Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GoldS shut down message, redirected addresses,searches and hyperlinks


  • This topic is locked This topic is locked
24 replies to this topic

#1 rhdybll

rhdybll

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:RI
  • Local time:07:40 AM

Posted 28 September 2010 - 11:55 AM

Hello,
Several days ago I started getting the message in a little box "GoldS has

stopped working and windows has shut it down." I searched the computer for

'GoldS' and couldn't find it, then I googled it on Sunday and came up with

nothing. Monday I googled "GoldS has stopped working, Windows...etc." and got

1 hit, (your site) but was redirected several times to add and porn sites. I

couldn't access GMER or Malwarebytes or run MBR. I was sometimes redirected

to a google search page that didn't look quite right.

I restored my computer to a week ago and was able to update and run

Malwarebytes (found nothing) and went to a gmer (from a googled) site, downloaded and ran

the program and the computer immediately shut down...Blue screen -"A problem

has occured..Windows has shut down to prevent damage to the computer..." I

remember that the address was not "www2" that I saw on your site today. It may

have been .org or something, I'm not sure and now have erased history.

Last night and today I followed your Preparation Guide, did a backup

(Cobian) -not sure it worked, got error messages after it said it finished and it

started again. Said it couldn't find the files, but they were where they

belong, but never mind that. I skipped most of the solutions to address slow

running computers, as mine isn't running slow. (deleted the usual stuff and

histories).

I was able to access Malwarebytes and GMER using your hyperlinks , updated

and ran them succsessfully. I will enclose the logs requested. I got

another Blue screen shutdown as mentioned above just before starting this

entry. Never had that problem before. Do I still have problems?

Thank You in advance for your assistance, rhdybll

p.s. I just did another search for GoldS and see that someone else has already

entered a request for help on your site. I don't know how to connect my

request to his or if I should. Thanks Again


DDS (Ver_10-03-17.01) - NTFSx86
Run by Bill at 9:51:55.68 on Tue 09/28/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.934 [GMT -4:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\svchost.exe -k HPService
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Garmin\gStart.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Bill\Desktop\Defogger.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bill\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://rhodeisland.cox.net/cci/home
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070706
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [gStart] c:\garmin\gStart.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {ADAF85EF-4DCC-4665-87EF-AC96EDDCE86A} = 192.168.1.1,192.168.1.2
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-5-17 214664]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-9-27 67584]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-5 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-5-17 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-5-17 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-5-17 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-5-17 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-5-17 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-5-17 40552]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2007-7-5 23232]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2007-7-5 19008]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-6 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-12 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);c:\windows\system32\drivers\grmn0200.sys [2008-5-16 23208]
S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;c:\windows\system32\drivers\grmn1200.sys [2008-5-16 17448]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-5-17 34248]
S3 SDSTOR2K;SanDisk USB ImageMate/SecureMate Mass Storage Driver;c:\windows\system32\drivers\SDSTOR2K.SYS [2010-1-15 37685]

=============== Created Last 30 ================

2010-09-28 13:43:08 0 ----a-w- c:\users\bill\defogger_reenable
2010-09-28 01:18:57 0 d-----w- c:\program files\Cobian Backup 10
2010-09-28 01:15:03 15492608 ----a-w- c:\users\bill\cbSetup.exe
2010-09-15 13:27:36 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 13:27:32 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 13:27:30 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 13:27:24 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-08-30 01:02:25 133120 ----a-w- c:\users\bill\MapSetToolKit.exe

==================== Find3M ====================

2010-09-28 12:54:45 34805 ----a-w- c:\programdata\nvModes.dat
2010-07-16 16:32:35 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-16 16:32:35 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-16 16:32:30 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-17 21:29:32 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-07-07 00:47:18 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-07-06 05:35:39 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 9:54:10.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 AM

Posted 02 October 2010 - 11:40 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 rhdybll

rhdybll
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:RI
  • Local time:07:40 AM

Posted 02 October 2010 - 02:09 PM

Hello etavares,
Thank you for replying. My computer seemed to be acting OK until I ran GMER. As I was saving the log, I got a blue screen - something about shutting down to protect the computer... and lost the log. I tried running it again a couple of times and it shuts down right away - I caught the message about something missing before it shut down again...
I will send the other two logs and try to run GMER again. I have an older copy that uses a different name, I will try to update that and run it. I don't if what I have is enough to get going but here it is;

Thanks again, rhdybll

OTL logfile created on: 10/2/2010 1:24:00 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Bill\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 120.32 Gb Free Space | 54.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.34 Gb Free Space | 63.45% Space Free | Partition Type: NTFS
Drive E: | 557.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BILL2-PC
Current User Name: Bill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/02 13:21:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
PRC - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2010/08/11 12:53:13 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/06/26 00:24:17 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/03/08 10:25:35 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/01/14 12:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/23 16:13:38 | 000,126,976 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\pmxmiced.exe
PRC - [2006/11/08 15:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/07/25 09:05:44 | 001,896,448 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe


========== Modules (SafeList) ==========

MOD - [2010/10/02 13:21:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
MOD - [2009/12/08 14:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\LVMVDrv.sys -- (LVMVDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\LVcKap.sys -- (LVcKap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/07/15 15:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/03/24 05:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/05/01 00:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/30 23:55:34 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/12/17 02:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/01/24 11:06:40 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/07/06 01:35:38 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/07/06 01:35:38 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/07/06 01:35:38 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/03/23 07:09:16 | 000,129,832 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/03/15 09:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/25 12:10:48 | 000,005,376 | ---- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/05 16:51:38 | 000,017,448 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\grmn1200.sys -- (grmn1200)
DRV - [2007/01/05 16:51:36 | 000,023,208 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\grmn0200.sys -- (grmn0200) grmn0200.Sys Garmin USB DCP driver (install)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/19 17:29:32 | 000,019,008 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2006/10/19 17:27:56 | 000,023,232 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2006/10/18 14:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 14:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2001/07/11 07:38:18 | 000,037,685 | ---- | M] (SanDisk Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SDSTOR2K.SYS -- (SDSTOR2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=6070706


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rhodeisland.cox.net/cci/home
IE - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/01 08:51:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/mygarmin/m/GarminAxControl.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\inspiron_DT_1152x864_03.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\inspiron_DT_1152x864_03.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001/02/22 05:45:18 | 000,000,039 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4e16a6b7-2b40-11dc-bcab-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4e16a6b7-2b40-11dc-bcab-806e6f6e6963}\Shell\AutoRun\command - "" = E:\RAVE.exe -- [2001/02/21 07:00:36 | 000,038,400 | R--- | M] ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/02 13:21:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
[2010/10/01 16:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/09/28 10:03:11 | 000,000,000 | ---D | C] -- C:\Users\Bill\Desktop\gmer
[2010/09/27 21:20:22 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Local\Safe mirror
[2010/09/27 21:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/09/27 21:15:03 | 015,492,608 | ---- | C] (Luis Cobian, CobianSoft) -- C:\Users\Bill\cbSetup.exe
[2010/09/07 20:20:17 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\Turbo Lister Backup
[2010/08/26 17:12:45 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\Turbo Lister
[2010/08/26 15:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay
[2010/08/26 15:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\eBay
[2010/07/05 21:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/07/05 17:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Panasonic

========== Files - Modified Within 90 Days ==========

[2010/10/02 13:29:30 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0D096C5A-39AB-4299-93FD-1ACFCF93934C}.job
[2010/10/02 13:27:00 | 004,194,304 | -HS- | M] () -- C:\Users\Bill\ntuser.dat
[2010/10/02 13:21:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
[2010/10/02 13:10:20 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 13:10:20 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 12:55:26 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/02 11:41:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/02 11:12:19 | 000,030,830 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/10/02 11:12:11 | 000,000,321 | ---- | M] () -- C:\Users\Bill\Desktop\RAVE.lnk
[2010/10/02 11:10:47 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/02 11:10:46 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/02 11:10:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/02 11:10:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/02 11:10:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/02 11:10:14 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/02 11:09:08 | 000,524,288 | -HS- | M] () -- C:\Users\Bill\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/10/02 11:09:08 | 000,065,536 | -HS- | M] () -- C:\Users\Bill\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/10/02 11:08:59 | 003,238,370 | -H-- | M] () -- C:\Users\Bill\AppData\Local\IconCache.db
[2010/10/01 17:00:39 | 000,703,754 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/10/01 17:00:39 | 000,603,730 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/01 17:00:39 | 000,105,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/28 12:46:33 | 000,011,530 | ---- | M] () -- C:\Users\Bill\Desktop\ark.zip
[2010/09/28 11:12:16 | 000,002,536 | ---- | M] () -- C:\Users\Bill\Desktop\Attach.zip
[2010/09/28 10:31:19 | 417,163,508 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/28 09:59:03 | 000,284,915 | ---- | M] () -- C:\Users\Bill\Desktop\gmer.zip
[2010/09/28 09:50:42 | 000,525,824 | ---- | M] () -- C:\Users\Bill\Desktop\dds.scr
[2010/09/28 09:43:08 | 000,000,000 | ---- | M] () -- C:\Users\Bill\defogger_reenable
[2010/09/27 23:36:34 | 000,050,477 | ---- | M] () -- C:\Users\Bill\Desktop\Defogger.exe
[2010/09/27 21:15:04 | 015,492,608 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Users\Bill\cbSetup.exe
[2010/09/27 17:47:24 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/09/27 17:41:55 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/09/09 15:26:26 | 000,011,264 | ---- | M] () -- C:\Users\Bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/04 20:50:05 | 000,000,945 | ---- | M] () -- C:\Users\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/26 15:22:12 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
[2010/08/26 15:21:43 | 000,001,581 | ---- | M] () -- C:\Users\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay Turbo Lister 2.lnk
[2010/08/25 10:26:28 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/15 07:25:17 | 000,408,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/10 21:11:48 | 000,020,480 | ---- | M] () -- C:\Users\Bill\Documents\10 August 2010 Barclay Bank.doc
[2010/07/15 15:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2010/07/05 14:24:11 | 058,413,056 | ---- | M] () -- C:\Users\Bill\Documents\TripWpt Mgr v3.iso

========== Files Created - No Company Name ==========

[2010/10/02 11:12:11 | 000,000,321 | ---- | C] () -- C:\Users\Bill\Desktop\RAVE.lnk
[2010/09/28 12:46:33 | 000,011,530 | ---- | C] () -- C:\Users\Bill\Desktop\ark.zip
[2010/09/28 11:12:16 | 000,002,536 | ---- | C] () -- C:\Users\Bill\Desktop\Attach.zip
[2010/09/28 09:59:00 | 000,284,915 | ---- | C] () -- C:\Users\Bill\Desktop\gmer.zip
[2010/09/28 09:50:35 | 000,525,824 | ---- | C] () -- C:\Users\Bill\Desktop\dds.scr
[2010/09/28 09:43:08 | 000,000,000 | ---- | C] () -- C:\Users\Bill\defogger_reenable
[2010/09/27 23:36:34 | 000,050,477 | ---- | C] () -- C:\Users\Bill\Desktop\Defogger.exe
[2010/09/27 21:12:58 | 000,000,072 | ---- | C] () -- C:\Users\Bill\bleepingids.txt
[2010/09/27 17:47:24 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/08/29 21:02:25 | 000,133,120 | ---- | C] () -- C:\Users\Bill\MapSetToolKit.exe
[2010/08/26 15:22:12 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
[2010/08/26 15:21:43 | 000,001,581 | ---- | C] () -- C:\Users\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay Turbo Lister 2.lnk
[2010/08/10 21:11:47 | 000,020,480 | ---- | C] () -- C:\Users\Bill\Documents\10 August 2010 Barclay Bank.doc
[2010/07/16 19:32:10 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/07/16 19:32:09 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/05 14:22:33 | 058,413,056 | ---- | C] () -- C:\Users\Bill\Documents\TripWpt Mgr v3.iso
[2010/02/26 21:58:06 | 000,011,264 | ---- | C] () -- C:\Users\Bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/15 10:06:07 | 000,002,204 | ---- | C] () -- C:\Windows\System32\drivers\UNINST2K.SYS
[2010/01/15 10:06:07 | 000,001,214 | ---- | C] () -- C:\Windows\Sdcache.ini
[2010/01/15 10:05:47 | 000,002,679 | ---- | C] () -- C:\Windows\System32\SDUSBPDR.INI
[2009/11/02 10:17:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/05/22 19:23:43 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/10/08 13:59:08 | 000,000,000 | ---- | C] () -- C:\Users\Bill\AppData\Roaming\wklnhst.dat
[2007/10/08 11:54:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/08 11:02:25 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/10/07 20:14:30 | 000,006,290 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/08/06 19:22:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/07/24 10:09:04 | 000,000,228 | ---- | C] () -- C:\Windows\wininit.ini
[2007/07/05 17:55:36 | 000,131,062 | ---- | C] () -- C:\Windows\System32\DellPM.ini
[2007/03/19 05:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 05:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 05:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 05:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\Windows\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/07/06 23:37:24 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\BitTorrent
[2010/01/20 20:26:49 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/20 10:32:13 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\GARMIN
[2010/07/11 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Image Zone Express
[2010/05/18 12:08:01 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\ImgBurn
[2008/10/27 09:18:12 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Leadertech
[2007/10/07 21:52:38 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Printer Info Cache
[2008/11/04 10:49:40 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Template
[2010/04/15 01:01:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/04/01 01:03:10 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/10/02 11:09:10 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/02 13:29:30 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0D096C5A-39AB-4299-93FD-1ACFCF93934C}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/10 09:22:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/07/06 01:37:50 | 000,004,885 | RH-- | M] () -- C:\dell.sdr
[2010/10/02 11:10:14 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2007/02/01 04:24:24 | 000,258,048 | ---- | M] (Hewlett-Packard) -- C:\hpzids01.dll
[2010/08/26 15:24:55 | 000,000,387 | ---- | M] () -- C:\InstallHelper.log
[2008/12/08 13:44:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/19 21:27:24 | 000,093,056 | ---- | M] (GMER) -- C:\kglcqpod.sys
[2010/07/14 13:30:29 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/12/08 13:44:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2010/10/02 11:10:13 | 2459,705,344 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 05:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\prtprocs\w32x86\EP0NPP01.DLL
[2007/02/02 11:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\Users\Bill\Downloads\Windows XP PRO SP3 (x86) Retail DVD + AntiWPA Activator REZMAN1984\Windows XP PRO SP3 (x86) Retail DVD\I386\sp3.cab:AGP440.sys
[2008/06/19 16:46:53 | 018,163,061 | ---- | M] () .cab file -- C:\Users\Bill\xpprob&b\xpprob&b files\XPPro bb\I386\sp3.cab:AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/07/06 01:35:10 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007/07/06 01:35:10 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/07/06 01:35:10 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/07/06 01:35:10 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\Users\Bill\Downloads\Windows XP PRO SP3 (x86) Retail DVD + AntiWPA Activator REZMAN1984\Windows XP PRO SP3 (x86) Retail DVD\I386\sp3.cab:atapi.sys
[2008/06/19 16:46:53 | 018,163,061 | ---- | M] () .cab file -- C:\Users\Bill\xpprob&b\xpprob&b files\XPPro bb\I386\sp3.cab:atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/07/06 01:35:46 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/07/06 01:35:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/07/06 01:35:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007/07/06 01:35:46 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/07/06 01:35:46 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/24 04:04:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/24 04:04:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/24 04:04:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/24 04:04:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRD32.SYS >
[2007/03/23 07:09:16 | 000,129,832 | ---- | M] (NVIDIA Corporation) MD5=DCDECB11B5A8AD813FEE68FD98C60E0A -- C:\Drivers\storage\R152146\nvrd32.sys
[2007/03/23 07:09:16 | 000,129,832 | ---- | M] (NVIDIA Corporation) MD5=DCDECB11B5A8AD813FEE68FD98C60E0A -- C:\Windows\System32\drivers\nvrd32.sys
[2007/03/23 07:09:16 | 000,129,832 | ---- | M] (NVIDIA Corporation) MD5=DCDECB11B5A8AD813FEE68FD98C60E0A -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_f832753e\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USER32.DLL >
[2007/07/06 01:37:03 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007/07/06 01:37:03 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008/01/19 03:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006/11/02 05:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

< MD5 for: WS2_32.DLL >
[2006/11/02 05:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[2008/01/19 03:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008/01/19 03:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Bill\Documents\MVI_0336.avi:Roxio EMC Stream
< End of report >

OTL Extras logfile created on: 10/2/2010 1:24:00 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Bill\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 120.32 Gb Free Space | 54.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.34 Gb Free Space | 63.45% Space Free | Partition Type: NTFS
Drive E: | 557.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BILL2-PC
Current User Name: Bill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{374F4C9F-1C70-4923-BE51-A100DD82F7A3}" = lport=139 | protocol=6 | dir=in | app=system |
"{4EE1EB56-27CB-4DD8-981C-BFA241923F00}" = rport=445 | protocol=6 | dir=out | app=system |
"{7CC11834-54AD-4DBC-9D13-23D1275DE050}" = lport=445 | protocol=6 | dir=in | app=system |
"{9FCAB672-F52B-4143-927A-7EFF3AEC6700}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A6769770-A2AC-4CEF-9332-365483B84E48}" = rport=137 | protocol=17 | dir=out | app=system |
"{B5B3C85B-9A8D-489D-8D4D-875A5D4B0163}" = rport=138 | protocol=17 | dir=out | app=system |
"{C384F59F-1CA8-417C-AB16-1138F66184F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CBE736A5-383E-438E-91EE-C6630EDDF3A5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DEA82035-4301-4543-8013-6458691E4F9E}" = lport=137 | protocol=17 | dir=in | app=system |
"{E8BF5B9C-D9F9-4B02-A315-E17C7373C6FE}" = rport=139 | protocol=6 | dir=out | app=system |
"{E9729BDB-F409-461A-AEED-54AFE8FB171B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FBC0DC8B-53DA-48E8-A4B8-CF917AC81CA6}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0191414F-B47E-47A0-B2FB-B9FC97AB0FCD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{42290B3C-5CB4-4F8C-BA8F-92F0E934FDED}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4D56F0FB-6D83-4407-B679-8FC144E2560E}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{7D012045-5FC0-470C-9AA7-D8A9E5F83DC2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8C2F8F95-33DF-4996-9318-8AACABBDF3C7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{91C6924E-B497-47E9-A417-43A6E8B57747}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{97B2AFD7-7FD4-4EBC-BB48-0389377FC028}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{A5C13C06-E539-4089-9300-3B1395C86AA7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AC47F4F3-89A8-4474-984E-3045A5029613}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B6067BA5-B2CB-40FE-AF19-22D3DE1E7B5D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C3368185-0D84-4B96-9336-33801E45B187}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E6FF48F7-7DE5-4A6E-8F07-13E3E1A57527}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{F47503EC-5ECE-4A5B-9F4D-766D755CC135}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8C72740-E8D8-49B1-A073-C5C043F8E5B1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"TCP Query User{1D16E9DB-A980-4D35-B6E6-C13D03FE95A5}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{91F7FF20-AD68-4BEE-BBAD-5561B495A238}C:\users\bill\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\bill\program files\dna\btdna.exe |
"TCP Query User{93276320-8617-4137-BE0E-A46958829788}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{AFF8FBB2-67B7-46B8-B793-B49A8CFC41B3}C:\users\bill\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\bill\program files\dna\btdna.exe |
"UDP Query User{64277184-7B31-400F-AF46-ECDFF7CBC2F4}C:\users\bill\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\bill\program files\dna\btdna.exe |
"UDP Query User{B11BE463-688B-43D0-BE12-1EC1151790EC}C:\users\bill\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\bill\program files\dna\btdna.exe |
"UDP Query User{C416FBDF-0595-4C6F-BBA7-A0718F9DCAC6}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{EC23432D-99EB-4408-8A45-E046A08D6D44}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{00F569D0-4330-4068-AB1E-AFE47F0A566A}" = MapSource - US Topo 24K National Parks, East v2
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F55FD77-DFF3-4ADF-ADF4-A423427ECB6A}" = Garmin BlueChart Americas 2008
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{162F8A0F-3EBF-4E2A-A37C-E8E29C261C25}" = Garmin City Navigator North America NT 2009.11 Update
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1A2E804D-0AB2-424A-A72E-E104E5C4A0B8}" = MapSource - US Topo 24K National Parks, West v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254A2683-4128-47B1-85DF-7690E6119EC6}" = Garmin BlueChart Americas v9
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2BAC066E-F2E9-11D2-A171-00C04F6C9FA4}" = Microsoft Office HTML Filter 2.0
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B8E4062-F294-11D2-A432-00C04F756128}" = Microsoft Word Supplemental Macros
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4BD5B5D2-406D-4bc5-BB10-2F0D1D367C95}" = c6100_Help
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CD507AA-9B8F-45D7-A3BA-D4F29D887932}" = Garmin MapInstall
"{58B42F3F-EC8D-4A53-9813-5EA43C4E9350}" = Garmin City Navigator North America NT 2009
"{5AB95303-661F-4D9A-B7B4-66174AF47764}" = MapSend Manager
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{5F8434AA-E977-4A28-8D39-35969565DF53}" = MapSource - City Select North America v6
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{777A68C0-8E72-4E74-8913-19DF65167A1D}" = MapSource - Fishing Hot Spots® v4.00
"{7C49EA42-5647-4051-84C2-E6404F25A931}" = Yahoo! Music Jukebox
"{7D6B5366-B9BD-446C-97E7-25B1D0A2AAE7}" = Fast-Track Reference Viewer 1.1
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D0FB354-3D85-483A-A899-99FB3084942D}" = Garmin MapSource
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F91CD1-A1FB-4E63-93FD-24F63F4B5A97}" = Garmin City Navigator North America NT 2008
"{AA1542E6-D54D-4AB3-97E1-28DB4CEB4B90}" = Garmin City Navigator North America 2008
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AD4203ED-7683-435E-B436-C299773A9936}" = MapSource - US Topo v3.02
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C88915C2-E307-4539-9F34-125FF55E89C3}" = MapSource - US Recreational Lakes v4.00
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v4
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E59219D4-23B8-11D3-A179-00C04F6C9FA4}" = Microsoft Word Supplemental Templates and Wizards
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAA9B753-45CE-4581-876C-55D97939B631}" = C6100
"{FAFEC8A4-B37A-4F52-8A72-D9B4F3A67CDA}" = Garmin BlueChart Atlantic v9.5
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"CobBackup10" = Cobian Backup 10
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ImageMate/SecureMate V5.06" = SanDisk ImageMate/SecureMate
"ImgBurn" = ImgBurn
"InstallShield_{00F569D0-4330-4068-AB1E-AFE47F0A566A}" = MapSource - US Topo 24K National Parks, East v2
"InstallShield_{5F8434AA-E977-4A28-8D39-35969565DF53}" = MapSource - City Select North America v6
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"legacyqcam_10.50" = Logitech Legacy USB Camera Driver Package
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSC" = McAfee SecurityCenter
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Shop for HP Supplies" = Shop for HP Supplies
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1591187901-1670543583-3842953487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/4/2010 8:50:14 PM | Computer Name = Bill2-PC | Source = Windows Search Service | ID = 3024
Description =

Error - 9/5/2010 8:50:33 PM | Computer Name = Bill2-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/5/2010 8:50:33 PM | Computer Name = Bill2-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/5/2010 8:50:33 PM | Computer Name = Bill2-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/5/2010 8:50:34 PM | Computer Name = Bill2-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/5/2010 8:51:20 PM | Computer Name = Bill2-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/5/2010 8:51:20 PM | Computer Name = Bill2-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/5/2010 8:51:20 PM | Computer Name = Bill2-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/5/2010 8:51:20 PM | Computer Name = Bill2-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/5/2010 9:48:12 PM | Computer Name = Bill2-PC | Source = Application Hang | ID = 1002
Description = The program MapSource.exe version 6.15.5.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ccc Start Time: 01cb4d653bb44fc9 Termination Time: 29

[ Media Center Events ]
Error - 9/21/2007 7:58:34 PM | Computer Name = Bill2-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/26/2007 3:41:11 PM | Computer Name = Bill2-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/23/2007 4:52:29 PM | Computer Name = Bill2-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/23/2007 6:47:37 PM | Computer Name = Bill2-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/6/2007 10:55:36 PM | Computer Name = Bill2-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/2/2008 8:09:44 PM | Computer Name = Bill2-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/9/2008 8:15:00 AM | Computer Name = Bill2-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 3/26/2009 7:34:35 PM | Computer Name = Bill2-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/21/2009 7:27:45 PM | Computer Name = Bill2-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/28/2009 3:28:55 PM | Computer Name = Bill2-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/1/2010 3:59:43 PM | Computer Name = Bill2-PC | Source = bowser | ID = 8003
Description =

Error - 10/1/2010 4:35:46 PM | Computer Name = Bill2-PC | Source = bowser | ID = 8003
Description =

Error - 10/1/2010 4:59:44 PM | Computer Name = Bill2-PC | Source = bowser | ID = 8003
Description =

Error - 10/1/2010 5:35:45 PM | Computer Name = Bill2-PC | Source = bowser | ID = 8003
Description =

Error - 10/1/2010 6:11:47 PM | Computer Name = Bill2-PC | Source = bowser | ID = 8003
Description =

Error - 10/1/2010 6:47:49 PM | Computer Name = Bill2-PC | Source = bowser | ID = 8003
Description =

Error - 10/2/2010 10:08:04 AM | Computer Name = Bill2-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/2/2010 10:08:33 AM | Computer Name = Bill2-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/2/2010 11:11:58 AM | Computer Name = Bill2-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/2/2010 11:12:02 AM | Computer Name = Bill2-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >
Thanks



#4 rhdybll

rhdybll
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:RI
  • Local time:07:40 AM

Posted 02 October 2010 - 03:18 PM

Hello again,
I've tried 5 times to run GMER and system keeps shutting down. Can't remember how I ran it with the different name last time. It was a different computer, different problem anyway, (the one I am on now - my laptop). I am trying to run GMER in safe mode on my desktop, we'll see what happens. Thanks for your patience, Bill

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 AM

Posted 02 October 2010 - 03:39 PM

Hello, rhdybll.

Yeah, GMER can cause crashes here or there. No need to connect your request to the others...since you posted there's many other requests similar to yours. Guess it's in the wild. The team is well connected.




P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.














Step 1

Scan With RKUnHooker
  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

QUOTE
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




Step 2

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.



Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 rhdybll

rhdybll
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:RI
  • Local time:07:40 AM

Posted 02 October 2010 - 05:05 PM

Hi,
Haven't used bittorrent for a long time.
I get McAfee from my ISP, it downloads an update every time I log on. I let it run a scan yesterday.

I guess running GMER in safe mode doesn't work, here is all I got for the log;

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-02 16:38:35
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Bill\AppData\Local\Temp\kglcqpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\fastfat \Fat 82FB6A7A

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



Here is the RKUnhook Report;

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8C003000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 11608064 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 197.28 )
0x8224A000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x8224A000 PnpManager 3903488 bytes
0x8224A000 RAW 3903488 bytes
0x8224A000 WMIxWDM 3903488 bytes
0x8DA07000 C:\Windows\system32\DRIVERS\LV302V32.SYS 2682880 bytes (Logitech Inc., Logitech Webcam Software Driver)
0x95690000 Win32k 2109440 bytes
0x95690000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8CE00000 C:\Windows\system32\drivers\RTKVHDA.sys 2052096 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x82E09000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82C79000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8B8C9000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8BE0A000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1052672 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x8D229000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x80461000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9F00D000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8BC05000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8D728000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8CB17000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8BCC6000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80541000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82C08000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x81C0A000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x81D7A000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8B855000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 303104 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x806A9000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8D3B7000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8060D000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80420000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x80795000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8DCAA000 C:\Windows\system32\DRIVERS\lvrs.sys 262144 bytes (Logitech Inc., Logitech Kernel Audio Improvement Filter Driver)
0x8B808000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8D66C000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82DAF000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x81D02000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x82F19000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8BD53000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82217000 ACPI_HAL 208896 bytes
0x82217000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8D6B6000 C:\Windows\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0x805CA000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8D600000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8BF25000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8BD88000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82D84000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8B89F000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8D349000 C:\Windows\System32\Drivers\Mpfp.sys 167936 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0x8D7D8000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x82F69000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80664000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x81D53000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8BDB5000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8BF54000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x80731000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x81CC2000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8B9D8000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x81CE3000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8075A000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8DD01000 C:\Windows\System32\Drivers\dump_nvstor32.sys 118784 bytes
0x80778000 C:\Windows\system32\drivers\nvstor32.sys 118784 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x81C77000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8D313000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8DD37000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x81C94000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x80718000 C:\Windows\system32\drivers\nvraid.sys 102400 bytes (NVIDIA Corporation, NVIDIA® nForce™ RAID Driver)
0x8BF0D000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8DD5E000 C:\Windows\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)
0x81D3B000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8D6F1000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8DDA1000 C:\Windows\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0x8CBE2000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8D708000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9F127000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8DD8B000 C:\Windows\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0x807E6000 C:\Windows\System32\Drivers\DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0x8D632000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8D37B000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x81CAD000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8BF9A000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8BF86000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8D3A3000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8DDD0000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D656000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8D391000 C:\Windows\system32\DRIVERS\ipfltdrv.sys 73728 bytes (Microsoft Corporation, IP FILTER DRIVER)
0x9F110000 C:\Windows\system32\drivers\mfeavfk.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x8DC98000 C:\Windows\system32\drivers\usbaudio.sys 73728 bytes (Microsoft Corporation, USB Audio Class Driver)
0x82F90000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8BFEC000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80407000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82DEA000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x807D6000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8D337000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8DDC0000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80708000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8BFAF000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8DD28000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x82F5A000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8068B000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8BF77000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8B846000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8069A000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x958D0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8D648000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D212000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x806FA000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8DCEA000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8BCB9000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8BFDF000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x805BD000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9F0F5000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8B9CC000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8CBB8000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8DD52000 C:\Windows\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0x8BFBF000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8BFCA000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8D207000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8CBC4000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8CBD7000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x82FDE000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8DCF7000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x8DD1E000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8BFD5000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8D6AC000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9F0EB000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x82FF2000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x82FA1000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8CFF5000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8D32E000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8D372000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8D71F000 C:\Windows\system32\drivers\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0x9F147000 C:\Windows\system32\drivers\mfesmfk.sys 36864 bytes (McAfee, Inc., System Monitor Filter Driver)
0x9F150000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x80600000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8D220000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x958B0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x82FE9000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80653000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80752000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80418000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8D6E9000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8065C000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8BDF7000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8BDE7000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x9F13F000 C:\Windows\system32\DRIVERS\serscan.sys 32768 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0x82F52000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9F101000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8BDDA000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8DD7D000 C:\Windows\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x8DD84000 C:\Windows\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x8BDF0000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80400000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x9F109000 C:\Windows\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x8BE00000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x806F3000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8BDE1000 C:\Windows\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0x8DD76000 C:\Windows\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)
0x9F122000 C:\Windows\system32\Drivers\LVPr2Mon.sys 20480 bytes (-, -)
0x81DE2000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8D6A8000 C:\Windows\system32\DRIVERS\pmxmouse.sys 16384 bytes (Primax Electronics Ltd., Mouse Suite Driver (For Windows 2000 and Whistler Only))
0x8D669000 C:\Windows\system32\DRIVERS\pmxusblf.sys 12288 bytes (Primax Electronics Ltd., USB Mouse Low Filter Driver(Win2000 only))
0x8BF0B000 C:\Windows\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0x8DD7B000 C:\Windows\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)
0x9F13D000 C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 8192 bytes (Gteko Ltd., Process Trigger Driver)
0x81DE0000 C:\Windows\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0x8DC96000 C:\Windows\system32\DRIVERS\lv302af.sys 8192 bytes (Logitech Inc., Audio filter for Express Plus)
0x8CB15000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 197.28 )
0x8CBF9000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8D347000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8DD5D000 C:\Windows\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
==============================================
>Stealth
==============================================
0x00C00000 Hidden Image-->CobStringList.dll [ EPROCESS 0x811A8AB0 ] PID: 628, 28672 bytes
0x01D00000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x9E75E248 ] PID: 4008, 28672 bytes
0x01CA0000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x9E75E248 ] PID: 4008, 36864 bytes
0x00FA0000 Hidden Image-->System.Core.dll [ EPROCESS 0x811A8AB0 ] PID: 628, 675840 bytes
0x01B10000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x9E75E248 ] PID: 4008, 77824 bytes



Here is the MBRCheck..;



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 531
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 164):
0x8224A000 \SystemRoot\system32\ntkrnlpa.exe
0x82217000 \SystemRoot\system32\hal.dll
0x80400000 \SystemRoot\system32\kdcom.dll
0x80407000 \SystemRoot\system32\PSHED.dll
0x80418000 \SystemRoot\system32\BOOTVID.dll
0x80420000 \SystemRoot\system32\CLFS.SYS
0x80461000 \SystemRoot\system32\CI.dll
0x80541000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060D000 \SystemRoot\system32\drivers\acpi.sys
0x80653000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8065C000 \SystemRoot\system32\drivers\msisadrv.sys
0x80664000 \SystemRoot\system32\drivers\pci.sys
0x8068B000 \SystemRoot\System32\drivers\partmgr.sys
0x8069A000 \SystemRoot\system32\drivers\volmgr.sys
0x806A9000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F3000 \SystemRoot\system32\drivers\pciide.sys
0x806FA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80708000 \SystemRoot\System32\drivers\mountmgr.sys
0x80718000 \SystemRoot\system32\drivers\nvraid.sys
0x80731000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80752000 \SystemRoot\system32\drivers\atapi.sys
0x8075A000 \SystemRoot\system32\drivers\ataport.SYS
0x80778000 \SystemRoot\system32\drivers\nvstor32.sys
0x80795000 \SystemRoot\system32\drivers\storport.sys
0x805CA000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D6000 \SystemRoot\system32\drivers\fileinfo.sys
0x807E6000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x80600000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82C08000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82C79000 \SystemRoot\system32\drivers\ndis.sys
0x82D84000 \SystemRoot\system32\drivers\msrpc.sys
0x82DAF000 \SystemRoot\system32\drivers\NETIO.SYS
0x82E09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82F19000 \SystemRoot\system32\drivers\volsnap.sys
0x82F52000 \SystemRoot\System32\Drivers\spldr.sys
0x82F5A000 \SystemRoot\System32\Drivers\mup.sys
0x82F69000 \SystemRoot\System32\drivers\ecache.sys
0x82F90000 \SystemRoot\system32\drivers\disk.sys
0x82FA1000 \SystemRoot\system32\drivers\crcdisk.sys
0x82FDE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82FE9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82DEA000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x82FF2000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B808000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B846000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B855000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0x8B89F000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B8C9000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8BC05000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8BCB9000 \SystemRoot\system32\drivers\modem.sys
0x8BCC6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BE0A000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8BF0B000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x8BF0D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C003000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8CB15000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8CB17000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CBB8000 \SystemRoot\System32\drivers\watchdog.sys
0x8BF25000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CBD7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CBE2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CBC4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BF54000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BF77000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BF86000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BF9A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8BFAF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8BFBF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BFCA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CBF9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BFD5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BFDF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BD53000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BFEC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CE00000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8BD88000 \SystemRoot\system32\drivers\portcls.sys
0x8BDB5000 \SystemRoot\system32\drivers\drmk.sys
0x8CFF5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8BE00000 \SystemRoot\System32\Drivers\Null.SYS
0x8BDDA000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BDE1000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x8BDF0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B9CC000 \SystemRoot\System32\drivers\vga.sys
0x8B9D8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BDF7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BDE7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D207000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D212000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D220000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D229000 \SystemRoot\System32\drivers\tcpip.sys
0x8D313000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D32E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D337000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D347000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D349000 \SystemRoot\System32\Drivers\Mpfp.sys
0x8D372000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D37B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D391000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x8D3A3000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D3B7000 \SystemRoot\system32\drivers\afd.sys
0x8D600000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D632000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D648000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D656000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D669000 \SystemRoot\system32\DRIVERS\pmxusblf.sys
0x8D66C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D6A8000 \SystemRoot\system32\DRIVERS\pmxmouse.sys
0x8D6AC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D6B6000 \SystemRoot\system32\drivers\mfehidk.sys
0x8D6E9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D6F1000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D708000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D71F000 \SystemRoot\system32\drivers\LVUSBSta.sys
0x8DA07000 \SystemRoot\system32\DRIVERS\LV302V32.SYS
0x8DC96000 \SystemRoot\system32\DRIVERS\lv302af.sys
0x8DC98000 \SystemRoot\system32\drivers\usbaudio.sys
0x8DCAA000 \SystemRoot\system32\DRIVERS\lvrs.sys
0x8DCEA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8DCF7000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8DD01000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x95690000 \SystemRoot\System32\win32k.sys
0x8DD1E000 \SystemRoot\System32\drivers\Dxapi.sys
0x8DD28000 \SystemRoot\system32\DRIVERS\monitor.sys
0x958B0000 \SystemRoot\System32\TSDDD.dll
0x958D0000 \SystemRoot\System32\cdd.dll
0x8DD37000 \SystemRoot\system32\drivers\luafv.sys
0x8DD52000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x8DD5D000 \SystemRoot\System32\DLA\DLADResM.SYS
0x8DD5E000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x8DD76000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x8DD7B000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x8DD7D000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x8DD84000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x8DD8B000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x8DDA1000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0x8D728000 \SystemRoot\system32\drivers\spsys.sys
0x8DDC0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8DDD0000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81C0A000 \SystemRoot\system32\drivers\HTTP.sys
0x81C77000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81C94000 \SystemRoot\system32\DRIVERS\bowser.sys
0x81CAD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x81CC2000 \SystemRoot\system32\drivers\mrxdav.sys
0x81CE3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x81D02000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x81D3B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x81D53000 \SystemRoot\System32\DRIVERS\srv2.sys
0x81D7A000 \SystemRoot\System32\DRIVERS\srv.sys
0x81DE0000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0x81DE2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x8D7D8000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9F00D000 \SystemRoot\system32\drivers\peauth.sys
0x9F0EB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F0F5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F101000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9F109000 \SystemRoot\system32\drivers\mfebopk.sys
0x9F110000 \SystemRoot\system32\drivers\mfeavfk.sys
0x9F122000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0x9F127000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9F13D000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0x9F13F000 \SystemRoot\system32\DRIVERS\serscan.sys
0x9F147000 \SystemRoot\system32\drivers\mfesmfk.sys
0x77050000 \Windows\System32\ntdll.dll

Processes (total 91):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
572 csrss.exe
632 C:\Windows\System32\wininit.exe
644 csrss.exe
676 C:\Windows\System32\services.exe
688 C:\Windows\System32\lsass.exe
696 C:\Windows\System32\lsm.exe
780 C:\Windows\System32\winlogon.exe
880 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\nvvsvc.exe
1004 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\audiodg.exe
1320 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\SLsvc.exe
1404 C:\Windows\System32\nvvsvc.exe
1420 C:\Windows\System32\svchost.exe
1576 C:\Windows\System32\svchost.exe
1732 C:\Windows\System32\spoolsv.exe
1756 C:\Windows\System32\svchost.exe
540 C:\Windows\System32\AERTSrv.exe
588 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
564 C:\Program Files\Bonjour\mDNSResponder.exe
628 C:\Program Files\Cobian Backup 10\cbVSCService.exe
1568 C:\Windows\System32\svchost.exe
1728 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
252 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
364 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
888 C:\Windows\System32\rundll32.exe
2060 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
2164 C:\Program Files\McAfee\MPF\MpfSrv.exe
2264 C:\Windows\System32\svchost.exe
2292 C:\Windows\System32\svchost.exe
2312 C:\Windows\System32\svchost.exe
2568 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2600 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
2624 C:\Windows\System32\svchost.exe
2660 C:\Windows\System32\svchost.exe
2696 C:\Windows\System32\SearchIndexer.exe
2744 C:\Windows\System32\drivers\XAudio.exe
2988 C:\Windows\System32\taskeng.exe
3344 C:\Windows\System32\dwm.exe
3396 C:\Windows\System32\taskeng.exe
3456 C:\Windows\explorer.exe
3612 C:\Windows\RtHDVCpl.exe
3636 C:\Windows\System32\ico.exe
3680 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3732 C:\Windows\System32\pmxmiced.exe
3792 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3860 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
3984 C:\Program Files\McAfee.com\Agent\mcagent.exe
4008 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
1832 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
1112 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2592 C:\Program Files\DellSupport\DSAgnt.exe
2676 C:\Windows\ehome\ehtray.exe
3308 C:\Program Files\Windows Media Player\wmpnscfg.exe
3300 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3628 C:\Windows\ehome\ehmsas.exe
3880 C:\Garmin\gStart.exe
3800 C:\Program Files\Digital Line Detect\DLG.exe
4024 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
752 C:\Program Files\WinZip\WZQKPICK.EXE
3256 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
4216 C:\Program Files\Windows Live\Contacts\wlcomm.exe
4320 C:\Program Files\Internet Explorer\iexplore.exe
4380 C:\Program Files\Internet Explorer\iexplore.exe
4556 C:\Program Files\Windows Live\Toolbar\wltuser.exe
5364 C:\Windows\System32\svchost.exe
5564 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
5716 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
5828 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
4532 C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
4584 C:\Program Files\Windows Media Player\wmpnetwk.exe
4804 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
4712 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
5708 C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
4900 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
4284 taskeng.exe
2644 C:\Windows\System32\SearchProtocolHost.exe
3208 C:\Windows\System32\SearchFilterHost.exe
5232 C:\Program Files\Internet Explorer\iexplore.exe
2388 C:\Windows\System32\SearchProtocolHost.exe
4288 taskeng.exe
4780 dllhost.exe
4680 dllhost.exe
4640 C:\Users\Bill\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

PhysicalDrive0 Model Number: WDC WD2500JS-75NCB3, Rev: 10.0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!



Here is the MBAM log;



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4734

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

10/2/2010 5:21:38 PM
mbam-log-2010-10-02 (17-21-38).txt

Scan type: Quick scan
Objects scanned: 147677
Time elapsed: 9 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks again, Bill




#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 AM

Posted 02 October 2010 - 06:05 PM

Hello, rhdybll.

It's looking like you did a good job cleaning up. How is your computer running? Let's fix a few things and get one last scan.



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 21 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.



Step 2

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:
  1. Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
  2. Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
  3. Click OK at the first message box.
  4. Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
  5. Click OK.
  6. Click Yes to create the new folder.
  7. You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.



Step 3

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\LVMVDrv.sys -- (LVMVDrv)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\LVcKap.sys -- (LVcKap)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/mygarmin/m/GarminAxControl.CAB (Reg Error: Key error.)
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 0
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 4

Please go to the Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Note: Kaspersky online scan may take time to complete, please be patient.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 rhdybll

rhdybll
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:RI
  • Local time:07:40 AM

Posted 02 October 2010 - 08:44 PM

Hello, etavares.

Java has been bugging me for a while to update, but since I got burned last

year by an "Adobe Update" (that wasn't) on my laptop I'm leery of

automatically allowing updates. eBay techies bailed me out because the hackers

were using a fake eBay login page that went to a 'Paypal' page wanting me to

verify all my paypal, credit card and banking info... yeah, right...
You said I did a good job cleaning up - The only thing I did was to restore

to an earlier date. It CANNOT be that easy. I'm assuming that the stuff you

had me do was what did it. I'm afraid that YOU have to take the blame.
I will get on now with your latest instructions.

The automatic ERUNT backup seemed to work in Vista, or I did something

wrong...? yes I did. Or I have now, I tried to do it both ways, and running

as administrator (second option) won't work because there is already a file by

that name that I can't delete (access denied). There are four files (1,2,3,4)

and todays date/users I cannot even access them to read. I think I better stop

now.... sorry, what next?



#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 AM

Posted 03 October 2010 - 06:01 AM

When I get a bug for an automatic update, I always go directly to the site to download for that reason...I have seen fake alerts before from malware. You should be good to go then if the manual backup said there was another file of the same name...I guess the autobackup did work. I don't have Vista so I can't test it myself. Please keep going with steps 3 and 4.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 rhdybll

rhdybll
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:RI
  • Local time:07:40 AM

Posted 03 October 2010 - 01:46 PM

Hello,
I'm working on it. Should Kaspersky take over 9 hours to scan ? That's what it working out to. 41% at 3 hours 45 min. That will make it 8pm EDT, about 5 more hours. Everything else has run successfully.
Thanks, rhdybll

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 AM

Posted 03 October 2010 - 01:52 PM

It all depends on how many files you have, how large they are, processor, memory, hard drive, etc.. As long as the time gets shorter and the % increases it's working.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 rhdybll

rhdybll
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:RI
  • Local time:07:40 AM

Posted 03 October 2010 - 08:04 PM

Hello etavares,

I apologise if my messages seem disjointed or out of chronological order.

They are being recorded in notepad as I go along so that I can keep track of

what I'm doing, then I go back and paste in the reports before I copy and send

the whole mess...er, message that is


1) Updated Java



Good Morning, or whatever time of day it is where you are,


2) It just occured to me to uninstall and reinstall ERUNT using your

recommendations. It seems to have worked.


3) It took a couple of tries to run the OTL programs you requested, here are

the results;

All processes killed
========== OTL ==========
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
File C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkflt.sys not found.
Service LVMVDrv stopped successfully!
Service LVMVDrv deleted successfully!
File C:\Windows\System32\DRIVERS\LVMVDrv.sys not found.
Service LVcKap stopped successfully!
Service LVcKap deleted successfully!
File C:\Windows\System32\DRIVERS\LVcKap.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File C:\Windows\System32\DRIVERS\ipinip.sys not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\System32\drivers\blbdrive.sys not found.
Registry key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-

9D64-90988571CECB}\ not found.
Registry value

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted

successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gop

her|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store

Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted

successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-

84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed

Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-

84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store

Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted

successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-

9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed

Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-

9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store

Database\Distribution Units\Garmin Communicator Plug-

In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store

Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed

Components\Garmin Communicator Plug-In\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\McAfeeAntiSpyware\\"DisableMonitoring" | 0 /E : value set

successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bill
->Temp folder emptied: 630449 bytes
->Temporary Internet Files folder emptied: 9372715 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 213200455 bytes
RecycleBin emptied: 8543977 bytes

Total Files Cleaned = 221.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10032010_094743

Files\Folders moved on Reboot...
C:\Users\Bill\AppData\Local\Temp\Low\~DFD657.tmp moved successfully.
File\Folder C:\Users\Bill\AppData\Local\Temp\~DF8934.tmp not found!
File\Folder C:\Users\Bill\AppData\Local\Temp\~DF893A.tmp not found!
File\Folder C:\Users\Bill\AppData\Local\Temp\~DF8987.tmp not found!
File\Folder C:\Users\Bill\AppData\Local\Temp\~DF898D.tmp not found!
C:\Users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet

Files\Low\Content.IE5\UQ7TQAXU\iframe[1].htm moved successfully.
C:\Users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet

Files\Low\Content.IE5\AH780V2K\index[1].htm moved successfully.
C:\Users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet

Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved

successfully.
File\Folder C:\Windows\temp\logishrd\LVPrcInj04.dll not found!
File\Folder C:\Windows\temp\mcafee_D8OgRBFWfui7xdY not found!
File\Folder C:\Windows\temp\mcmsc_6nE5tehd3JcLdVI not found!
File\Folder C:\Windows\temp\mcmsc_k2tgiM12MpZTu1o not found!
File\Folder C:\Windows\temp\mcmsc_RYjIOr7PWdNnm3G not found!

Registry entries deleted on Reboot...



AND




OTL logfile created on: 10/3/2010 10:00:00 AM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Bill\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type

= NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format:

M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00%

Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File

free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program

Files
Drive C: | 222.78 Gb Total Space | 120.57 Gb Free Space | 54.12% Space Free |

Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.34 Gb Free Space | 63.45% Space Free |

Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BILL2-PC
Current User Name: Bill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/02 13:21:23 | 000,575,488 | ---- | M] (OldTimer Tools) --

C:\Users\Bill\Desktop\OTL.exe
PRC - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian)

-- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2010/08/11 12:53:13 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) --

C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) --

C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/03/08 10:25:35 | 000,202,256 | ---- | M] (RealNetworks, Inc.) --

C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) --

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) --

c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) --

C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program

Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program

Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) --

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) --

C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) --

C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) --

c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) --

c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)

-- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)

-- C:\Windows\explorer.exe
PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation)

-- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation)

-- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/01/14 12:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.)

-- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor)

-- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics

Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) --

C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) --

C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) --

C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/23 16:13:38 | 000,126,976 | ---- | M] (Primax Electronics Ltd.)

-- C:\Windows\System32\pmxmiced.exe
PRC - [2006/11/08 15:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.)

-- C:\Windows\System32\ico.exe
PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) --

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) --

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) --

C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation)

-- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/07/25 09:05:44 | 001,896,448 | ---- | M] (GARMIN Corp.) --

C:\Garmin\gStart.exe


========== Modules (SafeList) ==========

MOD - [2010/10/02 13:21:23 | 000,575,488 | ---- | M] (OldTimer Tools) --

C:\Users\Bill\Desktop\OTL.exe
MOD - [2009/12/08 14:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) --

c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation)

-- C:\Windows\winsxs\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation)

-- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian)

[Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe --

(cbVSCService)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto |

Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto |

Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee

SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto |

Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto |

Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe --

(LVPrcSrv)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation)

[On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand

| Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown |

Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand

| Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation)

[On_Demand | Stopped] -- C:\Program Files\Windows Live\Family

Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto |

Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe --

(McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto |

Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)

[Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement

Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation)

[Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics

Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe --

(AERTFilters)
SRV - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto

| Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe --

(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped]

-- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation)

[On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD

DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/07/15 15:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel |

System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/03/24 05:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation)

[Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys --

(nvlddmkm)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand |

Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel |

System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel |

On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel |

On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel |

On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel |

On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation)

[Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys --

(fssfltr)
DRV - [2009/05/01 00:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel |

On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel |

On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)

Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/30 23:55:34 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel |

On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys --

(pepifilter)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation)

[Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys --

(usbaudio) USB Audio Driver (WDM)
DRV - [2008/12/17 02:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel |

On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/01/24 11:06:40 | 002,054,872 | ---- | M] (Realtek Semiconductor

Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32

\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio

(WDM)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation)

[Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys --

(nvstor32)
DRV - [2007/07/06 01:35:38 | 000,020,152 | ---- | M] (VIA Technologies, Inc.)

[Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys --

(viaide)
DRV - [2007/07/06 01:35:38 | 000,019,128 | ---- | M] (CMD Technology, Inc.)

[Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys --

(cmdide)
DRV - [2007/07/06 01:35:38 | 000,017,592 | ---- | M] (Acer Laboratories Inc.)

[Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys --

(aliide)
DRV - [2007/03/23 07:09:16 | 000,129,832 | ---- | M] (NVIDIA Corporation)

[Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys --

(nvrd32)
DRV - [2007/03/15 09:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation)

[Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys --

(NVENETFD)
DRV - [2007/02/25 12:10:48 | 000,005,376 | ---- | M] (Gteko Ltd.) [Kernel |

Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System |

Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System |

System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System |

System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/05 16:51:38 | 000,017,448 | ---- | M] (GARMIN Corp.) [Kernel |

On_Demand | Stopped] -- C:\Windows\System32\drivers\grmn1200.sys -- (grmn1200)
DRV - [2007/01/05 16:51:36 | 000,023,208 | ---- | M] (GARMIN Corp.) [Kernel |

On_Demand | Stopped] -- C:\Windows\System32\drivers\grmn0200.sys -- (grmn0200)

grmn0200.Sys Garmin USB DCP driver (install)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation)

[Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys --

(ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel |

Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel |

Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel |

Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.)

[Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys --

(uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation)

[Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys --

(iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel |

Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology,

Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys

-- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies

Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32

\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation)

[Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys --

(ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology,

Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys

-- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel |

Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation)

[Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys --

(nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel

| Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex

GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys

-- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated

Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32

\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)

[Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys --

(nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel |

Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel |

Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel |

Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated

Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32

\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company)

[Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys --

(HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel |

Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology

Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32

\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology

Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32

\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel |

Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel |

Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel |

Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel |

Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation)

[Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys --

(Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel |

Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation)

[Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys --

(megasas)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.)

[Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys --

(Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.)

[Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys --

(BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries,

Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32

\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries,

Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32

\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.)

[Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys --

(BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.)

[Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys --

(BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative

Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32

\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.)

[Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys --

(R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation)

[Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys --

(e1express) Intel®
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation)

[Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys --

(E1G60) Intel®
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System |

Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System |

Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System |

Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System |

Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System |

Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System |

Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System |

Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System |

Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/19 17:29:32 | 000,019,008 | ---- | M] (Primax Electronics Ltd.)

[Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxusblf.sys --

(pmxusblf)
DRV - [2006/10/19 17:27:56 | 000,023,232 | ---- | M] (Primax Electronics Ltd.)

[Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxmouse.sys --

(pmxmouse)
DRV - [2006/10/18 14:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.)

[Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys --

(HSF_DPV)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.)

[Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys --

(HSXHWBS2)
DRV - [2006/10/18 14:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.)

[Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys --

(winachsf)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel |

On_Demand | Running] -- C:\Program

Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.)

[Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys --

(XAudio)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel

| Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2001/07/11 07:38:18 | 000,037,685 | ---- | M] (SanDisk Corporation)

[Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SDSTOR2K.SYS --

(SDSTOR2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.google.com/ig/dell?hl=en&cl...amp;ibd=6070706


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:

"ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:

"ProxyEnable" = 0



IE - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000

\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

http://rhodeisland.cox.net/cci/home
IE - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000

\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\..\URLSearchHook:

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program

Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000

\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" =

0
IE - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000

\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride"

= *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-

E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/01 08:51:26 |

000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) -

C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -

C:\Program Files\Microsoft\Search Enhancement Pack\Search

Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program

Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-

CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572

\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -

c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-

DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft

Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A

-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee,

Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-

8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft

Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\..\Toolbar\WebBrowser:

(&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program

Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\..\Toolbar\WebBrowser:

(&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program

Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support

Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support

Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common

Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech

WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe

(McAfee, Inc.)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics

Ltd.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common

Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows

Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32

\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32

\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000..\Run: [DellSupport]

C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000..\Run:

[DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe

(SupportSoft, Inc.)
O4 - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000..\Run: [gStart]

C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program

Files\ERUNT\AUTOBACK.EXE ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft

Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-

8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program

Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}

http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java

Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java

Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java

Plug-in 1.6.0_21)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} -

c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} -

c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -

C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe

(Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\inspiron_DT_1152x864_03.jpg
O24 - Desktop BackupWallPaper:

C:\Windows\Web\Wallpaper\inspiron_DT_1152x864_03.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -

C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========



[2010/10/03 09:28:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/03 09:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/02 21:12:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/02 21:04:27 | 000,791,393 | ---- | C] (Lars Hederer

) -- C:\Users\Bill\Desktop\erunt-setup.exe
[2010/10/02 21:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/02 21:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common

Files\Java
[2010/10/02 20:59:43 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) --

C:\Windows\System32\deployJava1.dll
[2010/10/02 20:59:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) --

C:\Windows\System32\javaws.exe
[2010/10/02 20:59:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) --

C:\Windows\System32\javaw.exe
[2010/10/02 20:59:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) --

C:\Windows\System32\java.exe
[2010/10/02 20:38:17 | 016,062,240 | ---- | C] (Sun Microsystems, Inc.) --

C:\Users\Bill\Desktop\jre-6u21-windows-i586.exe
[2010/10/02 17:10:43 | 000,000,000 | ---D | C] -- C:\Windows\Malwarebytes'

Anti-Malware
[2010/10/02 17:05:51 | 006,153,352 | ---- | C] (Malwarebytes Corporation

) -- C:\Users\Bill\Desktop\mbam-setup.exe
[2010/10/02 13:21:10 | 000,575,488 | ---- | C] (OldTimer Tools) --

C:\Users\Bill\Desktop\OTL.exe
[2010/10/01 16:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/09/29 16:36:04 | 000,002,048 | ---- | C] (Microsoft Corporation) --

C:\Windows\System32\tzres.dll
[2010/09/28 10:03:11 | 000,000,000 | ---D | C] -- C:\Users\Bill\Desktop\gmer
[2010/09/27 21:20:22 | 000,000,000 | ---D | C] --

C:\Users\Bill\AppData\Local\Safe mirror
[2010/09/27 21:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian

Backup 10
[2010/09/27 21:15:03 | 015,492,608 | ---- | C] (Luis Cobian, CobianSoft) --

C:\Users\Bill\cbSetup.exe
[2010/09/15 09:27:30 | 000,317,952 | ---- | C] (Microsoft Corporation) --

C:\Windows\System32\MP4SDECD.DLL
[2010/09/07 20:20:17 | 000,000,000 | ---D | C] --

C:\Users\Bill\Documents\Turbo Lister Backup

========== Files - Modified Within 30 Days ==========

[2010/10/03 10:01:51 | 004,194,304 | -HS- | M] () -- C:\Users\Bill\ntuser.dat
[2010/10/03 09:59:08 | 000,000,420 | -H-- | M] () --

C:\Windows\tasks\User_Feed_Synchronization-{0D096C5A-39AB-4299-93FD-

1ACFCF93934C}.job
[2010/10/03 09:55:55 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google

Software Updater.job
[2010/10/03 09:54:13 | 000,034,805 | ---- | M] () --

C:\ProgramData\nvModes.dat
[2010/10/03 09:54:12 | 000,034,805 | ---- | M] () --

C:\ProgramData\nvModes.001
[2010/10/03 09:54:08 | 000,031,500 | ---- | M] () -- C:\Windows\System32

\Config.MPF
[2010/10/03 09:52:24 | 000,000,882 | ---- | M] () --

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/03 09:52:02 | 000,003,696 | ---- | M] () -- C:\Windows\System32

\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-

601632D005A0
[2010/10/03 09:52:02 | 000,003,696 | ---- | M] () -- C:\Windows\System32

\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-

601632D005A0
[2010/10/03 09:52:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/03 09:51:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/03 09:51:54 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/03 09:50:47 | 000,524,288 | -HS- | M] () -- C:\Users\Bill\NTUSER.DAT

{3a539871-6a70-11db-887c-

d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/10/03 09:50:47 | 000,065,536 | -HS- | M] () -- C:\Users\Bill\NTUSER.DAT

{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/10/03 09:38:00 | 000,000,886 | ---- | M] () --

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/03 09:12:21 | 000,000,915 | ---- | M] () --

C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/03 09:12:01 | 000,000,735 | ---- | M] () --

C:\Users\Bill\Desktop\NTREGOPT.lnk
[2010/10/03 09:12:01 | 000,000,716 | ---- | M] () --

C:\Users\Bill\Desktop\ERUNT.lnk
[2010/10/03 09:06:24 | 004,479,232 | -H-- | M] () --

C:\Users\Bill\AppData\Local\IconCache.db
[2010/10/02 21:04:29 | 000,791,393 | ---- | M] (Lars Hederer

) -- C:\Users\Bill\Desktop\erunt-setup.exe
[2010/10/02 20:58:59 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) --

C:\Windows\System32\javaws.exe
[2010/10/02 20:58:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) --

C:\Windows\System32\javaw.exe
[2010/10/02 20:58:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) --

C:\Windows\System32\java.exe
[2010/10/02 20:58:57 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) --

C:\Windows\System32\deployJava1.dll
[2010/10/02 20:38:26 | 016,062,240 | ---- | M] (Sun Microsystems, Inc.) --

C:\Users\Bill\Desktop\jre-6u21-windows-i586.exe
[2010/10/02 17:10:47 | 000,000,748 | ---- | M] () --

C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/02 17:05:55 | 006,153,352 | ---- | M] (Malwarebytes Corporation

) -- C:\Users\Bill\Desktop\mbam-setup.exe
[2010/10/02 17:01:22 | 000,080,384 | ---- | M] () --

C:\Users\Bill\Desktop\MBRCheck.exe
[2010/10/02 16:55:16 | 000,133,632 | ---- | M] () --

C:\Users\Bill\Desktop\RKUnhookerLE.EXE
[2010/10/02 16:00:32 | 282,368,244 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/02 13:21:23 | 000,575,488 | ---- | M] (OldTimer Tools) --

C:\Users\Bill\Desktop\OTL.exe
[2010/10/02 11:12:11 | 000,000,321 | ---- | M] () --

C:\Users\Bill\Desktop\RAVE.lnk
[2010/10/01 17:00:39 | 000,703,754 | ---- | M] () -- C:\Windows\System32

\PerfStringBackup.INI
[2010/10/01 17:00:39 | 000,603,730 | ---- | M] () -- C:\Windows\System32

\perfh009.dat
[2010/10/01 17:00:39 | 000,105,032 | ---- | M] () -- C:\Windows\System32

\perfc009.dat
[2010/09/28 12:46:33 | 000,011,530 | ---- | M] () --

C:\Users\Bill\Desktop\ark.zip
[2010/09/28 11:12:16 | 000,002,536 | ---- | M] () --

C:\Users\Bill\Desktop\Attach.zip
[2010/09/28 09:59:03 | 000,284,915 | ---- | M] () --

C:\Users\Bill\Desktop\gmer.zip
[2010/09/28 09:50:42 | 000,525,824 | ---- | M] () --

C:\Users\Bill\Desktop\dds.scr
[2010/09/28 09:43:08 | 000,000,000 | ---- | M] () --

C:\Users\Bill\defogger_reenable
[2010/09/27 23:36:34 | 000,050,477 | ---- | M] () --

C:\Users\Bill\Desktop\Defogger.exe
[2010/09/27 21:15:04 | 015,492,608 | ---- | M] (Luis Cobian, CobianSoft) --

C:\Users\Bill\cbSetup.exe
[2010/09/27 17:47:24 | 000,002,075 | ---- | M] () --

C:\Users\Public\Desktop\Google Earth.lnk
[2010/09/27 17:41:55 | 000,001,973 | ---- | M] () --

C:\Users\Public\Desktop\Google Chrome.lnk
[2010/09/09 15:26:26 | 000,011,264 | ---- | M] () --

C:\Users\Bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/04 20:50:05 | 000,000,945 | ---- | M] () -- C:\Users\Bill\Application

Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer

Browser.lnk

========== Files Created - No Company Name ==========

[2010/10/03 09:12:21 | 000,000,915 | ---- | C] () --

C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/03 09:12:01 | 000,000,735 | ---- | C] () --

C:\Users\Bill\Desktop\NTREGOPT.lnk
[2010/10/03 09:12:01 | 000,000,716 | ---- | C] () --

C:\Users\Bill\Desktop\ERUNT.lnk
[2010/10/02 17:01:15 | 000,080,384 | ---- | C] () --

C:\Users\Bill\Desktop\MBRCheck.exe
[2010/10/02 16:55:04 | 000,133,632 | ---- | C] () --

C:\Users\Bill\Desktop\RKUnhookerLE.EXE
[2010/10/02 16:46:18 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/02 15:43:32 | 000,293,376 | ---- | C] () --

C:\Users\Bill\Desktop\gmer.exe
[2010/10/02 11:12:11 | 000,000,321 | ---- | C] () --

C:\Users\Bill\Desktop\RAVE.lnk
[2010/09/28 12:46:33 | 000,011,530 | ---- | C] () --

C:\Users\Bill\Desktop\ark.zip
[2010/09/28 11:12:16 | 000,002,536 | ---- | C] () --

C:\Users\Bill\Desktop\Attach.zip
[2010/09/28 09:59:00 | 000,284,915 | ---- | C] () --

C:\Users\Bill\Desktop\gmer.zip
[2010/09/28 09:50:35 | 000,525,824 | ---- | C] () --

C:\Users\Bill\Desktop\dds.scr
[2010/09/28 09:43:08 | 000,000,000 | ---- | C] () --

C:\Users\Bill\defogger_reenable
[2010/09/27 23:36:34 | 000,050,477 | ---- | C] () --

C:\Users\Bill\Desktop\Defogger.exe
[2010/09/27 21:12:58 | 000,000,072 | ---- | C] () --

C:\Users\Bill\bleepingids.txt
[2010/09/27 17:47:24 | 000,002,075 | ---- | C] () --

C:\Users\Public\Desktop\Google Earth.lnk
[2010/07/16 19:32:10 | 000,034,805 | ---- | C] () --

C:\ProgramData\nvModes.001
[2010/07/16 19:32:09 | 000,034,805 | ---- | C] () --

C:\ProgramData\nvModes.dat
[2010/02/26 21:58:06 | 000,011,264 | ---- | C] () --

C:\Users\Bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/15 10:06:07 | 000,002,204 | ---- | C] () -- C:\Windows\System32

\drivers\UNINST2K.SYS
[2010/01/15 10:06:07 | 000,001,214 | ---- | C] () -- C:\Windows\Sdcache.ini
[2010/01/15 10:05:47 | 000,002,679 | ---- | C] () -- C:\Windows\System32

\SDUSBPDR.INI
[2009/11/02 10:17:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32

\EhStorAuthn.dll
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32

\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32

\drivers\iKeyLFT2.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32

\OGACheckControl.dll
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32

\lvcoinst.ini
[2008/05/22 19:23:43 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/10/08 13:59:08 | 000,000,000 | ---- | C] () --

C:\Users\Bill\AppData\Roaming\wklnhst.dat
[2007/10/08 11:54:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/08 11:02:25 | 000,056,056 | ---- | C] () -- C:\Windows\System32

\DLAAPI_W.DLL
[2007/10/07 20:14:30 | 000,006,290 | ---- | C] () --

C:\ProgramData\hpzinstall.log
[2007/08/06 19:22:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32

\px.ini
[2007/07/24 10:09:04 | 000,000,228 | ---- | C] () -- C:\Windows\wininit.ini
[2007/07/05 17:55:36 | 000,131,062 | ---- | C] () -- C:\Windows\System32

\DellPM.ini
[2007/03/19 05:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32

\namResES.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32

\namResIT.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32

\namResFR.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32

\namResENG.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32

\namResDE.dll
[2007/03/19 05:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32

\namResPTB.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32

\namResZHC.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32

\namResKO.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32

\namResJA.dll
[2007/03/19 05:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32

\nam_page.dll
[2007/03/19 05:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32

\namResZHT.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32

\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32

\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32

\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32

\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32

\CddbFileTaggerRoxio.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32

\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\Windows\System32

\REGOBJ.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes ->

C:\Users\Bill\Documents\MVI_0336.avi:Roxio EMC Stream
< End of report >





4) Now Kaspersky;

Shut down McAfee, then got going, I received a message that java

had shut down and this application needed it or something.... barged on

ahead...received a message about Kaspersky had to be run in Vista as

Administrator... clicked OK and it started running anyway (downloading

updates) I asssume it set administrator automatically? (I had right clicked

all over the place and never got the "run as administrator" option...so I just

clicked on 'My Computer' - It's running.) Looks like it'll be a few

hours...lunchtime! Did I say 3? looking more like 5... Then again 41% at 3:45 hrs that makes it 8 - 9 hours?!

Apparently so, (7 hours 17 minutes).


I had to delete the actual file names before I posted, they are all copies of the same file/program I have in different places. I have had it for a few years and am fairly confident it's not causing any problems.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, October 3, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, October 03, 2010 10:12:14
Records in database: 4283458
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 200503
Threats found: 1
Infected objects found: 7
Suspicious objects found: 0
Scan duration: 07:17:50


File name / Threat / Threats count
C:\Users\Bill\Documents\ Backdoor.Win32.Poison.bqja 1
C:\Users\Bill\Documents\ Infected: Backdoor.Win32.Poison.bqja 1
C:\Users\Bill\Documents\ Infected: Backdoor.Win32.Poison.bqja 1
C:\Users\Bill\Documents\ Infected: Backdoor.Win32.Poison.bqja 1
C:\Users\Bill\Documents\ Infected: Backdoor.Win32.Poison.bqja 1
C:\Users\Bill\Downloads\ Infected: Backdoor.Win32.Poison.bqja 2

Selected area has been scanned.







You had asked me yesterday how my computer was running and I don't think I

answered. It seems OK except that it takes a lot longer to boot than before.

When we are done, would you please advise me what I should keep of the thirty-something new things on my desktop (programs, reports and logs). I have turned on McAfee again. I won't do any thing else for now.

Thank you -yet again, rhdybll


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 AM

Posted 04 October 2010 - 05:57 PM

Hello, rhdybll.

It wasn't disjointed, don't worry. HOwever, if you are using notepad, please turn word wrap off (Edit --> Word Wrap). It makes it hard to read as it adds line breaks in odd places when copying and pasting into a forum. Actually, it's making it pretty impossible. Can you please run another OTL quick scan, turn off word wrap and post here?

As for the Kapersky log, if you trust it we'll go with that, but that's always a risk and a backdoor is a serious issue. False detections are common, but you may want to scan with another a/v to be sure. I can suggest some sites.

Once you post the OTL log, I can go through it. I think we're ready to clean up. After reviewing the log, I'll provide cleanup instructions.

As for longer to boot up, nothing we have done should have impacted boot time. We can run StartupLite in a the next post as well, that will help minimize the applications loading at boot you don't need (you have full control).

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 rhdybll

rhdybll
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:RI
  • Local time:07:40 AM

Posted 04 October 2010 - 07:56 PM

Hello, etavares.

Sorry about the wordwrap, I enabled it because I was working on smaller side by
side screens and it saved me having to scroll left and right. I didn't run a quick
scan before but had selected 'all user' and 'run scan'. Is there a difference?
Here is another anyway;


OTL logfile created on: 10/4/2010 7:56:26 PM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Bill\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 117.74 Gb Free Space | 52.85% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.34 Gb Free Space | 63.45% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BILL2-PC
Current User Name: Bill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/02 13:21:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
PRC - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2010/08/11 12:53:13 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/03/08 10:25:35 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/01/14 12:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/23 16:13:38 | 000,126,976 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\pmxmiced.exe
PRC - [2006/11/08 15:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/07/25 09:05:44 | 001,896,448 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe


========== Modules (SafeList) ==========

MOD - [2010/10/02 13:21:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
MOD - [2009/12/08 14:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/07/15 15:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/03/24 05:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/05/01 00:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/30 23:55:34 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/12/17 02:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/01/24 11:06:40 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/07/06 01:35:38 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/07/06 01:35:38 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/07/06 01:35:38 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/03/23 07:09:16 | 000,129,832 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/03/15 09:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/25 12:10:48 | 000,005,376 | ---- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/05 16:51:38 | 000,017,448 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\grmn1200.sys -- (grmn1200)
DRV - [2007/01/05 16:51:36 | 000,023,208 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\grmn0200.sys -- (grmn0200) grmn0200.Sys Garmin USB DCP driver (install)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/19 17:29:32 | 000,019,008 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2006/10/19 17:27:56 | 000,023,232 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2006/10/18 14:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 14:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2001/07/11 07:38:18 | 000,037,685 | ---- | M] (SanDisk Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SDSTOR2K.SYS -- (SDSTOR2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=6070706


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rhodeisland.cox.net/cci/home
IE - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/01 08:51:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-1591187901-1670543583-3842953487-1000..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\inspiron_DT_1152x864_03.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\inspiron_DT_1152x864_03.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/03 09:28:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/03 09:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/02 21:12:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/02 21:04:27 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Bill\Desktop\erunt-setup.exe
[2010/10/02 21:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/02 21:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/02 20:59:43 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/10/02 20:59:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/02 20:59:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/02 20:59:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/02 20:38:17 | 016,062,240 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Bill\Desktop\jre-6u21-windows-i586.exe
[2010/10/02 17:10:43 | 000,000,000 | ---D | C] -- C:\Windows\Malwarebytes' Anti-Malware
[2010/10/02 17:05:51 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bill\Desktop\mbam-setup.exe
[2010/10/02 13:21:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
[2010/10/01 16:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/09/29 16:36:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/28 10:03:11 | 000,000,000 | ---D | C] -- C:\Users\Bill\Desktop\gmer
[2010/09/27 21:20:22 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Local\Safe mirror
[2010/09/27 21:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/09/27 21:15:03 | 015,492,608 | ---- | C] (Luis Cobian, CobianSoft) -- C:\Users\Bill\cbSetup.exe
[2010/09/15 09:27:30 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/09/07 20:20:17 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\Turbo Lister Backup

========== Files - Modified Within 30 Days ==========

[2010/10/04 19:56:42 | 004,194,304 | -HS- | M] () -- C:\Users\Bill\ntuser.dat
[2010/10/04 19:54:09 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0D096C5A-39AB-4299-93FD-1ACFCF93934C}.job
[2010/10/04 19:41:24 | 000,031,840 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/10/04 19:38:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/04 19:36:28 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/04 19:35:17 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/04 19:35:16 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/04 19:32:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/04 19:32:35 | 000,524,288 | -HS- | M] () -- C:\Users\Bill\ntuser.dat{b685b4cb-d00d-11df-bb15-001aa0498d4e}.TMContainer00000000000000000002.regtrans-ms
[2010/10/04 19:32:35 | 000,524,288 | -HS- | M] () -- C:\Users\Bill\ntuser.dat{b685b4cb-d00d-11df-bb15-001aa0498d4e}.TMContainer00000000000000000001.regtrans-ms
[2010/10/04 19:32:34 | 000,065,536 | -HS- | M] () -- C:\Users\Bill\ntuser.dat{b685b4cb-d00d-11df-bb15-001aa0498d4e}.TM.blf
[2010/10/04 19:32:25 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/04 19:32:25 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/04 19:32:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/04 19:32:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/04 19:31:55 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/04 19:29:02 | 000,524,288 | -HS- | M] () -- C:\Users\Bill\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/10/04 19:29:02 | 000,065,536 | -HS- | M] () -- C:\Users\Bill\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/10/04 19:29:00 | 004,149,659 | -H-- | M] () -- C:\Users\Bill\AppData\Local\IconCache.db
[2010/10/03 09:12:21 | 000,000,915 | ---- | M] () -- C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/03 09:12:01 | 000,000,735 | ---- | M] () -- C:\Users\Bill\Desktop\NTREGOPT.lnk
[2010/10/03 09:12:01 | 000,000,716 | ---- | M] () -- C:\Users\Bill\Desktop\ERUNT.lnk
[2010/10/02 21:04:29 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Bill\Desktop\erunt-setup.exe
[2010/10/02 20:58:59 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/02 20:58:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/02 20:58:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/02 20:58:57 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/10/02 20:38:26 | 016,062,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Bill\Desktop\jre-6u21-windows-i586.exe
[2010/10/02 17:10:47 | 000,000,748 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/02 17:05:55 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bill\Desktop\mbam-setup.exe
[2010/10/02 17:01:22 | 000,080,384 | ---- | M] () -- C:\Users\Bill\Desktop\MBRCheck.exe
[2010/10/02 16:55:16 | 000,133,632 | ---- | M] () -- C:\Users\Bill\Desktop\RKUnhookerLE.EXE
[2010/10/02 16:00:32 | 282,368,244 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/02 13:21:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
[2010/10/02 11:12:11 | 000,000,321 | ---- | M] () -- C:\Users\Bill\Desktop\RAVE.lnk
[2010/10/01 17:00:39 | 000,703,754 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/10/01 17:00:39 | 000,603,730 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/01 17:00:39 | 000,105,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/28 12:46:33 | 000,011,530 | ---- | M] () -- C:\Users\Bill\Desktop\ark.zip
[2010/09/28 11:12:16 | 000,002,536 | ---- | M] () -- C:\Users\Bill\Desktop\Attach.zip
[2010/09/28 09:59:03 | 000,284,915 | ---- | M] () -- C:\Users\Bill\Desktop\gmer.zip
[2010/09/28 09:50:42 | 000,525,824 | ---- | M] () -- C:\Users\Bill\Desktop\dds.scr
[2010/09/28 09:43:08 | 000,000,000 | ---- | M] () -- C:\Users\Bill\defogger_reenable
[2010/09/27 23:36:34 | 000,050,477 | ---- | M] () -- C:\Users\Bill\Desktop\Defogger.exe
[2010/09/27 21:15:04 | 015,492,608 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Users\Bill\cbSetup.exe
[2010/09/27 17:47:24 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/09/27 17:41:55 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/09/09 15:26:26 | 000,011,264 | ---- | M] () -- C:\Users\Bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/04 20:50:05 | 000,000,945 | ---- | M] () -- C:\Users\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2010/10/04 19:32:35 | 000,524,288 | -HS- | C] () -- C:\Users\Bill\ntuser.dat{b685b4cb-d00d-11df-bb15-001aa0498d4e}.TMContainer00000000000000000002.regtrans-ms
[2010/10/04 19:32:35 | 000,524,288 | -HS- | C] () -- C:\Users\Bill\ntuser.dat{b685b4cb-d00d-11df-bb15-001aa0498d4e}.TMContainer00000000000000000001.regtrans-ms
[2010/10/04 19:32:34 | 000,065,536 | -HS- | C] () -- C:\Users\Bill\ntuser.dat{b685b4cb-d00d-11df-bb15-001aa0498d4e}.TM.blf
[2010/10/03 09:12:21 | 000,000,915 | ---- | C] () -- C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/03 09:12:01 | 000,000,735 | ---- | C] () -- C:\Users\Bill\Desktop\NTREGOPT.lnk
[2010/10/03 09:12:01 | 000,000,716 | ---- | C] () -- C:\Users\Bill\Desktop\ERUNT.lnk
[2010/10/02 17:01:15 | 000,080,384 | ---- | C] () -- C:\Users\Bill\Desktop\MBRCheck.exe
[2010/10/02 16:55:04 | 000,133,632 | ---- | C] () -- C:\Users\Bill\Desktop\RKUnhookerLE.EXE
[2010/10/02 16:46:18 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/02 15:43:32 | 000,293,376 | ---- | C] () -- C:\Users\Bill\Desktop\gmer.exe
[2010/10/02 11:12:11 | 000,000,321 | ---- | C] () -- C:\Users\Bill\Desktop\RAVE.lnk
[2010/09/28 12:46:33 | 000,011,530 | ---- | C] () -- C:\Users\Bill\Desktop\ark.zip
[2010/09/28 11:12:16 | 000,002,536 | ---- | C] () -- C:\Users\Bill\Desktop\Attach.zip
[2010/09/28 09:59:00 | 000,284,915 | ---- | C] () -- C:\Users\Bill\Desktop\gmer.zip
[2010/09/28 09:50:35 | 000,525,824 | ---- | C] () -- C:\Users\Bill\Desktop\dds.scr
[2010/09/28 09:43:08 | 000,000,000 | ---- | C] () -- C:\Users\Bill\defogger_reenable
[2010/09/27 23:36:34 | 000,050,477 | ---- | C] () -- C:\Users\Bill\Desktop\Defogger.exe
[2010/09/27 21:12:58 | 000,000,072 | ---- | C] () -- C:\Users\Bill\bleepingids.txt
[2010/09/27 17:47:24 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/07/16 19:32:10 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/07/16 19:32:09 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/02/26 21:58:06 | 000,011,264 | ---- | C] () -- C:\Users\Bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/15 10:06:07 | 000,002,204 | ---- | C] () -- C:\Windows\System32\drivers\UNINST2K.SYS
[2010/01/15 10:06:07 | 000,001,214 | ---- | C] () -- C:\Windows\Sdcache.ini
[2010/01/15 10:05:47 | 000,002,679 | ---- | C] () -- C:\Windows\System32\SDUSBPDR.INI
[2009/11/02 10:17:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/05/22 19:23:43 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/10/08 13:59:08 | 000,000,000 | ---- | C] () -- C:\Users\Bill\AppData\Roaming\wklnhst.dat
[2007/10/08 11:54:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/08 11:02:25 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/10/07 20:14:30 | 000,006,290 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/08/06 19:22:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/07/24 10:09:04 | 000,000,228 | ---- | C] () -- C:\Windows\wininit.ini
[2007/07/05 17:55:36 | 000,131,062 | ---- | C] () -- C:\Windows\System32\DellPM.ini
[2007/03/19 05:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 05:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 05:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 05:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 05:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 05:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\Windows\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/07/06 23:37:24 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\BitTorrent
[2010/01/20 20:26:49 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/20 10:32:13 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\GARMIN
[2010/07/11 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Image Zone Express
[2010/05/18 12:08:01 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\ImgBurn
[2008/10/27 09:18:12 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Leadertech
[2007/10/07 21:52:38 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Printer Info Cache
[2008/11/04 10:49:40 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Template
[2010/04/15 01:01:00 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/04/01 01:03:10 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/10/04 15:23:51 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/04 19:54:09 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0D096C5A-39AB-4299-93FD-1ACFCF93934C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Bill\Documents\MVI_0336.avi:Roxio EMC Stream
< End of report >


Just to add to the confusion, without thinking, I let windows update this afternoon,
after which I could not get online...I had to restore to before the update and then
let windows re-establish the LAN settings for me. Just in case it affects anything we're
doing, I thought I had better include that.
I have received a few ERUNT error messages on booting, but not every time.
I have been been trying to follow along as to what is happening with all these scans
etc. but I'm pretty clueless... Like a monkey trying to read a newspaper...
The last time I had to read all these lines looking for problems I was in college, learning
FORTRAN and running programs on punch cards... But I digress,

Thanks again for your time and knowledge, rhdybll

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 AM

Posted 05 October 2010 - 11:18 AM

Hello, rhdybll.

Don't worry about the word wrap. You can enable it while you work and disable before board posting. No worries. Thanks for reposting. The OTL scan is exactly what I needed.

The ERUNT can be uninstalled for now...it was a safety net for the OTL fix. Make sure to reboot to check if you haven't since the fix just to ensure you can boot up OK. Then you can remove the safety net. Just go to add/remove programs and uninstall ERUNT from there. Those errors happen with Vista/7 as ERUNT tries to automatically backup on a reboot.

I never used punch cards, but when I started comp sci classes in high school, I learned pascal on an apple IIe with no hard drive. by the time I graduated high school we had a networked Pentium lab. Talk about change!

We're pretty much ready to wrap up, but the Windows Update is interesting. Do you know which update it was that had an issue?


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users