PDA

View Full Version : PC Shield Virus



Steveo4571
2010-09-01, 20:34
My computer has contracted the pc shield virus. I currently can't use the internet as it won't allow me to bring up the spybot web site. It does automatically bring up the www.viagra.com site :devil: Anyway, I can't download the ERUNT program to back up the registry. I also can't download the DDS. I've unsure what to do so I'm asking for help. Not sure what the next move is.

Need Help!!

oldman960
2010-09-04, 06:30
Hi Steveo4571, welcome to the forum.

To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.


Since you are able to post, I'm guessing you have access to another computer.

Do you have a usb storage device such as a flashdrive we can use to transfer some tools to the infected computer?

A blank CD will also work.

If using a USB device please follow these instructions to protect it from infection. No need to do this if you are using a CD.

On the Clean computer

Download Flash_Disinfector.exe (http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe) by sUBs and save it to your desktop. attach the USB storage device to the computer.
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


Now for the tools.

Go HERE (http://www.gmer.net/) to get a randomly named copy of GMER. Scroll down to the Download section and click Download EXE. Save it to your desktop.

Next

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.

Next

Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.

Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE





netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "custom.txt"
Click save


Transfer the 3 files to the USB storage device or CD.


On the infected computer

Attach the USB storage device or insert the CD.
Tranfer the files you saved directly to the infected computer's Desktop



Running GMER

Before scanning with GMER, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Double click on the file you downloaded. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

http://i582.photobucket.com/albums/ss269/Cat_Byte/GMER/gmer_th.gif (http://i582.photobucket.com/albums/ss269/Cat_Byte/GMER/gmer_screen2-1.gif)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If GMER will not run in normal windows, please run it in Saffe Mode


Next, running OTL

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the text from the custom.txt you saved earlier.

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Transfer the GMER.txt, OTL,txt and Extra.txt to the usb device or CD. Please post them in your next reply .

Thanks

oldman960
2010-09-06, 21:55
Hi,

Do you still need help with this?

Thanks

Steveo4571
2010-09-07, 17:09
I was out of town for three days and just saw your post. Sorry for the delay but I should be able to follow the instructions from your initial thread today. Thanks for getting back to me.

oldman960
2010-09-07, 17:40
Hi,

:bigthumb:

Steveo4571
2010-09-08, 03:01
OK, I copied the files from the earlier post to a CD and put them on the desktop of the infected computer. When I clicked on GMER the options on the right hand side of the page were gray'ed out and not selected? I tried it in both regular mode and safe mode with no luck.

oldman960
2010-09-08, 04:52
Hi Steveo4571,

You may have gotten a corrupt download. Did you antivirus progam give a warning when you downloaded GMER? It may also been corrupted when you transfered it to the CD.

If you still have GMER on the clean computer you downloaded it to, you may want to try running it on that computer. Don't do the scan just open the program and see if it will do the first brief little scan or if the boxes are grayed out. If they are you will need to get a new copy.

While you are trying that please run the OTL scan. We may be able to see enough to get the infected computer back online. It's much easier to deal directly with the infected computer.

Thanks

Steveo4571
2010-09-09, 02:40
I checked the GMER on the disk and the computer I downloaded it to and it looked fine. When I tried it again on my infected machine it still grayed out the options at the right hand side of the page. Bummer.

I was able to run the OTL program and here is the output from the scans.

OTL
OTL logfile created on: 9/8/2010 3:50:40 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Steve\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.71 Gb Total Space | 258.08 Gb Free Space | 57.26% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.60 Gb Free Space | 30.64% Space Free | Partition Type: NTFS
Drive E: | 0.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MELDRUM-STUDIO
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\SOS\SOSNF\sosnflsv.exe (Solid Oak Software)
PRC - C:\Program Files (x86)\SOS\SOSNF\sosnfusv.exe (Solid Oak Software)
PRC - C:\Program Files (x86)\SOS\SOSNF\sosnffsv.exe (Solid Oak Software)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
PRC - c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - c:\Program Files (x86)\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - c:\Program Files (x86)\McAfee\MSC\mcupdui.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe (Dell Inc.)
PRC - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)


========== Modules (SafeList) ==========

MOD - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\msi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\sfc_os.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\sfc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\msiltcfg.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (lxea_device) -- C:\Windows\SysNative\lxeacoms.exe ( )
SRV:64bit: - (lxeaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SOSNFLSV) -- C:\Program Files (x86)\SOS\SOSNF\sosnflsv.exe (Solid Oak Software)
SRV - (sosnfusv) -- C:\Program Files (x86)\SOS\SOSNF\sosnfusv.exe (Solid Oak Software)
SRV - (SOSNFFSV) -- C:\Program Files (x86)\SOS\SOSNF\sosnffsv.exe (Solid Oak Software)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (mcmscsvc) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (lxea_device) -- C:\Windows\SysWow64\lxeacoms.exe ( )
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (sosnf64) -- C:\Windows\SysNative\drivers\sosnf64.sys (NetFilterSDK.com)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys (McAfee, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (Packet) -- C:\WINDOWS\SysWOW64\drivers\packet.sys (SingleClick Systems)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ww2.cox.com/myconnection/arizona/home.cox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 14:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{1a83b1fd-98ce-11de-a9b2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1a83b1fd-98ce-11de-a9b2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo - vfwwdm32.dll (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/09/07 16:42:03 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/09/01 10:13:24 | 000,242,176 | ---- | C] (Security Suites Corporation) -- C:\Users\Steve\AppData\Local\syssvc.exe
[2010/08/29 08:09:03 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\sryipycgi
[2010/08/13 04:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/13 04:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/12 13:27:05 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/12 13:27:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/12 13:26:40 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/12 13:26:37 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/12 13:26:24 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/12 13:26:22 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/12 13:26:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/12 13:26:22 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/12 13:26:21 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/12 13:26:21 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/12 13:26:21 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/12 13:26:21 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/12 13:26:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/12 13:26:21 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/12 13:26:21 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/12 13:26:21 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/12 13:26:20 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/12 13:26:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/12 13:26:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/12 13:26:20 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/12 13:26:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/12 13:26:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/12 13:26:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/12 13:26:20 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/12 13:26:20 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/12 13:26:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/12 13:26:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/01/19 18:26:58 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Steve\AppData\Roaming\DataSafeDotNet.exe
[2009/12/06 16:04:11 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2009/12/06 16:04:11 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2009/12/06 16:04:11 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2009/12/06 16:04:10 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2009/12/06 16:04:10 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2009/12/06 16:04:10 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2009/12/06 16:04:10 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2009/12/06 16:04:10 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2009/12/06 16:04:10 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/08 15:53:00 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2E5CE89E-2BF1-40A8-926B-4F496328B539}.job
[2010/09/08 15:53:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0B32DC5F-32A3-40BC-B76A-3728F5A1E558}.job
[2010/09/08 15:50:18 | 002,097,152 | -HS- | M] () -- C:\Users\Steve\ntuser.dat
[2010/09/08 15:48:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 15:48:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 15:48:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/08 15:36:59 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/08 15:36:37 | 000,018,179 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/09/08 15:36:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/07 16:47:10 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2010/09/07 16:46:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/07 16:46:35 | 2110,971,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/07 16:45:10 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000002.regtrans-ms
[2010/09/07 16:45:10 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000001.regtrans-ms
[2010/09/07 16:45:10 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TM.blf
[2010/09/07 07:12:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/09/07 07:11:28 | 000,293,376 | ---- | M] () -- C:\Users\Steve\Desktop\3uo48hx0.exe
[2010/09/01 10:13:26 | 000,242,176 | ---- | M] (Security Suites Corporation) -- C:\Users\Steve\AppData\Local\syssvc.exe
[2010/08/29 20:50:25 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{078f975f-a676-11de-8dcf-0021705e1149}.TMContainer00000000000000000001.regtrans-ms
[2010/08/29 20:50:25 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{078f975f-a676-11de-8dcf-0021705e1149}.TM.blf
[2010/08/29 15:09:55 | 000,023,552 | ---- | M] () -- C:\Users\Steve\Desktop\U-14 Girls Fall 2010.xls
[2010/08/29 08:08:41 | 000,096,256 | ---- | M] () -- C:\Users\Steve\Desktop\0.005620001379621042.exe
[2010/08/25 16:12:33 | 000,024,064 | ---- | M] () -- C:\Users\Steve\Desktop\U-14 Boys Fall 2010.xls
[2010/08/23 07:30:11 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/23 07:30:11 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/23 07:30:11 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/21 15:58:02 | 000,192,000 | ---- | M] () -- C:\Users\Steve\Desktop\fall league matt.ppt
[2010/08/13 05:04:27 | 000,302,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/13 04:57:16 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/08/13 04:57:16 | 000,001,866 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/13 04:53:25 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/07 16:46:35 | 2110,971,904 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/07 16:41:56 | 000,293,376 | ---- | C] () -- C:\Users\Steve\Desktop\3uo48hx0.exe
[2010/09/07 16:40:47 | 000,524,288 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000002.regtrans-ms
[2010/09/07 16:40:47 | 000,524,288 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000001.regtrans-ms
[2010/09/07 16:40:47 | 000,065,536 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TM.blf
[2010/08/29 08:08:40 | 000,096,256 | ---- | C] () -- C:\Users\Steve\Desktop\0.005620001379621042.exe
[2010/08/23 16:09:30 | 000,024,064 | ---- | C] () -- C:\Users\Steve\Desktop\U-14 Boys Fall 2010.xls
[2010/08/23 16:08:59 | 000,023,552 | ---- | C] () -- C:\Users\Steve\Desktop\U-14 Girls Fall 2010.xls
[2010/08/21 15:58:01 | 000,192,000 | ---- | C] () -- C:\Users\Steve\Desktop\fall league matt.ppt
[2010/08/13 04:53:25 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/20 17:01:41 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/12/11 18:36:59 | 000,000,680 | ---- | C] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
[2009/12/06 17:02:20 | 000,087,148 | ---- | C] () -- C:\ProgramData\lxeaJSW.log
[2009/12/06 17:02:04 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2009/12/06 16:56:50 | 000,173,995 | ---- | C] () -- C:\ProgramData\lxea.log
[2009/12/06 16:09:00 | 000,726,633 | ---- | C] () -- C:\ProgramData\lxeascan.log
[2009/12/06 16:04:12 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2009/12/06 16:04:11 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2009/12/06 16:04:11 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2009/12/06 16:04:11 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2009/12/06 16:04:11 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2009/12/06 16:04:11 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2009/12/06 16:04:10 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2009/12/06 16:04:10 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2009/12/06 16:04:10 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2009/12/06 16:00:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2009/12/06 16:00:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2009/12/06 16:00:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2009/12/06 16:00:35 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2009/12/06 16:00:35 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2009/12/03 07:21:42 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 07:19:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/20 22:39:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/20 18:26:51 | 000,015,360 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010/05/31 08:50:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GARMIN
[2009/09/26 22:58:15 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WildTangent
[2010/09/07 16:47:10 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\RtlNICDiagVistaStart.job
[2010/08/29 20:50:34 | 000,032,580 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010/09/08 15:58:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0B32DC5F-32A3-40BC-B76A-3728F5A1E558}.job
[2010/09/08 15:58:00 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2E5CE89E-2BF1-40A8-926B-4F496328B539}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/09/03 22:06:52 | 000,005,498 | RH-- | M] () -- C:\dell.sdr
[2010/09/07 16:46:35 | 2110,971,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/07 16:46:33 | 2424,713,216 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 08:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/12/11 21:39:25 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/04/10 23:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\WINDOWS\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 19:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\WINDOWS\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 02:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\WINDOWS\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >

Steveo4571
2010-09-09, 02:41
EXTRAS.TXT

OTL Extras logfile created on: 9/8/2010 3:50:40 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Steve\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.71 Gb Total Space | 258.08 Gb Free Space | 57.26% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.60 Gb Free Space | 30.64% Space Free | Partition Type: NTFS
Drive E: | 0.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MELDRUM-STUDIO
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 52 D6 B7 AC 3B 7B CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10E1313C-9A5A-46A2-9C91-2FFD212BB991}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{14BD780B-A6D9-4D4E-AC72-7C6A8782AC83}" = lport=137 | protocol=17 | dir=in | app=system |
"{57BF5756-4470-4EC3-8961-AF3DD3EA11C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5FBF84DF-48B1-45F8-902B-6978E7472476}" = lport=138 | protocol=17 | dir=in | app=system |
"{67541881-6916-4F8D-8772-949B09A08110}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7C2EC6D6-720E-4058-8E3E-0C465FCC8445}" = rport=445 | protocol=6 | dir=out | app=system |
"{8C776FF4-76DE-45A5-AB0A-277780038AD5}" = lport=445 | protocol=6 | dir=in | app=system |
"{95EBA9E1-C47A-4FB4-A607-601069EA02B9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A9CF666F-8CCA-43D4-A7C9-33652F0C5D7C}" = lport=139 | protocol=6 | dir=in | app=system |
"{CD7D16AA-932A-4D57-A7B8-0D39C7E1687B}" = rport=137 | protocol=17 | dir=out | app=system |
"{EA196AB1-51D9-4239-83F5-1D463F12E8E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{FE147F4E-7302-45B7-9C51-BCB6EE7A8540}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E506D7-84B3-4587-94F2-BAEC7B15F4CC}" = protocol=6 | dir=in | app=c:\windows\system32\lxeacoms.exe |
"{1368F49D-ED4A-415E-8610-B9217813C0F4}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1379F1F7-6A18-4BAC-9F28-B9255976CF91}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{1B92086C-DAB4-43A6-8AC2-599A10456D13}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1BAC7A3B-743C-4291-A4F6-F955972F10F7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{1BF76E0C-49C3-4E13-B8C2-AE393A1455E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1CCD0D59-817F-4B0F-AB9A-FC5B4776B906}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{1E139BB6-9026-4A50-9D9A-464094D60316}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1F6C1844-A2A3-4435-A134-B28BDF6EC807}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{1FBEBEB6-5669-4E47-B2A5-5B8E4830202C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{204EC86A-DFB6-4915-8667-94A6DC6B3F4A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{22092DA7-DDA3-4A4D-9113-B9BEC2339321}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{36E3CEB0-A8D6-4D50-B9C2-9C3238B43921}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{456CB9E5-BCF6-4F54-B9FF-66D27B225361}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{478FD92F-CE4A-4249-994C-25D4D450AA37}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4F021DAE-7600-4854-86CD-528D53319C22}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{52008BB4-E1FA-44AF-8C10-697FCF96CFD9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5876CBED-F4E9-4D94-B96E-FE69A27562B9}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{5C5B647F-739E-42E5-80E6-FC51AAE5BA0C}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{770737A9-B921-4FCB-963D-99949BDFCCE8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{7A51CC22-B083-47C3-875C-B472963317C0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{831CA45F-C0E4-4218-974F-E4ACD8D0D21F}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{869AAA88-61BA-4FA6-9DA3-B066C4AC8500}" = protocol=17 | dir=in | app=c:\windows\system32\lxeacoms.exe |
"{9DD6B3BB-311D-4A6B-A25B-A71FD5D1CAEF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A3916B5F-CE25-4BA6-8511-E6FFA14C1316}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A8677778-7117-4CB6-B551-087629EE825E}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{ACF971CE-A95E-456B-8B0E-3DE90DD8D734}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{C0A6EADA-F6F0-4EDF-AED5-8C672955472F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C4F78966-C929-4964-A1ED-C1E8509080C2}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{DC4AA50C-F0FF-4BCE-B421-E04EF5CE2CDC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DEBE69A8-939A-40EF-B2C8-98C4EF8540F0}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{EF287A7C-A5FD-4710-8EC1-D72CE74A10A0}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{FDD6DA5E-F357-4045-9FAA-6E95F0D29DE9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{55E76113-3899-4A63-A308-71A9BD3491EE}" = MobileMe Control Panel
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2D6CC267-A37C-467A-92F0-CD8BAB01D1FE}" = Teacher Content for Learning Essentials
"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4BF1D2E7-F003-4AD9-9820-525126BA9038}" = Gotcha!
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{903A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
"{90530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC2FA8DF-25B8-49AC-AEA7-6F4489CC04F7}" = bodybugg Software
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Aleks 3.11" = Aleks 3.11
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"GameSpy Arcade" = GameSpy Arcade
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{DC2FA8DF-25B8-49AC-AEA7-6F4489CC04F7}" = bodybugg Software
"MSC" = McAfee SecurityCenter
"RealArcade" = RealArcade
"SelectRebatesUninstall" = ShopAtHome SelectRebates
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT081703" = Delicious 2 Deluxe
"WT083294" = Tropical Farm
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
"zumadeluxe" = Zuma Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/25/2010 12:56:35 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3650

Error - 8/25/2010 12:56:36 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/25/2010 12:56:36 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4649

Error - 8/25/2010 12:56:36 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4649

Error - 8/25/2010 12:56:37 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/25/2010 12:56:37 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5647

Error - 8/25/2010 12:56:37 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5647

Error - 8/25/2010 12:56:38 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/25/2010 12:56:38 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6661

Error - 8/25/2010 12:56:38 PM | Computer Name = Meldrum-Studio | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6661

[ Media Center Events ]
Error - 2/10/2010 8:23:03 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/14/2010 8:32:39 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/16/2010 12:46:04 AM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/21/2010 8:43:31 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/26/2010 8:37:12 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/20/2010 11:04:19 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/20/2010 9:34:20 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/17/2010 8:28:42 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/28/2010 3:27:11 PM | Computer Name = Meldrum-Studio | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/7/2010 7:41:04 PM | Computer Name = Meldrum-Studio | Source = DCOM | ID = 10005
Description =

Error - 9/7/2010 7:41:04 PM | Computer Name = Meldrum-Studio | Source = DCOM | ID = 10005
Description =

Error - 9/7/2010 7:41:04 PM | Computer Name = Meldrum-Studio | Source = DCOM | ID = 10005
Description =

Error - 9/7/2010 7:41:04 PM | Computer Name = Meldrum-Studio | Source = Service Control Manager | ID = 7001
Description =

Error - 9/7/2010 7:41:04 PM | Computer Name = Meldrum-Studio | Source = Service Control Manager | ID = 7001
Description =

Error - 9/7/2010 7:41:37 PM | Computer Name = Meldrum-Studio | Source = Service Control Manager | ID = 7001
Description =

Error - 9/7/2010 7:41:38 PM | Computer Name = Meldrum-Studio | Source = DCOM | ID = 10005
Description =

Error - 9/7/2010 7:41:38 PM | Computer Name = Meldrum-Studio | Source = Service Control Manager | ID = 7001
Description =

Error - 9/7/2010 7:43:41 PM | Computer Name = Meldrum-Studio | Source = DCOM | ID = 10005
Description =

Error - 9/7/2010 8:23:21 PM | Computer Name = Meldrum-Studio | Source = Service Control Manager | ID = 7000
Description =


< End of report >

oldman960
2010-09-09, 04:09
Hi Steveo4571,

It's a 64bit system so that would explain the GMER problem.

Next, Right click on OTL.exe and chose Run as Administrator to run it
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :


:Services

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
2010/09/01 10:13:24 | 000,242,176 | ---- | C] (Security Suites Corporation) -- C:\Users\Steve\AppData\Local\syssvc.exe
[2010/08/29 08:09:03 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\sryipycgi

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log in your next reply.


Try to access the internet with the infected machine. If you are able to access the internet please down load these 2 tools and post the logs.

Please download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.

Be sure to disable your security programs
Right click on the file and select "Run as Adminstrator" to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.



Next

Download and save to your desktop Malwarebytes Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Right Click mbam-setup.exe and select "Run as Adminstrator" to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Next


Right click on OTL.exe and select "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
UNCheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt, no Extras.Txtthis time.

Please post back with
OTL fix log
MBRCheck log
MBAM log
new OTL.txt
Are you on line now?

How's the computer?

Thanks

Steveo4571
2010-09-09, 05:31
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}\ not found.
File C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4}\ not found.
File C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.
File C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Folder C:\Users\Steve\AppData\Local\sryipycgi\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Steve\Desktop\cmd.bat deleted successfully.
C:\Users\Steve\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Christine
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Emily
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34012726 bytes
->Java cache emptied: 41110830 bytes
->Flash cache emptied: 28592 bytes

User: Matthew
->Temp folder emptied: 6796758 bytes
->Temporary Internet Files folder emptied: 37925617 bytes
->Java cache emptied: 37563189 bytes
->Flash cache emptied: 2911 bytes

User: Public

User: Steve
->Temp folder emptied: 94567824 bytes
->Temporary Internet Files folder emptied: 70438133 bytes
->Java cache emptied: 53920214 bytes
->Flash cache emptied: 10642 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76255520 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 5167769453 bytes

Total Files Cleaned = 5,360.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09082010_191429

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_soGcPdC92PrPaYt not found!
File\Folder C:\Windows\temp\mcafee_xUhI0Uhgl5OHdJU not found!
File\Folder C:\Windows\temp\mcmsc_Fn0TDNX5ASbDFXQ not found!
File\Folder C:\Windows\temp\mcmsc_I4B2Z5NI4WGJlTA not found!
File\Folder C:\Windows\temp\mcmsc_nXTarTM8lgi8aEI not found!
File\Folder C:\Windows\temp\mcmsc_TrgGFxoXCwu3j5w not found!
File\Folder C:\Windows\temp\sqlite_2LCy1awTtAKeJc6 not found!
File\Folder C:\Windows\temp\sqlite_GdhalunrKqIVnuC not found!
File\Folder C:\Windows\temp\sqlite_PuLWf4NYh8B3Y1H not found!
File\Folder C:\Windows\temp\sqlite_sQPVABCkSOLVimG not found!

Registry entries deleted on Reboot...

Steveo4571
2010-09-09, 05:37
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 540
Logical Drives Mask: 0x00000bfc

Kernel Drivers (total 148):
0x01E1A000 \SystemRoot\system32\ntoskrnl.exe
0x02331000 \SystemRoot\system32\hal.dll
0x00607000 \SystemRoot\system32\kdcom.dll
0x00611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064C000 \SystemRoot\system32\PSHED.dll
0x00660000 \SystemRoot\system32\CLFS.SYS
0x006BD000 \SystemRoot\system32\CI.dll
0x00807000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EF000 \SystemRoot\system32\drivers\acpi.sys
0x00945000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094E000 \SystemRoot\system32\drivers\msisadrv.sys
0x00958000 \SystemRoot\system32\drivers\pci.sys
0x00988000 \SystemRoot\System32\drivers\partmgr.sys
0x0099D000 \SystemRoot\system32\drivers\volmgr.sys
0x0076F000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B1000 \SystemRoot\system32\DRIVERS\intelide.sys
0x009B9000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x009C9000 \SystemRoot\system32\drivers\pciide.sys
0x009D0000 \SystemRoot\System32\drivers\mountmgr.sys
0x009E3000 \SystemRoot\system32\drivers\atapi.sys
0x007D5000 \SystemRoot\system32\drivers\ataport.SYS
0x00A0A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A51000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A65000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00A71000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0A000 \SystemRoot\system32\drivers\ndis.sys
0x00AF8000 \SystemRoot\system32\drivers\msrpc.sys
0x00B48000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E0C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00F8C000 \SystemRoot\system32\drivers\volsnap.sys
0x00FD0000 \SystemRoot\System32\Drivers\spldr.sys
0x00FD8000 \SystemRoot\System32\Drivers\mup.sys
0x00DCD000 \SystemRoot\System32\drivers\ecache.sys
0x00FEA000 \SystemRoot\system32\drivers\disk.sys
0x00BA1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00E00000 \SystemRoot\system32\drivers\crcdisk.sys
0x00BE7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00BF4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x009EB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x01E01000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x0280F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x028F2000 \SystemRoot\System32\drivers\watchdog.sys
0x02902000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0290E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02954000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02A0E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02AFB000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02B0D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02B1D000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x02B53000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02B6F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02B7C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02965000 \SystemRoot\system32\DRIVERS\storport.sys
0x02BB5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02BC2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02BE5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x029C2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x027CE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x027DE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02C02000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02C1A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C2D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02C3B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02C47000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02C49000 \SystemRoot\system32\DRIVERS\ks.sys
0x02C7D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02C88000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02C98000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02CE0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x02E05000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x02F6D000 \SystemRoot\system32\drivers\portcls.sys
0x02FA8000 \SystemRoot\system32\drivers\drmk.sys
0x02FCB000 \SystemRoot\system32\drivers\ksthunk.sys
0x02FD1000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x02FF5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x02CF4000 \SystemRoot\System32\Drivers\Null.SYS
0x02D08000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x02D10000 \SystemRoot\System32\drivers\vga.sys
0x02D1E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02D43000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02D4C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02D55000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02D60000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02D71000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0300C000 \SystemRoot\System32\drivers\tcpip.sys
0x03182000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x031AE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x031CA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02D7A000 \SystemRoot\System32\Drivers\Mpfp.sys
0x031CC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02DB7000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x031E9000 \SystemRoot\system32\drivers\sosnf64.sys
0x02DD2000 \SystemRoot\system32\DRIVERS\smb.sys
0x03203000 \SystemRoot\system32\drivers\afd.sys
0x0326E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x032B2000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x032BD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x032DB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x032EA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03305000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03352000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0335E000 \SystemRoot\system32\drivers\mfehidk.sys
0x033A8000 \SystemRoot\System32\Drivers\dfsc.sys
0x0340E000 \SystemRoot\system32\DRIVERS\LV302V64.SYS
0x036AD000 \SystemRoot\system32\drivers\usbaudio.sys
0x036C6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x036CF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x036E1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x036F9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03704000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x03714000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x0371F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0372A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x03746000 \SystemRoot\system32\DRIVERS\udfs.sys
0x03794000 \SystemRoot\System32\Drivers\crashdmp.sys
0x037A2000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x037AE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x037B6000 \SystemRoot\System32\drivers\Dxapi.sys
0x037C2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x006A0000 \SystemRoot\System32\cdd.dll
0x037D5000 \SystemRoot\system32\drivers\luafv.sys
0x14E0E000 \SystemRoot\system32\drivers\spsys.sys
0x14EA8000 \SystemRoot\system32\DRIVERS\packet.sys
0x14EB5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x14EC9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x14EE1000 \SystemRoot\system32\DRIVERS\RtNdPt60.sys
0x14EED000 \SystemRoot\system32\drivers\HTTP.sys
0x14F90000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x14FB9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x14FD7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x033C5000 \SystemRoot\system32\drivers\mrxdav.sys
0x1520A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x15233000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x1527C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x1529B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x152CD000 \SystemRoot\System32\DRIVERS\srv.sys
0x15362000 \SystemRoot\System32\Drivers\fastfat.SYS
0x15E04000 \SystemRoot\system32\drivers\peauth.sys
0x15EBA000 \SystemRoot\System32\Drivers\secdrv.SYS
0x15EC5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x15ED5000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x15EF5000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x15F0B000 \SystemRoot\system32\drivers\mfeavfk.sys
0x15F23000 \SystemRoot\system32\drivers\mfesmfk.sys
0x76D20000 \WINDOWS\System32\ntdll.dll

Processes (total 78):
0 System Idle Process
4 System
448 C:\WINDOWS\System32\smss.exe
580 csrss.exe
616 C:\WINDOWS\System32\wininit.exe
636 csrss.exe
672 C:\WINDOWS\System32\services.exe
684 C:\WINDOWS\System32\lsass.exe
692 C:\WINDOWS\System32\lsm.exe
744 C:\WINDOWS\System32\winlogon.exe
892 C:\WINDOWS\System32\svchost.exe
952 C:\WINDOWS\System32\svchost.exe
992 C:\WINDOWS\System32\svchost.exe
368 C:\WINDOWS\System32\svchost.exe
468 C:\WINDOWS\System32\svchost.exe
628 C:\WINDOWS\System32\svchost.exe
1036 C:\WINDOWS\System32\audiodg.exe
1064 C:\WINDOWS\System32\svchost.exe
1084 C:\WINDOWS\System32\SLsvc.exe
1132 C:\WINDOWS\System32\svchost.exe
1288 C:\WINDOWS\System32\svchost.exe
1500 C:\WINDOWS\System32\spoolsv.exe
1524 C:\WINDOWS\System32\svchost.exe
1780 C:\WINDOWS\System32\AERTSr64.exe
1792 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1808 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1948 C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
1848 C:\WINDOWS\System32\dwm.exe
2008 C:\WINDOWS\System32\taskeng.exe
848 C:\WINDOWS\explorer.exe
2060 C:\WINDOWS\System32\taskeng.exe
2280 C:\WINDOWS\System32\spool\drivers\x64\3\lxeaserv.exe
2292 C:\WINDOWS\System32\lxeacoms.exe
2312 C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
2344 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
2376 C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
2444 C:\Program Files (x86)\McAfee\MSK\msksrver.exe
2516 C:\WINDOWS\System32\svchost.exe
2544 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2636 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2708 C:\Program Files (x86)\SOS\SOSNF\sosnffsv.exe
2844 C:\Program Files (x86)\SOS\SOSNF\sosnflsv.exe
2872 C:\Program Files (x86)\SOS\SOSNF\sosnfusv.exe
2924 C:\WINDOWS\System32\svchost.exe
2976 C:\WINDOWS\System32\svchost.exe
3060 C:\WINDOWS\System32\SearchIndexer.exe
2468 WUDFHost.exe
2248 C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
3528 C:\PROGRA~2\McAfee.com\Agent\mcagent.exe
3708 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
3960 C:\WINDOWS\notepad.exe
4068 C:\Program Files\Windows Defender\MSASCui.exe
4076 C:\WINDOWS\RAVCpl64.exe
4084 C:\WINDOWS\System32\igfxtray.exe
4092 C:\WINDOWS\System32\hkcmd.exe
2088 C:\WINDOWS\System32\igfxpers.exe
2000 C:\WINDOWS\System32\wpcumi.exe
3608 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
2772 C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
2776 C:\Program Files\Windows Sidebar\sidebar.exe
3836 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
3636 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
3620 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
3940 C:\Program Files (x86)\SelectRebates\SelectRebates.exe
3900 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3116 C:\Program Files\iPod\bin\iPodService.exe
860 C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
4176 C:\WINDOWS\System32\igfxsrvc.exe
4868 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4976 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4212 C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
3720 C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
2728 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
3684 C:\WINDOWS\servicing\TrustedInstaller.exe
1588 C:\WINDOWS\System32\SearchProtocolHost.exe
2208 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1176 C:\WINDOWS\System32\SearchFilterHost.exe
288 C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WM6YSIE6\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c3700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA5BA

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Steveo4571
2010-09-09, 05:56
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4577

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/8/2010 7:55:41 PM
mbam-log-2010-09-08 (19-55-41).txt

Scan type: Quick scan
Objects scanned: 173749
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Steve\Local Settings\Application Data\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

oldman960
2010-09-09, 06:13
Hi Steveo4571,

How are you making out with the new OTL scan log?

I take it the computer can now access the internet?

Thanks

Steveo4571
2010-09-09, 06:14
OTL logfile created on: 9/8/2010 8:05:12 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Steve\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.71 Gb Total Space | 262.39 Gb Free Space | 58.22% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.60 Gb Free Space | 30.64% Space Free | Partition Type: NTFS
Drive E: | 0.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MELDRUM-STUDIO
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\SOS\SOSNF\sosnflsv.exe (Solid Oak Software)
PRC - C:\Program Files (x86)\SOS\SOSNF\sosnfusv.exe (Solid Oak Software)
PRC - C:\Program Files (x86)\SOS\SOSNF\sosnffsv.exe (Solid Oak Software)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
PRC - c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe (Dell Inc.)
PRC - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)


========== Modules (SafeList) ==========

MOD - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\SysWOW64\msi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\sfc_os.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\sfc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\msiltcfg.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (lxea_device) -- C:\Windows\SysNative\lxeacoms.exe ( )
SRV:64bit: - (lxeaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SOSNFLSV) -- C:\Program Files (x86)\SOS\SOSNF\sosnflsv.exe (Solid Oak Software)
SRV - (sosnfusv) -- C:\Program Files (x86)\SOS\SOSNF\sosnfusv.exe (Solid Oak Software)
SRV - (SOSNFFSV) -- C:\Program Files (x86)\SOS\SOSNF\sosnffsv.exe (Solid Oak Software)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (mcmscsvc) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (lxea_device) -- C:\Windows\SysWow64\lxeacoms.exe ( )
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (sosnf64) -- C:\Windows\SysNative\drivers\sosnf64.sys (NetFilterSDK.com)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys (McAfee, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (Packet) -- C:\WINDOWS\SysWOW64\drivers\packet.sys (SingleClick Systems)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ww2.cox.com/myconnection/arizona/home.cox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 14:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/08 19:41:57 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2010/09/08 19:41:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/08 19:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/08 19:41:34 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/08 19:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/08 19:07:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/07 16:42:03 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/08/13 04:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/13 04:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/12 13:27:05 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/12 13:27:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/12 13:26:40 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/12 13:26:37 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/12 13:26:24 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/12 13:26:22 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/12 13:26:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/12 13:26:22 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/12 13:26:21 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/12 13:26:21 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/12 13:26:21 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/12 13:26:21 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/12 13:26:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/12 13:26:21 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/12 13:26:21 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/12 13:26:21 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/12 13:26:20 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/12 13:26:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/12 13:26:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/12 13:26:20 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/12 13:26:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/12 13:26:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/12 13:26:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/12 13:26:20 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/12 13:26:20 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/12 13:26:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/12 13:26:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/01/19 18:26:58 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Steve\AppData\Roaming\DataSafeDotNet.exe
[2009/12/06 16:04:11 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2009/12/06 16:04:11 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2009/12/06 16:04:11 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2009/12/06 16:04:10 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2009/12/06 16:04:10 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2009/12/06 16:04:10 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2009/12/06 16:04:10 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2009/12/06 16:04:10 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2009/12/06 16:04:10 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/08 20:08:00 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2E5CE89E-2BF1-40A8-926B-4F496328B539}.job
[2010/09/08 20:08:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0B32DC5F-32A3-40BC-B76A-3728F5A1E558}.job
[2010/09/08 20:05:36 | 002,097,152 | -HS- | M] () -- C:\Users\Steve\ntuser.dat
[2010/09/08 20:01:18 | 000,018,367 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/09/08 20:00:33 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/08 20:00:33 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2010/09/08 20:00:24 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 20:00:24 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 20:00:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/08 20:00:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/08 20:00:17 | 2110,971,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/08 19:58:50 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000001.regtrans-ms
[2010/09/08 19:58:50 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TM.blf
[2010/09/08 19:58:48 | 002,227,818 | -H-- | M] () -- C:\Users\Steve\AppData\Local\IconCache.db
[2010/09/08 19:48:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/08 19:41:39 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 16:45:10 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000002.regtrans-ms
[2010/09/07 07:12:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/09/07 07:11:28 | 000,293,376 | ---- | M] () -- C:\Users\Steve\Desktop\3uo48hx0.exe
[2010/08/29 20:50:25 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{078f975f-a676-11de-8dcf-0021705e1149}.TMContainer00000000000000000001.regtrans-ms
[2010/08/29 20:50:25 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{078f975f-a676-11de-8dcf-0021705e1149}.TM.blf
[2010/08/29 15:09:55 | 000,023,552 | ---- | M] () -- C:\Users\Steve\Desktop\U-14 Girls Fall 2010.xls
[2010/08/29 08:08:41 | 000,096,256 | ---- | M] () -- C:\Users\Steve\Desktop\0.005620001379621042.exe
[2010/08/25 16:12:33 | 000,024,064 | ---- | M] () -- C:\Users\Steve\Desktop\U-14 Boys Fall 2010.xls
[2010/08/23 07:30:11 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/23 07:30:11 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/23 07:30:11 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/21 15:58:02 | 000,192,000 | ---- | M] () -- C:\Users\Steve\Desktop\fall league matt.ppt
[2010/08/13 05:04:27 | 000,302,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/13 04:57:16 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/08/13 04:57:16 | 000,001,866 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/13 04:53:25 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[54 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/08 19:41:39 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 16:46:35 | 2110,971,904 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/07 16:41:56 | 000,293,376 | ---- | C] () -- C:\Users\Steve\Desktop\3uo48hx0.exe
[2010/09/07 16:40:47 | 000,524,288 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000002.regtrans-ms
[2010/09/07 16:40:47 | 000,524,288 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TMContainer00000000000000000001.regtrans-ms
[2010/09/07 16:40:47 | 000,065,536 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{0cb78998-bad9-11df-b872-c57b523032ea}.TM.blf
[2010/08/29 08:08:40 | 000,096,256 | ---- | C] () -- C:\Users\Steve\Desktop\0.005620001379621042.exe
[2010/08/23 16:09:30 | 000,024,064 | ---- | C] () -- C:\Users\Steve\Desktop\U-14 Boys Fall 2010.xls
[2010/08/23 16:08:59 | 000,023,552 | ---- | C] () -- C:\Users\Steve\Desktop\U-14 Girls Fall 2010.xls
[2010/08/21 15:58:01 | 000,192,000 | ---- | C] () -- C:\Users\Steve\Desktop\fall league matt.ppt
[2010/08/13 04:53:25 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/20 17:01:41 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/12/11 18:36:59 | 000,000,680 | ---- | C] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
[2009/12/06 17:02:20 | 000,087,148 | ---- | C] () -- C:\ProgramData\lxeaJSW.log
[2009/12/06 17:02:04 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2009/12/06 16:56:50 | 000,173,995 | ---- | C] () -- C:\ProgramData\lxea.log
[2009/12/06 16:09:00 | 000,727,073 | ---- | C] () -- C:\ProgramData\lxeascan.log
[2009/12/06 16:04:12 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2009/12/06 16:04:11 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2009/12/06 16:04:11 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2009/12/06 16:04:11 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2009/12/06 16:04:11 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2009/12/06 16:04:11 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2009/12/06 16:04:10 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2009/12/06 16:04:10 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2009/12/06 16:04:10 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2009/12/06 16:00:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2009/12/06 16:00:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2009/12/06 16:00:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2009/12/06 16:00:35 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2009/12/06 16:00:35 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2009/12/03 07:21:42 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 07:19:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/20 22:39:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/20 18:26:51 | 000,015,360 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >

oldman960
2010-09-09, 06:39
Hi

Looks good so far. Just some adware left showing.

Click on the Start button > Control Panel

Depending on your setings, either
click on the Uninstall a program option under the Programs category.
If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
Uninstall the following program


ShopAtHome SelectRebates


Next, Right click on OTL.exe and select "Run as Administrator"
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :


:Services

:OTL
PRC - C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()

:Files
C:\Program Files\SelectRebates

:Commands
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.



One more scan just to check our handiwork.

In order to run this scan you will need to open a browser with Aministrator Rights.
Right click your browser icon and select "Run as Administrator"
Do not use this browser for anything else but running this scan
Once the scan has completed and the results saved, close that browser.
Open a new browser the normal way and post the Kaspersky log here.


*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Please go to Kaspersky (http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Fwww.kaspersky.com%2Fkos%2Feng%2Fpartner%2Fdefault%2Fkavwebscan.html) website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions.
You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button

Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Change the Files of type to Text file (.txt)
Set the Save In to Desktop
click the Save button.
Please post this log in your next reply.
Please post back with the OTL fix log and Kaspersky log.

How is the computer?

Thanks

Steveo4571
2010-09-11, 02:27
I ran the OTL Fix, the computed re-booted but I didn't get a new text file. Was I supposed to?

Here are the results from the Kaspersky File.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, September 10, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, September 09, 2010 20:49:17
Records in database: 4208501
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
L:\

Scan statistics:
Objects scanned: 332279
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 05:49:33


File name / Threat / Threats count
C:\My Games\Zuma Deluxe\Zuma.exe Infected: Trojan-GameThief.Win32.Magania.dodn 1

Selected area has been scanned.

oldman960
2010-09-11, 03:19
Hi Steveo4571

If the OTL fix log didn't pop up you should be able to find it here C:\_OTL\MovedFiles

It will be a .log file with a file name made up of numbers. The numbers represent the date and time stamp the fix was ran. You will have 2 such file, please copy and paste the most recent one into your next reply.


Are you familar with this program Zuma Deluxe?


Let's see what other scanners think of that file.

Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service (http://virscan.org/)
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:


C:\My Games\Zuma Deluxe\Zuma.exe


Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.


Please post back with
OTL fix log
VirScan results

Any problems with the computer?

Steveo4571
2010-09-11, 16:15
Here is the OTL scan files. The computer seems to be working ok. It's a little slow but no symptoms of what was happening before. I really appreciate the help.

========== SERVICES/DRIVERS ==========
========== OTL ==========
No active process named Program Files was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SelectRebates not found.
File C:\Program Files (x86)\SelectRebates\SelectRebates.exe not found.
========== FILES ==========
File\Folder C:\Program Files\SelectRebates not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.11.0 log created on 09092010_173513


and

========== SERVICES/DRIVERS ==========
========== OTL ==========
No active process named Program Files was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SelectRebates not found.
File C:\Program Files (x86)\SelectRebates\SelectRebates.exe not found.
========== FILES ==========
File\Folder C:\Program Files\SelectRebates not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.11.0 log created on 09092010_175053


VirSCAN.org Scanned Report :
Scanned time : 2010/09/11 06:01:30 (MST)
Scanner results: 14% Scanner(s) (5/36) found malware!
File Name : Zuma.exe
File Size : 2174980 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a791e71d6ca24304b5e27c88f810e40f
SHA1 : d57dacb5fec957896f5338ad57708ffa70b23906
Online report : http://virscan.org/report/7b998e4ef59d8014a18c36da0f2faa18.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.19 20100910040535 2010-09-10 40.09 -
AhnLab V3 2010.09.11.00 2010.09.11 2010-09-11 40.09 -
AntiVir 8.2.4.50 7.10.11.128 2010-09-10 0.30 -
Antiy 2.0.18 20100906.5080244 2010-09-06 0.02 -
Arcavir 2009 201006281601 2010-06-28 0.00 -
Authentium 5.1.1 201009101540 2010-09-10 1.42 -
AVAST! 4.7.4 100911-0 2010-09-11 0.12 -
AVG 8.5.850 271.1.1/3128 2010-09-11 0.27 -
BitDefender 7.90123.6364019 7.33824 2010-09-11 4.65 -
ClamAV 0.96.1 11873 2010-09-11 0.39 -
Comodo 4.0 6037 2010-09-10 40.09 -
CP Secure 1.3.0.5 2010.09.11 2010-09-11 0.49 Troj.GameThief.W32.Magania.dodn
Dr.Web 5.0.2.3300 2010.09.11 2010-09-11 9.95 -
F-Prot 4.4.4.56 20100910 2010-09-10 1.36 -
F-Secure 7.02.73807 2010.09.11.01 2010-09-11 0.15 Trojan-GameThief.Win32.Magania.dodn [AVP]
Fortinet 4.1.143 12.339 2010-09-10 40.09 -
GData 21.816/21.323 20100910 2010-09-10 40.09 -
ViRobot 20100911 2010.09.11 2010-09-11 40.09 -
Ikarus T3. 2010.09.11.76706 2010-09-11 4.81 Trojan-GameThief.Win32.Magania
JiangMin 13.0.900 2010.08.30 2010-08-30 40.09 -
Kaspersky 5.5.10 2010.09.11 2010-09-11 0.07 Trojan-GameThief.Win32.Magania.dodn
KingSoft 2009.2.5.15 2010.9.11.7 2010-09-11 40.10 -
McAfee 5400.1158 6102 2010-09-10 19.74 -
Microsoft 1.6103 2010.09.11 2010-09-11 40.10 -
Norman 6.06.05 6.06.00 2010-09-11 8.01 -
Panda 9.05.01 2010.09.09 2010-09-09 40.11 -
Trend Micro 9.120-1004 7.456.03 2010-09-11 0.04 -
Quick Heal 11.00 2010.09.10 2010-09-10 40.10 -
Rising 20.0 22.64.04.03 2010-09-10 40.09 -
Sophos 3.11.2 4.57 2010-09-11 5.46 -
Sunbelt 3.9.2442.2 6861 2010-09-10 40.15 -
Symantec 1.3.0.24 20100910.003 2010-09-10 0.08 -
nProtect 20100911.01 9087649 2010-09-11 40.11 -
The Hacker 6.5.2.1 v00370 2010-09-10 40.09 -
VBA32 3.12.14.0 20100908.1157 2010-09-08 3.71 -
VirusBuster 4.5.11.10 10.127.77/2035143 2010-09-10 3.80 Trojan.Patched.Y

oldman960
2010-09-12, 20:16
Hi Steveo4571,

I'm pretty sure that was a False positve in the Kaspersky scan.

We'll clean up the tools and send you on your way.

From your desktop, please delete, if present
any notepads/logs that we created
GMER
MBRCheck
You can remove GMER from the clean computer the same way. OTL can be removed from the clean computer if it's still on it in the manner shown below.

Next

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep MBAM. Keep MBAM updated and use it regularly.

*We'll reset your restore points

Click on the Start button to open your Start Menu.
Click on the Control Panel menu option.
Click on the System and Maintenance menu option.
Click on the System menu option.
Click on System Protection in the left-hand task list.
Create the manual restore point you should click on the Create button. When you press this button a prompt will appear asking you to provide a title for this manual restore point.
Type in a title for the manual restore point and press the Create button.
Close the System window after you have been advised that the procedure has been successfully completed.

Next, go to Start > Run (it may be start > accesories > run) and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and Ok it
This will remove all restore points except the most recent one.

Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall.

It looks like you are using a McAfee suite so you should be covered with the addition of MBAM.

You should also use Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS (http://www.mvps.org/winhelp2002/hosts.htm)

Please read the info on disabling the DNS Client before installing a custom hosts file.

-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us)(using Internet Explorer) and download and install all critical updates on a regular basis

- Ensure that Automatic Update is turned on so you get all the latest patches.
Click start, control panel, click Security Center.

- Keep your antivirus program updated, as well as any other security programs you have.

-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)


-Check this site out to check for out of date programs
Secunia Personal Software Inspector (PSI) 1.0 (http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Fsecunia.com%2Fvulnerability_scanning%2Fpersonal%2F)

- You may also want to read this article By Tony Klein
http://www.freedomlist.com/forum/viewtopic.php?t=22879

We'll keep this thread open for a couple of days.

Take care

jmw3
2010-09-15, 16:41
Since this issue appears to be resolved ... this Topic has been closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include fresh DDS & Attach logs and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or Moderator a private message (pm). A valid, working link to the closed topic is also required.