 | ---- | C] ( ) -- C:\Users\paulh\Desktop\RootRepeal.exe
[2010/01/21 15:44:09 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/01/21 15:44:08 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/21 15:44:08 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/21 15:44:08 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/21 15:44:07 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/01/21 15:44:07 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/01/21 15:44:07 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/01/21 15:44:07 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/01/21 15:44:07 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/21 15:44:06 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/21 15:44:06 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/18 20:26:32 | 00,345,384 | ---- | C] (Juniper Networks) -- C:\Windows\System32\dsNcCredProv.dll
[2010/01/13 07:35:55 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 07:35:55 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/06 06:40:52 | 00,000,000 | ---D | C] -- C:\Users\paulh\Desktop\New Folder
[2009/12/28 19:13:17 | 01,924,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\paulh\Desktop\install_flash_player.exe
[2009/12/28 19:13:16 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/12/28 19:08:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/12/28 19:07:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Leapfrog
[2009/12/28 18:49:39 | 00,000,000 | ---D | C] -- C:\Program Files\LeapFrog
[2008/01/07 14:33:17 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlciinpa.dll
[2008/01/07 14:33:17 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlciiesc.dll
[2008/01/07 14:33:17 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLCIhcp.dll
[2008/01/07 14:33:16 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlciserv.dll
[2008/01/07 14:33:16 | 00,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlciusb1.dll
[2008/01/07 14:33:15 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcipmui.dll
[2008/01/07 14:33:15 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcilmpm.dll
[2008/01/07 14:33:15 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlciprox.dll
[2008/01/07 14:33:15 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcipplc.dll
[2008/01/07 14:33:13 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcihbn3.dll
[2008/01/07 14:33:11 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcicomc.dll
[2008/01/07 14:33:11 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcicomm.dll
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/26 22:07:46 | 03,407,872 | -HS- | M] () -- C:\Users\paulh\ntuser.dat
[2010/01/26 22:07:44 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/26 22:07:44 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/26 21:56:33 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Users\paulh\Desktop\OTL.exe
[2010/01/26 20:37:26 | 00,026,257 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/01/26 20:36:45 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/25 22:42:06 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CD7A68E1-334E-42F6-A3C5-85DDE2D7FA6F}.job
[2010/01/25 21:47:09 | 00,000,000 | ---- | M] () -- C:\Users\paulh\Desktop\settings.dat
[2010/01/25 21:46:12 | 00,472,064 | ---- | M] ( ) -- C:\Users\paulh\Desktop\RootRepeal.exe
[2010/01/25 21:43:26 | 00,003,680 | ---- | M] () -- C:\Users\paulh\Documents\Attach.zip
[2010/01/25 21:34:03 | 00,524,288 | ---- | M] () -- C:\Users\paulh\Desktop\dds.scr
[2010/01/23 21:31:09 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/23 21:30:16 | 21,353,71776 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/21 18:02:35 | 02,200,719 | -H-- | M] () -- C:\Users\paulh\AppData\Local\IconCache.db
[2010/01/20 18:33:40 | 00,004,892 | ---- | M] () -- C:\Users\paulh\AppData\Local\d3d9caps.dat
[2010/01/20 11:21:30 | 00,524,288 | -HS- | M] () -- C:\Users\paulh\ntuser.dat{ed6fce62-a0f8-11dc-86cd-00188bb4ed8c}.TMContainer00000000000000000001.regtrans-ms
[2010/01/20 11:21:30 | 00,065,536 | -HS- | M] () -- C:\Users\paulh\ntuser.dat{ed6fce62-a0f8-11dc-86cd-00188bb4ed8c}.TM.blf
[2010/01/16 23:19:38 | 00,010,194 | ---- | M] () -- C:\Users\paulh\Documents\Funny things Marin says.docx
[2010/01/16 23:15:38 | 00,002,627 | ---- | M] () -- C:\Users\paulh\Desktop\Microsoft Office Word 2007.lnk
[2010/01/13 20:45:15 | 00,103,581 | ---- | M] () -- C:\Users\paulh\Documents\macrophage activation syndrome case series 2009.pdf
[2010/01/06 06:41:24 | 00,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/06 06:41:24 | 00,604,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/06 06:41:24 | 00,105,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/06 01:42:15 | 02,508,800 | ---- | M] () -- C:\Users\paulh\Desktop\ITP powerpoint.ppt
[2010/01/05 23:27:22 | 00,409,142 | ---- | M] () -- C:\Users\paulh\Documents\romiplostim preclinical.pdf
[2010/01/05 23:10:08 | 00,212,458 | ---- | M] () -- C:\Users\paulh\Documents\romiplostim healthy volunteers.pdf
[2010/01/05 22:17:12 | 00,268,100 | ---- | M] () -- C:\Users\paulh\Documents\romiplostim phase III.pdf
[2010/01/05 21:34:51 | 00,245,740 | ---- | M] () -- C:\Users\paulh\Documents\romiplostim NEJM phase III.pdf
[2010/01/05 16:29:53 | 00,000,279 | ---- | M] () -- C:\Users\paulh\Desktop\handy manny.url
[2010/01/04 23:43:07 | 00,196,022 | ---- | M] () -- C:\Users\paulh\Documents\phase 1 eltrombopag.pdf
[2010/01/04 23:38:10 | 00,301,815 | ---- | M] () -- C:\Users\paulh\Documents\safety efficacy long term romiplostim.pdf
[2010/01/04 23:26:09 | 00,179,038 | ---- | M] () -- C:\Users\paulh\Documents\preclinical eltrombopag.pdf
[2010/01/04 23:11:26 | 00,226,957 | ---- | M] () -- C:\Users\paulh\Documents\Eltrombopag review.pdf
[2010/01/04 21:29:55 | 00,995,519 | ---- | M] () -- C:\Users\paulh\Documents\itp acute review pediatric clinics.pdf
[2010/01/04 21:17:57 | 00,150,903 | ---- | M] () -- C:\Users\paulh\Documents\ITP acute review controversies.pdf
[2010/01/04 06:44:50 | 00,027,648 | ---- | M] () -- C:\Users\paulh\Documents\Scott Wood roadmap.doc
[2010/01/03 23:22:45 | 00,387,002 | ---- | M] () -- C:\Users\paulh\Documents\ITP marrow.jpg
[2010/01/03 23:20:41 | 00,209,691 | ---- | M] () -- C:\Users\paulh\Documents\ITP harrington.pdf
[2010/01/03 23:05:38 | 00,382,362 | ---- | M] () -- C:\Users\paulh\Documents\ITP impaired thrombopoiesis.pdf
[2010/01/02 23:44:52 | 00,302,559 | ---- | M] () -- C:\Users\paulh\Documents\eltrombopag tria 2l.pdf
[2010/01/02 23:41:53 | 00,208,583 | ---- | M] () -- C:\Users\paulh\Documents\eltrombopag trial.pdf
[2010/01/02 23:27:35 | 00,391,650 | ---- | M] () -- C:\Users\paulh\Documents\annurev thrombopoietin.pdf
[2009/12/31 23:09:15 | 00,002,619 | ---- | M] () -- C:\Users\paulh\Desktop\PrintingPress Extreme.lnk
[2009/12/28 19:13:10 | 01,924,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\paulh\Desktop\install_flash_player.exe
[2009/12/28 19:10:21 | 00,000,751 | ---- | M] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2009/12/28 19:09:55 | 00,000,110 | ---- | M] () -- C:\Windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/25 21:47:09 | 00,000,000 | ---- | C] () -- C:\Users\paulh\Desktop\settings.dat
[2010/01/25 21:43:26 | 00,003,680 | ---- | C] () -- C:\Users\paulh\Documents\Attach.zip
[2010/01/25 21:33:58 | 00,524,288 | ---- | C] () -- C:\Users\paulh\Desktop\dds.scr
[2010/01/16 23:18:35 | 00,010,194 | ---- | C] () -- C:\Users\paulh\Documents\Funny things Marin says.docx
[2010/01/13 20:45:15 | 00,103,581 | ---- | C] () -- C:\Users\paulh\Documents\macrophage activation syndrome case series 2009.pdf
[2010/01/05 23:27:22 | 00,409,142 | ---- | C] () -- C:\Users\paulh\Documents\romiplostim preclinical.pdf
[2010/01/05 23:10:08 | 00,212,458 | ---- | C] () -- C:\Users\paulh\Documents\romiplostim healthy volunteers.pdf
[2010/01/05 22:17:12 | 00,268,100 | ---- | C] () -- C:\Users\paulh\Documents\romiplostim phase III.pdf
[2010/01/05 21:34:51 | 00,245,740 | ---- | C] () -- C:\Users\paulh\Documents\romiplostim NEJM phase III.pdf
[2010/01/04 23:43:07 | 00,196,022 | ---- | C] () -- C:\Users\paulh\Documents\phase 1 eltrombopag.pdf
[2010/01/04 23:38:10 | 00,301,815 | ---- | C] () -- C:\Users\paulh\Documents\safety efficacy long term romiplostim.pdf
[2010/01/04 23:26:09 | 00,179,038 | ---- | C] () -- C:\Users\paulh\Documents\preclinical eltrombopag.pdf
[2010/01/04 23:11:26 | 00,226,957 | ---- | C] () -- C:\Users\paulh\Documents\Eltrombopag review.pdf
[2010/01/04 21:29:55 | 00,995,519 | ---- | C] () -- C:\Users\paulh\Documents\itp acute review pediatric clinics.pdf
[2010/01/04 21:17:57 | 00,150,903 | ---- | C] () -- C:\Users\paulh\Documents\ITP acute review controversies.pdf
[2010/01/04 06:44:49 | 00,027,648 | ---- | C] () -- C:\Users\paulh\Documents\Scott Wood roadmap.doc
[2010/01/03 23:25:05 | 02,508,800 | ---- | C] () -- C:\Users\paulh\Desktop\ITP powerpoint.ppt
[2010/01/03 23:22:43 | 00,387,002 | ---- | C] () -- C:\Users\paulh\Documents\ITP marrow.jpg
[2010/01/03 23:20:41 | 00,209,691 | ---- | C] () -- C:\Users\paulh\Documents\ITP harrington.pdf
[2010/01/03 23:05:38 | 00,382,362 | ---- | C] () -- C:\Users\paulh\Documents\ITP impaired thrombopoiesis.pdf
[2010/01/02 23:44:52 | 00,302,559 | ---- | C] () -- C:\Users\paulh\Documents\eltrombopag tria 2l.pdf
[2010/01/02 23:41:53 | 00,208,583 | ---- | C] () -- C:\Users\paulh\Documents\eltrombopag trial.pdf
[2010/01/02 23:27:35 | 00,391,650 | ---- | C] () -- C:\Users\paulh\Documents\annurev thrombopoietin.pdf
[2009/12/28 19:10:21 | 00,000,751 | ---- | C] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2009/12/28 19:09:14 | 00,000,110 | ---- | C] () -- C:\Windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/07/22 22:56:19 | 00,561,152 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/07/22 22:56:19 | 00,159,744 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/12/28 23:04:05 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/12/28 23:00:55 | 00,000,084 | ---- | C] () -- C:\Windows\EPSPR1900.ini
[2008/03/29 20:53:54 | 00,004,031 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/07 14:34:34 | 00,344,064 | ---- | C] () -- C:\Windows\System32\dlcicoin.dll
[2008/01/07 14:33:17 | 00,434,176 | ---- | C] () -- C:\Windows\System32\dlciutil.dll
[2008/01/07 14:33:17 | 00,274,432 | ---- | C] () -- C:\Windows\System32\DLCIinst.dll
[2008/01/07 14:33:14 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlciinsb.dll
[2008/01/07 14:33:14 | 00,159,744 | ---- | C] () -- C:\Windows\System32\dlciins.dll
[2008/01/07 14:33:14 | 00,135,168 | ---- | C] () -- C:\Windows\System32\dlcijswr.dll
[2008/01/07 14:33:14 | 00,106,496 | ---- | C] () -- C:\Windows\System32\dlciinsr.dll
[2008/01/07 14:33:12 | 00,086,016 | ---- | C] () -- C:\Windows\System32\dlcicub.dll
[2008/01/07 14:33:11 | 00,073,728 | ---- | C] () -- C:\Windows\System32\dlcicu.dll
[2008/01/07 14:33:11 | 00,036,864 | ---- | C] () -- C:\Windows\System32\dlcicur.dll
[2008/01/07 14:33:10 | 00,069,632 | ---- | C] () -- C:\Windows\System32\DLCIcfg.dll
[2007/05/09 10:39:34 | 00,004,892 | ---- | C] () -- C:\Users\paulh\AppData\Local\d3d9caps.dat
[2007/04/26 15:31:58 | 00,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2007/04/26 15:31:58 | 00,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2007/04/01 08:13:26 | 00,047,104 | ---- | C] () -- C:\Users\paulh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/21 08:15:21 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2007/03/21 08:15:21 | 00,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/03/21 08:15:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/03/21 08:15:21 | 00,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007/03/21 08:15:05 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/03/21 08:15:00 | 00,061,440 | ---- | C] () -- C:\Windows\System32\dlcicnv4.dll
[2007/03/21 08:14:51 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/03/21 00:46:02 | 00,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/03/21 00:46:02 | 00,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/03/21 00:32:07 | 00,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/07 13:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 22:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/17 06:29:58 | 00,000,487 | ---- | C] () -- C:\Windows\System32\dlciplc.ini
[2005/08/18 04:26:46 | 00,040,960 | ---- | C] () -- C:\Windows\System32\dlcivs.dll

========== LOP Check ==========

[2009/01/25 21:08:28 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Blackberry Desktop
[2010/01/05 16:27:50 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Image Zone Express
[2010/01/18 20:26:40 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Juniper Networks
[2008/12/28 23:10:19 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Leadertech
[2007/05/16 16:13:02 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Opera
[2008/08/21 20:17:46 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Printer Info Cache
[2009/01/19 23:56:15 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Research In Motion
[2008/10/22 19:54:11 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Snapfish
[2008/10/08 20:42:04 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\WildTangent
[2009/08/15 00:00:15 | 00,000,350 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2007/05/01 14:23:03 | 00,000,352 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/01/23 21:31:09 | 00,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/25 22:42:06 | 00,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CD7A68E1-334E-42F6-A3C5-85DDE2D7FA6F}.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009/11/17 21:07:45 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Adobe
[2007/06/14 18:30:04 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\AdobeUM
[2008/10/15 20:25:38 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Apple Computer
[2009/01/25 21:08:28 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Blackberry Desktop
[2010/01/06 16:40:39 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Corel
[2008/09/14 08:17:18 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\CyberLink
[2007/04/26 15:46:12 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\DellFaxCtr
[2007/05/02 10:15:49 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Google
[2007/04/28 08:44:15 | 00,000,000 | -H-D | M] -- C:\Users\paulh\AppData\Roaming\GTek
[2008/03/29 22:08:45 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\HP
[2007/04/01 08:08:56 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Identities
[2010/01/05 16:27:50 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Image Zone Express
[2009/01/19 22:59:22 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\InstallShield
[2008/02/12 12:24:08 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Intuit
[2010/01/18 20:26:40 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Juniper Networks
[2008/12/28 23:10:19 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Leadertech
[2007/04/27 16:38:52 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Macromedia
[2006/11/02 06:37:34 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Media Center Programs
[2008/11/10 19:26:33 | 00,000,000 | --SD | M] -- C:\Users\paulh\AppData\Roaming\Microsoft
[2007/05/16 16:13:02 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Opera
[2008/11/23 23:07:02 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\PC Tools
[2008/08/21 20:17:46 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Printer Info Cache
[2009/01/19 23:56:15 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Research In Motion
[2009/05/05 21:46:13 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Roxio
[2008/10/22 19:54:11 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\Snapfish
[2008/10/08 20:42:04 | 00,000,000 | ---D | M] -- C:\Users\paulh\AppData\Roaming\WildTangent

< %APPDATA%\*.exe /s >
[2007/07/11 21:51:57 | 21,277,080 | ---- | M] ( ) -- C:\Users\paulh\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
[2007/03/21 00:48:47 | 00,036,864 | ---- | M] () -- C:\Users\paulh\AppData\Roaming\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\DellSommelierFix.exe
[2008/11/04 22:20:50 | 00,066,928 | ---- | M] () -- C:\Users\paulh\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe
[2008/11/04 22:20:48 | 00,165,248 | ---- | M] (Juniper Networks) -- C:\Users\paulh\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2008/11/04 22:20:46 | 00,224,104 | ---- | M] () -- C:\Users\paulh\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2008/11/04 22:20:52 | 00,043,600 | ---- | M] (Juniper Networks) -- C:\Users\paulh\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
[2009/10/10 01:07:54 | 00,038,208 | ---- | M] () -- C:\Users\paulh\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2008/10/28 21:01:44 | 01,887,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\paulh\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2008/08/20 16:54:18 | 00,004,710 | R--- | M] () -- C:\Users\paulh\AppData\Roaming\Microsoft\Installer\{03875A07-53D1-44EE-9D8D-C70EAF038E52}\_39b32d12.exe
[2008/08/20 16:54:19 | 00,004,710 | R--- | M] () -- C:\Users\paulh\AppData\Roaming\Microsoft\Installer\{03875A07-53D1-44EE-9D8D-C70EAF038E52}\_3b251e1f.exe
[2008/08/20 16:54:18 | 00,001,078 | R--- | M] () -- C:\Users\paulh\AppData\Roaming\Microsoft\Installer\{03875A07-53D1-44EE-9D8D-C70EAF038E52}\_428b26a6.exe
[2008/08/20 16:54:19 | 00,004,710 | R--- | M] () -- C:\Users\paulh\AppData\Roaming\Microsoft\Installer\{03875A07-53D1-44EE-9D8D-C70EAF038E52}\_45091238.exe
[2008/08/20 16:54:18 | 00,004,710 | R--- | M] () -- C:\Users\paulh\AppData\Roaming\Microsoft\Installer\{03875A07-53D1-44EE-9D8D-C70EAF038E52}\_644366bb.exe
[2008/08/20 16:54:18 | 00,004,710 | R--- | M] () -- C:\Users\paulh\AppData\Roaming\Microsoft\Installer\{03875A07-53D1-44EE-9D8D-C70EAF038E52}\_701f5d03.exe
[2008/08/20 16:54:18 | 00,004,710 | R--- | M] () -- C:\Users\paulh\AppData\Roaming\Microsoft\Installer\{03875A07-53D1-44EE-9D8D-C70EAF038E52}\_74d4dc8.exe
[2008/08/20 16:54:19 | 00,004,710 | R--- | M] () -- C:\Users\paulh\AppData\Roaming\Microsoft\Installer\{03875A07-53D1-44EE-9D8D-C70EAF038E52}\_7a5a767d.exe
[2008/08/21 20:29:12 | 00,010,134 | R--- | M] () -- C:\Users\paulh\AppData\Roaming\Microsoft\Installer\{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}\ARPPRODUCTICON.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/03/21 08:14:11 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007/03/21 08:14:11 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/03/21 08:14:11 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/03/21 08:14:11 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/03/21 08:14:47 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/03/21 08:14:46 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/03/21 08:14:46 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 01:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 01:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 03:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 01:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 01:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 01:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 01:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 01:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 01:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 03:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >





#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 27 January 2010 - 08:53 AM

Good morning. smile.gif

Please take note....

You appear to have a Remote Control application installed. In your case, this is refering to GoToAssist.

Remote Control programs allow complete control of your machine as if you are sitting in front of it, even if you are in some distant location. While this can be a good thing, we need to make sure that this software was installed for a benign purpose, and not for a malicious one. If an attacker installed one of these programs, it would allow them to remotely control your computer, steal critical system information and download and execute files.

This may be installed purposely related to you or someone in your households need, desire or occupation!

QUOTE
SRV - [2008/02/26 11:04:38 | 00,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)


It was installed on 2/26/2008

If you have this application installed on purpose, than you can safely ignore this warning but if you wish you may wish to uninstall it as it is a risk.

If you didn't install this application, please remove (uninstall) it from Add or Remove Programs now.

Please indicate to me if it was installed purposely please.

==========

Another note....

Based on your particular OS - Vista - you might not be able to run some of the applications I suggest without first right clicking the application then choosing "Run as Admin".

==========

Finally.....

Based on the seriousness of your event I would like you to run an advanced system application. Please read the instructions closely. If you have any questions please stop and ask me about it. If the computer crashes please do not panic. Simply reply from a functional computer and I will guide you. As long as you follow my instructions there will be no significant risk to your computer and data.

Download and Run ComboFix (by sUBs)

You must rename it before saving it.





Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own without my supervision.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

With your next post please provide:

* Answer to question about GoToAssist
* Combofix.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 cmhcwh

cmhcwh
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 11 February 2010 - 11:17 PM

ComboFix 10-02-11.04 - paulh 02/11/2010 21:44:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.977 [GMT -6:00]
Running from: c:\users\paulh\Desktop\thcbytes.exe
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
The following files were disabled during the run:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2972194437-3200149986-3658755093-500
c:\program files\Antivirus Plus
c:\windows\system32\avp.id
c:\windows\system32\stacsv.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-12 03:59 . 2010-02-12 03:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-10 13:55 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 13:55 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 13:55 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 13:55 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-02 05:32 . 2010-02-02 05:32 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb1320.tmp.exe
2010-01-19 02:26 . 2010-01-19 02:26 -------- d-----w- c:\users\Public\Juniper Networks
2010-01-19 02:26 . 2008-11-21 08:33 345384 ----a-w- c:\windows\system32\dsNcCredProv.dll
2010-01-13 13:35 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 13:35 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-11 13:34 . 2008-11-24 05:07 -------- d-----w- c:\program files\Spyware Doctor
2010-02-07 20:51 . 2007-04-18 20:58 -------- d-----w- c:\users\paulh\AppData\Roaming\Corel
2010-02-02 08:17 . 2007-03-21 06:55 -------- d-----w- c:\program files\Google
2010-01-28 01:18 . 2007-04-26 21:30 -------- d-----w- c:\program files\Dl_cats
2010-01-28 01:18 . 2007-05-09 16:39 4892 ----a-w- c:\users\paulh\AppData\Local\d3d9caps.dat
2010-01-20 01:12 . 2009-12-08 01:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 02:26 . 2009-09-03 01:39 -------- d-----w- c:\users\paulh\AppData\Roaming\Juniper Networks
2010-01-19 02:26 . 2009-09-23 02:33 -------- d-----w- c:\program files\Juniper Networks
2010-01-05 22:27 . 2008-03-30 04:12 -------- d-----w- c:\users\paulh\AppData\Roaming\Image Zone Express
2009-12-29 01:13 . 2009-12-29 01:13 -------- d-----w- c:\program files\DIFX
2009-12-29 01:10 . 2009-12-29 01:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-29 01:09 . 2009-12-29 00:49 -------- d-----w- c:\program files\LeapFrog
2009-12-29 01:08 . 2009-12-29 01:08 28696928 ----a-w- c:\programdata\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2009-12-29 01:07 . 2009-12-29 01:07 6106960 ----a-w- c:\programdata\Leapfrog\LeapFrog Connect\Updates\TagPlugin.exe
2009-12-29 01:07 . 2009-12-29 01:07 -------- d-----w- c:\programdata\Leapfrog
2009-12-28 12:35 . 2010-02-10 13:54 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 13:54 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 13:54 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 13:54 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 13:54 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 13:54 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 13:54 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 13:54 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 13:54 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-10 13:54 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-18 13:05 . 2010-01-21 21:44 833024 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01 . 2010-01-21 21:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14 . 2010-01-21 21:44 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-08 20:52 . 2010-02-10 13:54 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 13:54 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 13:54 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-18 03:06 . 2009-11-18 03:06 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-11-17 01:54 . 2009-11-17 01:54 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2007-03-21 14:14 . 2007-03-21 14:14 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-29 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-11 1831936]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-10-13 184320]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"FaxCenterServer"="c:\program files\Dell Fax Solutions\fm3032.exe" [2006-11-04 312200]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DLCICATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
"dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2007-01-12 435696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-08-26 236016]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]

c:\users\paulh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
RCA Detective.lnk - c:\users\paulh\Documents\RCA Detective\RCADetective.exe [2009-7-22 1110016]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-9-19 1545488]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-3-21 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-3-21 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\System32\drivers\NEOFLTR_630_13725.sys [11/21/2008 2:37 AM 64480]
R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/23/2008 11:07 PM 356920]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 2:17 AM 135664]
S3 FlyUsb;FLY Fusion;c:\windows\System32\drivers\FlyUsb.sys [11/10/2009 9:27 AM 19456]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17]

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:17]

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]

2007-05-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]

2010-02-11 c:\windows\Tasks\User_Feed_Synchronization-{CD7A68E1-334E-42F6-A3C5-85DDE2D7FA6F}.job
- c:\windows\system32\msfeedssync.exe [2008-09-11 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: turbotax.com
DPF: {541AEDD4-20E8-4E6F-B12B-0FDD38BB712F} - hxxps://pacsweb-stl.ssmhc.com/ami/install/amiviewer.cab
DPF: {5C885ED3-9E77-4140-B63E-134BF7B19DEC} - hxxps://pacsweb-stl.ssmhc.com/ami/install/amiviewer.cab
DPF: {988E583E-D78B-4BC5-8011-7F6674484D9C} - hxxps://pacsweb-stl.ssmhc.com/AMI/install/amiviewer.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
AddRemove-HDMI - c:\windows\system32\igxpun.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-11 22:00
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

- - - - - - - > 'lsass.exe'(656)
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2010-02-11 22:06:01
ComboFix-quarantined-files.txt 2010-02-12 04:05

Pre-Run: 82,996,764,672 bytes free
Post-Run: 82,816,872,448 bytes free

- - End Of File - - 3751EC6969B1345FCA66B2087FA46DD6


您好,
您的来信已收到,稍后我会给您回信。谢谢来信!
Dear,
I have received your letter.I will reply you soon.Thank you!世界之最
世界最淡的海--波罗地海。一般海水的含盐度在34‰至37‰左右。波罗的海表层海水含盐度由西部的8‰至11‰,降到中部的6‰至8‰和东部的2‰。是世界上含盐度最低的海。
以上提示来自:网易163免费邮——中文邮箱第一品牌 mail.163.com

********Edited by thcbytes to deactivate rogue link***********

Edited by thcbytes, 12 February 2010 - 03:49 AM.


#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 12 February 2010 - 12:08 PM

Hello.

Much better.

Please take your time, answer my questions and carefully follow my instructions. If you have any questions or run into any difficulties stop and tell me about it. Again remember that you might need to right click and choose run as admin to make some of these programs run.

==========

An important question.

I see that you have McAfee Antivirus remnants on your computer. Do you use this for antivirus protection? Have you purposely disabled it for the cleanup or is it nonfunctional?

==========

QUOTE
c:\program files\Antivirus Plus
c:\windows\system32\avp.id

These infected files were removed. They are related to an infection that installs a fake antivirus software program designed to deceive you.

It was likely installed by way of the remote control access that we have since removed.

I would like to completely disable remote control access on your computer. As you are now acutely aware it is an avenue of exploitation.

This will need to be done in steps. I need to gather some info first.

First..........
  • Create a new folder on your Desktop by right-clicking and selecting New > Folder.
  • Name the folder SWRegfolder.

Next.............
  • Download SWReg by Bobbi Flekman
  • Save it to the SWRegfolder on your Desktop.

Finally.........
  • Click the Start button Picture of the Start button. In the Search box, type Notepad, and then, in the list of results, double-click Notepad.
  • Copy/paste all the text inside the code box below to Notepad:

CODE
@echo off
swreg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s >>log1.txt
Notepad log1.txt

  • In Notepad, go to File (upper menu bar), and select: Save as
  • Save in: SWRegfolder
  • File Name: SWReg.bat
  • Save as Type: All files
  • Click: Save
  • Exit out of Notepad.
Note: Both SWReg.exe and SWReg.bat must be in the same folder for this to work.
  • Locate SWReg.bat in the SWRegfolder and double-click on it.

    (Remember you might have to right click and run as admin to make it run!)
  • When done, a log opens in Notepad.
  • Please post the contents of the log in your reply.

==========

Next do this.....

Open Notepad.
Copy & paste the contents in the code box into Notepad:

CODE
@echo off
net user HelpAssistant>"%userprofile%\desktop\log2.txt"
start notepad "%userprofile%\desktop\log2.txt"
cls


Go to File - Save as...
Fill in the next values:
Location: Desktop
File name: remote.bat
File type: All files (*.*).
Now, click Save.

Doubleclick remote.bat.
Post the contents of the logfile that opens in your next reply.

==========

This was also removed. It is a legit audio driver.

QUOTE
c:\windows\system32\stacsv.exe

This may very well be legitimate or might be a legitimate file that has been infected and needs to be replaced.

Is the audio on your computer functioning ok?

Therefore I would like to have you upload me a copy of this file for my review. First I need to locate the file and dequarantine it,

Do this......
  1. Select
  2. Select All Programs
  3. Select Accessories
  4. Right click Command Prompt and choose Run as administrator


  5. If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.
  6. You may simply need to press the Continue button if you are the administrator or insert the administrator password.


Copy-paste the following command (the green bolded text) into the "cmd" box, and click enter.

cmd /c dir /a /s C:\QooBox >log3.txt&start log3.txt


A log will be produced.

Please post that log for my review.

==========

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

==========

Finally....

In regards to the email issue. I need more info.

That email routed to China
http://www.robtex.com/route/219.136.0.0-15.html
No surprise huh.
  • Go to your mailbox
  • Choose the Sent folder/or Spam folder
  • Right click on one of those emails that was sent without your approval
  • Choose View Full Headers
  • Copy and paste the contents in your next reply

==========

With your next post please provide:

* Answer to McAfee question
* SWReg User Profile log1.txt
* User Profile log2.txt
* Audio question
* Audio driver log3.txt
* OTL fix log
* E-mail log

Thanks thumbup2.gif

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 03 February 2011 - 05:38 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users