Infected with TROJ TDSS Need Help to Remove

[ericneedhelp]

Hi,

My computer is infected with this Trojan called TROJ TDSS that is attacking my Vista-based PC. I'll get popups that look like Windows Security, but I'm sure they are not. I have Trend Micro PC-cillin which identified the problem but couldn't do anything about it. I had malware bytes, but it wouldn't pick up anything when I did a scan(probably undermined by the virus). I uninstalled Malware bytes.

Based on what I read on other forums, I downloaded Malware Bytes on an uninfected computer to a flash drive and changed the name of the application from MBAM Setup.exe to just Setup.exe and put it on my PC in hopes that I could run it without the virus recognizing it. However, the virus appears to have disabled the installation wizard, InstallShield (iKernel.exe), and I could not run the setup up as an administrator or using the command prompt. I get an error saying the installation app. is not found. I manually found it in C:/program files/common files/installshield/engine/6/intel 32. The application was still there, but nothing happened when I tried to run it.

I downloaded RootRepeal after reading instructions on how to use it, http://forums.malwarebytes.org/index.php?showtopic=12709, and tried to do a scan with it to find the rootkit, but the scan got interupted and whenever I tried to reinitiate the scan, I got an error. I abandoned that approach because it's a risky one anyway it would seem.

I don't know what options I have at this point.

Please help.

-Eric

[kahdah]

Hello ericneedhelp

Welcome to Malwarebytes.

=====================

• Download OTL to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Under Custom scan's and fixes section paste in the below in bold
  

  
  

  netsvcs
  
  
  %SYSTEMDRIVE%\*.exe
  
  
  /md5start
  
  
  eventlog.dll
  
  
  scecli.dll
  
  
  netlogon.dll
  
  
  cngaudit.dll
  
  
  sceclt.dll
  
  
  ntelogon.dll
  
  
  logevent.dll
  
  
  iaStor.sys
  
  
  nvstor.sys
  
  
  atapi.sys
  
  
  IdeChnDr.sys
  
  
  viasraid.sys
  
  
  AGP440.sys
  
  
  vaxscsi.sys
  
  
  nvatabus.sys
  
  
  viamraid.sys
  
  
  nvata.sys
  
  
  nvgts.sys
  
  
  iastorv.sys
  
  
  ViPrt.sys
  
  
  eNetHook.dll
  
  
  ahcix86.sys
  
  
  KR10N.sys
  
  
  nvstor32.sys
  
  
  ahcix86s.sys
  
  
  nvrd32.sys
  
  
  symmpi.sys
  
  
  adp3132.sys
  
  
  mv61xx.sys
  
  
  /md5stop
  
  
  %systemroot%\*. /mp /s
  
  
  %systemroot%\system32\*.dll /lockedfiles
  
  
  %systemroot%\Tasks\*.job /lockedfiles
  
  
  %systemroot%\system32\drivers\*.sys /lockedfiles
  
  
  %systemroot%\System32\config\*.sav

  
  

• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

====================

Download the following GMER Rootkit Scanner from Here

• Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  
• Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  
• It may take a minute to load and become available.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED
  

  
  

• Sections
  
  
• IAT/EAT
  
  
• Drives/Partition other than Systemdrive (typically only C:\ should be checked)
  
  
• Show All (don't miss this one)

  
  

• Then click the Scan button & wait for it to finish.
  
• Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop
  
• **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  
• Click OK and quit the GMER program.
  
• Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  
• Post that log in your next reply.
  

[ericneedhelp]

OTL logfile created on: 3/19/2010 8:57:48 PM - Run 1

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\egaylord\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.74 Gb Total Space | 93.32 Gb Free Space | 68.24% Space Free | Partition Type: NTFS

Drive D: | 9.77 Gb Total Space | 5.05 Gb Free Space | 51.75% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MACCHINAMIA-PC

Current User Name: egaylord

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\egaylord\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe (ParetoLogic Inc.)

PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)

PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)

PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)

PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)

PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)

PRC - C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)

PRC - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\egaylord\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ZeppelinService) -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe (ParetoLogic Inc.)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (GoogleDesktopManager-061008-081103) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)

SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)

SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)

SRV - (Tmntsrv) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)

SRV - (PcCtlCom) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (pkhjeal) -- C:\Windows\System32\drivers\pkhjeal.sys ()

DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)

DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.)

DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.)

DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.)

DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (iaNvStor) Intel® -- C:\Windows\system32\drivers\ianvstor.sys (Intel Corporation)

DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)

DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)

DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)

DRV - (tmcfw) -- C:\Windows\System32\drivers\TM_CFW.sys (Trend Micro Inc.)

DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 03:02:02 | 000,000,000 | ---D | M]

[2009/08/25 00:30:37 | 000,000,000 | ---D | M] -- C:\Users\egaylord\AppData\Roaming\Mozilla\Extensions

[2009/08/25 00:30:37 | 000,000,000 | ---D | M] -- C:\Users\egaylord\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found

O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [ParetoLogic Anti-Virus PLUS] C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk File not found

O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)

O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\egaylord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\INetHTTPFilter.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\INetHTTPFilter.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\INetHTTPFilter.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\INetHTTPFilter.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: marquetteassociates.com ([mx] https in Trusted sites)

O15 - HKCU\..Trusted Domains: marquetteassociates.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\egaylord\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\egaylord\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{738c3eec-cce3-11dd-b0fc-001e4ce808ae}\Shell - "" = AutoRun

O33 - MountPoints2\{738c3eec-cce3-11dd-b0fc-001e4ce808ae}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias [2008/07/03 08:09:01 | 000,000,000 | ---D | M]

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/19 20:54:54 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\egaylord\Desktop\OTL.exe

[2010/03/19 18:11:22 | 000,000,000 | ---D | C] -- C:\Users\egaylord\Desktop\Other

[2010/03/18 21:03:52 | 000,000,000 | ---D | C] -- C:\Users\egaylord\Desktop\RootRepeal

[2010/03/18 19:39:57 | 000,472,064 | ---- | C] ( ) -- C:\Users\egaylord\Desktop\RootRepl.exe

[2010/03/18 17:33:57 | 000,000,000 | ---D | C] -- C:\Users\egaylord\Desktop\the_one

[2010/03/17 22:56:29 | 000,000,000 | ---D | C] -- C:\Users\egaylord\Desktop\tdsskiller

[2010/03/17 02:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic Anti-Virus PLUS

[2010/03/17 02:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic

[2010/03/17 02:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic

[2010/03/17 02:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic

[2010/03/17 02:24:30 | 000,000,000 | ---D | C] -- C:\Users\egaylord\AppData\Local\Downloaded Installations

[2010/03/17 02:09:33 | 050,682,256 | ---- | C] (Microsoft Corporation) -- C:\Users\egaylord\Desktop\mpam-fe.exe

[2010/03/17 02:05:14 | 050,993,552 | ---- | C] (Microsoft Corporation) -- C:\Users\egaylord\Desktop\mpam-fex64.exe

[2010/03/10 04:01:20 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll

[2010/03/10 04:01:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

[2010/03/09 02:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter

[2010/02/23 20:52:04 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2010/02/23 20:51:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/02/23 20:51:27 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2010/02/23 20:51:27 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2010/02/23 20:51:25 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2010/02/23 20:51:25 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2010/02/23 20:51:25 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2010/02/23 20:51:25 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2010/02/23 20:51:25 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2010/02/23 20:51:25 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2010/02/23 20:51:24 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2010/02/23 20:51:21 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2010/02/23 20:51:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010/02/23 20:51:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

========== Files - Modified Within 30 Days ==========

[2010/03/19 20:57:54 | 002,359,296 | -HS- | M] () -- C:\Users\egaylord\NTUSER.DAT

[2010/03/19 20:55:09 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\egaylord\Desktop\OTL.exe

[2010/03/19 20:36:36 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/03/19 20:36:36 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/03/19 20:36:35 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/03/19 20:29:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/03/19 20:29:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/03/19 20:29:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/19 20:29:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/03/19 20:29:23 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/19 20:27:44 | 000,524,288 | -HS- | M] () -- C:\Users\egaylord\NTUSER.DAT{1101a4f1-6a93-11dd-9308-001e4ce808ae}.TMContainer00000000000000000001.regtrans-ms

[2010/03/19 20:27:44 | 000,065,536 | -HS- | M] () -- C:\Users\egaylord\NTUSER.DAT{1101a4f1-6a93-11dd-9308-001e4ce808ae}.TM.blf

[2010/03/19 20:21:41 | 000,227,840 | ---- | M] () -- C:\Users\egaylord\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/19 20:18:32 | 000,001,356 | ---- | M] () -- C:\Users\egaylord\AppData\Local\d3d9caps.dat

[2010/03/19 17:51:10 | 004,834,848 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat

[2010/03/18 22:12:10 | 000,000,000 | ---- | M] () -- C:\Users\egaylord\Desktop\settings.dat

[2010/03/18 21:00:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat

[2010/03/18 21:00:21 | 000,464,491 | ---- | M] () -- C:\Users\egaylord\Desktop\RootRepeal.zip

[2010/03/18 20:53:20 | 000,034,816 | ---- | M] () -- C:\Windows\System32\drivers\pkhjeal.sys

[2010/03/18 18:00:00 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2010/03/18 18:00:00 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job

[2010/03/17 23:22:25 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS.job

[2010/03/17 23:22:25 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job

[2010/03/17 23:21:35 | 000,064,232 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx

[2010/03/17 23:21:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/03/17 22:55:49 | 000,155,752 | ---- | M] () -- C:\Users\egaylord\Desktop\tdsskiller.zip

[2010/03/17 21:40:50 | 000,015,069 | ---- | M] () -- C:\Users\egaylord\Desktop\need.docx

[2010/03/17 02:36:22 | 000,000,000 | ---- | M] () -- C:\rollback.ini

[2010/03/17 02:09:36 | 050,682,256 | ---- | M] (Microsoft Corporation) -- C:\Users\egaylord\Desktop\mpam-fe.exe

[2010/03/17 02:05:19 | 050,993,552 | ---- | M] (Microsoft Corporation) -- C:\Users\egaylord\Desktop\mpam-fex64.exe

[2010/03/16 20:21:40 | 000,009,805 | ---- | M] () -- C:\Users\egaylord\Documents\list2.xlsx

[2010/03/15 10:33:04 | 000,146,042 | ---- | M] () -- C:\Users\egaylord\Desktop\St. Louis.jpg

[2010/03/13 17:18:52 | 002,901,504 | ---- | M] () -- C:\Users\egaylord\Desktop\M.Gocheva-CV-EN-2010.doc

[2010/03/11 22:00:48 | 269,221,086 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/03/08 21:09:23 | 000,002,585 | ---- | M] () -- C:\Users\egaylord\Desktop\Microsoft Office Excel 2007.lnk

[2010/03/04 19:34:29 | 000,000,162 | -H-- | M] () -- C:\Users\egaylord\Desktop\~$itar pedals.docx

[2010/02/25 00:52:50 | 000,074,912 | ---- | M] () -- C:\Users\egaylord\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010/02/24 04:24:25 | 000,313,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/02/20 18:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll

[2010/02/20 18:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

========== Files Created - No Company Name ==========

[2010/03/19 20:29:23 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys

[2010/03/18 22:12:10 | 000,000,000 | ---- | C] () -- C:\Users\egaylord\Desktop\settings.dat

[2010/03/18 21:00:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat

[2010/03/18 21:00:10 | 000,464,491 | ---- | C] () -- C:\Users\egaylord\Desktop\RootRepeal.zip

[2010/03/18 20:53:19 | 000,034,816 | ---- | C] () -- C:\Windows\System32\drivers\pkhjeal.sys

[2010/03/17 22:55:38 | 000,155,752 | ---- | C] () -- C:\Users\egaylord\Desktop\tdsskiller.zip

[2010/03/17 21:40:49 | 000,015,069 | ---- | C] () -- C:\Users\egaylord\Desktop\need.docx

[2010/03/17 02:40:10 | 000,000,448 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2010/03/17 02:37:46 | 004,834,848 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat

[2010/03/17 02:37:46 | 000,064,232 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx

[2010/03/17 02:36:22 | 000,000,000 | ---- | C] () -- C:\rollback.ini

[2010/03/17 02:30:02 | 000,000,448 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job

[2010/03/17 02:29:52 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS.job

[2010/03/17 02:29:50 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job

[2010/03/15 10:32:17 | 000,146,042 | ---- | C] () -- C:\Users\egaylord\Desktop\St. Louis.jpg

[2010/03/13 17:18:50 | 002,901,504 | ---- | C] () -- C:\Users\egaylord\Desktop\M.Gocheva-CV-EN-2010.doc

[2010/03/09 02:09:16 | 000,380,928 | ---- | C] () -- C:\Windows\System32\ac3filter.acm

[2010/03/04 19:34:29 | 000,000,162 | -H-- | C] () -- C:\Users\egaylord\Desktop\~$itar pedals.docx

[2010/01/14 11:27:14 | 000,111,960 | ---- | C] () -- C:\Windows\System32\INetHTTPFilter.dll

[2008/11/21 16:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008/11/21 16:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest

[2008/11/21 16:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest

[2008/11/21 16:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2008/07/20 21:39:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2008/03/17 01:09:44 | 000,001,356 | ---- | C] () -- C:\Users\egaylord\AppData\Local\d3d9caps.dat

[2008/01/30 23:28:49 | 000,227,840 | ---- | C] () -- C:\Users\egaylord\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/01/22 19:17:36 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2008/01/22 19:17:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll

[2008/01/22 19:17:35 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2008/01/22 19:17:33 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll

[2008/01/22 19:17:33 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/01/22 19:17:31 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2007/07/25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll

[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2008/06/19 20:36:19 | 000,000,000 | ---D | M] -- C:\Users\egaylord\AppData\Roaming\acccore

[2009/12/02 02:03:17 | 000,000,000 | ---D | M] -- C:\Users\egaylord\AppData\Roaming\iMesh

[2010/03/15 18:41:24 | 000,000,000 | ---D | M] -- C:\Users\egaylord\AppData\Roaming\LimeWire

[2009/04/13 23:51:06 | 000,000,000 | ---D | M] -- C:\Users\egaylord\AppData\Roaming\MusicNet

[2010/03/17 23:22:25 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS.job

[2010/03/18 18:00:00 | 000,000,448 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job

[2010/03/18 18:00:00 | 000,000,448 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job

[2010/03/17 23:22:25 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job

[2010/03/17 23:21:11 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2008/01/22 19:06:32 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys

[2008/01/22 19:06:32 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys

[2008/01/22 19:06:32 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys

[2008/01/22 19:06:32 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys

[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2008/01/22 19:07:12 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_e6b2949c\atapi.sys

[2008/01/22 19:07:12 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20544_none_dbb443eb3d9db847\atapi.sys

[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008/01/22 19:07:00 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys

[2008/01/22 19:16:57 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys

[2008/01/22 19:16:57 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys

[2008/01/22 19:16:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys

[2008/01/22 19:16:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys

[2008/01/22 19:06:29 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys

[2008/01/22 19:06:29 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys

[2008/01/22 19:07:00 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys

[2008/01/22 19:07:00 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys

[2008/02/19 21:00:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2008/02/19 21:00:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2008/02/19 21:00:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys

[2008/02/19 21:00:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >

[2007/09/06 11:45:14 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Drivers\storage\R166201\iaStor.sys

[2007/09/06 11:45:14 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_b92fa6ec\iaStor.sys

[2007/09/06 11:45:14 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_9af7e4ab\iaStor.sys

[2007/09/06 11:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R166200\iastor.sys

[2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys

[2007/09/06 11:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys

[2007/09/06 11:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys

[2007/09/06 11:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys

[2007/03/21 13:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >

[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >

[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Files - Unicode (All) ==========

[2010/03/13 17:16:03 | 000,113,664 | ---- | M] ()(C:\Users\egaylord\Desktop\?.??????-?????????????-2010.doc) -- C:\Users\egaylord\Desktop\М.Гочева-Автобиография-2010.doc

[2010/03/13 15:54:59 | 000,113,664 | ---- | C] ()(C:\Users\egaylord\Desktop\?.??????-?????????????-2010.doc) -- C:\Users\egaylord\Desktop\М.Гочева-Автобиография-2010.doc

[2009/10/13 23:23:28 | 000,000,000 | ---D | M](C:\Users\egaylord\Desktop\CTAPOCE?) -- C:\Users\egaylord\Desktop\CTAPOCEЛ

[2009/10/11 13:40:33 | 000,000,000 | ---D | C](C:\Users\egaylord\Desktop\CTAPOCE?) -- C:\Users\egaylord\Desktop\CTAPOCEЛ

< End of report >

[ericneedhelp]

OTL Extras logfile created on: 3/19/2010 8:57:48 PM - Run 1

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\egaylord\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.74 Gb Total Space | 93.32 Gb Free Space | 68.24% Space Free | Partition Type: NTFS

Drive D: | 9.77 Gb Total Space | 5.05 Gb Free Space | 51.75% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MACCHINAMIA-PC

Current User Name: egaylord

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{027D42CF-1F92-4CC3-BFF1-BA2DE2CAC196}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{1350E4A0-267C-4605-9626-AD051C0F4FE0}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |

"{282B57E6-34FA-498B-B651-9FFBA68A8D13}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |

"{2FA1E93B-D881-4B27-A801-581CCEC8FF71}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

"{50427C2F-1DAF-42A5-BD3E-6B2706A5F5AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{5F8AE4DD-F6B0-402A-8D03-2164F37011C7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{60D1694D-6901-4FFF-B322-3C1E4EDEC6A5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{7DD2AEB8-CDA3-4A84-84FB-E25E4DB90814}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |

"{80B6F9B3-4CFD-4E16-85E8-697F4FB6CF95}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{84C7F8CB-E4C6-4F1E-AB0A-F0AE491CB5DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{8E3268DC-FFFB-4310-8FB6-FAB4CD64D683}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{90ADAE5A-C2A2-4FA4-B0D6-99291E266433}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |

"{98B19B71-AB09-4D91-842B-28BCBAA72211}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{9D252F8D-7BD8-410B-AD35-AE7D93402678}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

"{B6CB46E6-08D2-493B-A93B-70C1E4B1B044}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{C429CDCC-8538-4746-B087-3B40D3446EA0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{C6F0B452-6EB2-4CD1-BAE4-CB9B3AF23CA9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{D5885F45-8532-4C77-B5A8-ECB60B401541}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{F6D22BBB-294B-4537-8C1C-82E67A46497A}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |

"{F80C48E0-742C-4C6E-A302-64484291DD7C}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0

"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype

[ericneedhelp]

Kahdah,

Rather than make several posts to show the whole GMER log, I attached the txt file. If this doesn't work for you, let me know, and I'll post it in chunks, or I'll post only pertinent sections as requested by you.

Thank you very much for your help.

-Eric

ark.txt

[kahdah]

Please submit the following file to one of these online file scanners.

(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\Windows\System32\drivers\pkhjeal.sys

Jotti File Scan
VirusTotal File Scan

Please copy and paste those results in your next post.

[ericneedhelp]

Jotti

FileFilename: pkhjeal.sys

Status: Scan finished. 0 out of 20 scanners reported malware.

Scan taken on: Sat 20 Mar 2010 18:33:52 (CET) Permalink

[ericneedhelp]

Virus Total

File pkhjeal.sys received on 2010.03.20 17:37:38 (UTC)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 2/42 (4.77%)

Loading server information...

Your file is queued in position: 2.

Estimated start time is between 49 and 70 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Print results Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.03.20 -

AhnLab-V3 5.0.0.2 2010.03.20 -

AntiVir 8.2.1.196 2010.03.19 -

Antiy-AVL 2.0.3.7 2010.03.19 -

Authentium 5.2.0.5 2010.03.19 -

Avast 4.8.1351.0 2010.03.20 -

Avast5 5.0.332.0 2010.03.20 -

AVG 9.0.0.787 2010.03.20 -

BitDefender 7.2 2010.03.20 -

CAT-QuickHeal 10.00 2010.03.19 -

ClamAV 0.96.0.0-git 2010.03.20 -

Comodo 4331 2010.03.20 -

DrWeb 5.0.1.12222 2010.03.20 -

eSafe 7.0.17.0 2010.03.18 -

eTrust-Vet 35.2.7376 2010.03.19 -

F-Prot 4.5.1.85 2010.03.19 -

F-Secure 9.0.15370.0 2010.03.20 -

Fortinet 4.0.14.0 2010.03.20 -

GData 19 2010.03.20 -

Ikarus T3.1.1.80.0 2010.03.20 -

Jiangmin 13.0.900 2010.03.20 -

K7AntiVirus 7.10.1002 2010.03.19 -

Kaspersky 7.0.0.125 2010.03.20 -

McAfee 5926 2010.03.20 -

McAfee+Artemis 5926 2010.03.20 -

McAfee-GW-Edition 6.8.5 2010.03.20 Heuristic.BehavesLike.Win32.Rootkit.H

Microsoft 1.5605 2010.03.20 -

NOD32 4961 2010.03.20 -

Norman 6.04.09 2010.03.20 -

nProtect 2009.1.8.0 2010.03.20 -

Panda 10.0.2.2 2010.03.20 -

PCTools 7.0.3.5 2010.03.20 -

Prevx 3.0 2010.03.20 -

Rising 22.39.05.02 2010.03.20 -

Sophos 4.51.0 2010.03.20 -

Sunbelt 5991 2010.03.20 -

Symantec 20091.2.0.41 2010.03.20 Suspicious.Insight

TheHacker 6.5.2.0.241 2010.03.20 -

TrendMicro 9.120.0.1004 2010.03.20 -

VBA32 3.12.12.2 2010.03.19 -

ViRobot 2010.3.19.2236 2010.03.20 -

VirusBuster 5.0.27.0 2010.03.20 -

Additional information

File size: 34816 bytes

MD5...: 60ac082b41e60906171335dfbf8c19c0

SHA1..: 26b0961cc7853afa4746fd0f6467dd2ea824640c

SHA256: 2c96a4de3136452582421c98b242e16322d92be339cfeeffa4ad78ef98e72c04

ssdeep: 768:4g8LdAtuYio46ewQRkaJynKd+lvJHu/HdguHyt4CgDO5:4gmYiD6ewQFJ7+l

F4HHyfl

PEiD..: -

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0xa005

timedatestamp.....: 0x4a802350 (Mon Aug 10 13:40:32 2009)

machinetype.......: 0x14c (I386)

( 5 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x6758 0x6800 6.48 ddec351c17b489da4e02d3467286e7e8

.rdata 0x8000 0x2c4 0x400 2.37 47f9df68a510a65916dd81b35ad8c701

.data 0x9000 0x448 0x400 1.92 f52a217fb7cf59b892d5a30207f584d5

INIT 0xa000 0x96e 0xa00 5.35 171991e190f8a2a0bd78f85943a0ac26

.reloc 0xb000 0x896 0xa00 5.77 46a97c1914f16a92c2cd7d3f3ca62f13

( 2 imports )

> ntoskrnl.exe: ObfReferenceObject, IoGetDeviceObjectPointer, RtlInitUnicodeString, IoDeleteDevice, IoDeleteSymbolicLink, IofCompleteRequest, ZwQuerySystemInformation, IoDeviceObjectType, IoDriverObjectType, PsGetVersion, MmSystemRangeStart, KeServiceDescriptorTable, PsLookupProcessByProcessId, MmGetSystemRoutineAddress, MmGetVirtualForPhysical, MmGetPhysicalAddress, MmIsAddressValid, wcscpy, wcslen, IoGetCurrentProcess, _except_handler3, IoCreateSymbolicLink, IoCreateDevice, KeDelayExecutionThread, KiDispatchInterrupt, KeWaitForSingleObject, KeSetAffinityThread, PsTerminateSystemThread, _wcsnicmp, RtlAnsiStringToUnicodeString, wcscat, ObReferenceObjectByHandle, ZwClose, ZwDuplicateObject, ObOpenObjectByPointer, ZwTerminateProcess, RtlVolumeDeviceToDosName, PsProcessType, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, strncat, ZwQueryValueKey, ZwOpenKey, KeSetEvent, KeInsertQueueDpc, KeSetTargetProcessorDpc, KeInitializeDpc, KeInitializeEvent, KeNumberProcessors, ExGetPreviousMode, KeGetCurrentThread, ObQueryNameString, PsGetCurrentThreadId, ObOpenObjectByName, RtlImageDirectoryEntryToData, ExDeletePagedLookasideList, ExFreeToPagedLookasideList, ExAllocateFromPagedLookasideList, PsIsThreadTerminating, ExInitializePagedLookasideList, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, MmUnlockPages, wcsncmp, IoFreeIrp, IoAllocateIrp, IoBuildSynchronousFsdRequest, _allmul, IoGetRelatedDeviceObject, IoFileObjectType, IoCreateFile, IoBuildDeviceIoControlRequest, wcscmp, IofCallDriver, DbgPrint, KeAddSystemServiceTable, KeTickCount, KeBugCheckEx, ExAllocatePoolWithTag, wcsncpy, wcsncat, ObfDereferenceObject, PsThreadType, ExFreePoolWithTag

> HAL.dll: KeRaiseIrqlToDpcLevel, KfLowerIrql, KeStallExecutionProcessor, HalReturnToFirmware, KeGetCurrentIrql

( 0 exports )

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Win32 Executable Generic (58.5%)

Clipper DOS Executable (13.8%)

Generic Win/DOS Executable (13.7%)

DOS Executable Generic (13.7%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

packers (Kaspersky): PE_Patch

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

[kahdah]

1. Please download The Avenger2 by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
  
• Follow the prompts and extract the avenger folder to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

 Drivers to disable:
pkhjeal

Drivers to delete:
pkhjeal

Files to delete:
C:\Windows\System32\drivers\pkhjeal.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
  
• You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  
• Click on Execute
  
• Answer "Yes" twice when prompted.
  

4. The Avenger will automatically do the following:

[*]It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)

[*]On reboot, it will briefly open a black command window on your desktop, this is normal.

[*]After the restart, it creates a log file that should open with the results of Avenger

[ericneedhelp]

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Driver "pkhjeal" disabled successfully.

Driver "pkhjeal" deleted successfully.

File "C:\Windows\System32\drivers\pkhjeal.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[ericneedhelp]

ComboFix 10-03-20.01 - egaylord 03/20/2010 23:36:19.1.2 - x86

Microsoft

[kahdah]

Please navigate to this location.

C:\Qoobox\Quarantine\c\windows\system32\Connect.dll.vir

and this one as well C:\Qoobox\Quarantine\c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk.vir

I would like for you to zip those 2 files into a zip file on your desktop.

You can do this by doing the following.

On a empty space on your desktop right click and choose New Compressed folder.

Name it False Positives.

Then go to the location's given above and right click on those files above and choose Copy.

Then go to the False Posistives zip that you just created and paste those files into the zip.

When they are both in the zip folder Click Here to upload the False Posistive.zip please.

Leave a link to this thead when you upload it.

Let me know when that is done and we will proceed.

[ericneedhelp]

I submitted the zipped folder.

[kahdah]

1. Please open Notepad

• Click Start , then Run
  
• type in notepad in the Run Box then hit ok.
  

2. Now copy/paste the entire content of the codebox below into the Notepad window:

DeQuarantine::
C:\Qoobox\Quarantine\c\windows\system32\Connect.dll.vir
C:\Qoobox\Quarantine\c\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk.vir

Quit::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

• Combofix.txt
  

=============

[ericneedhelp]

C:\Qoobox\Quarantine\c\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk.vir -> c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ( 743 bytes )

C:\Qoobox\Quarantine\c\windows\system32\Connect.dll.vir -> c:\windows\system32\Connect.dll ( 1645568 bytes )

C:\Qoobox\Quarantine\c\windows\system32\Connect.dll.vir -> c:\windows\system32\Connect.dll ( 1645568 bytes )

[kahdah]

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

• Click on the update tab then click on Check for updates.
  
• If an update is found, it will download and install the latest version.
  
• Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
  
• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activex control to install
  
• Click Start
  
• Check next options: Remove found threats and Scan unwanted applications.
  
• Click Scan
  
• Wait for the scan to finish
  
• Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[ericneedhelp]

I can't run it. Before I started this topic, I had uninstalled it since it wasn't picking up the virus. I downloaded the free version again on an uninfected computer and transfered the file via flash drive to my PC with a different name for MBAM Setup. However, I have not been able to install it. It continues to say "The InstallShield Engine (ikernel.exe) could not be installed. The system cannot find the file specified."

I assumed that the virus disabled my ability to use my installation wizard. It still doesn't work. I can download the full version if my computer is now safe enough to use the online payment. What do you suggest?

Thanks

[kahdah]

No the full version will not be any different.

But you can do that when we finish up if you still want to.

No for now let me do some research on that error and I will get back to you on it.

Though remind me before we are done though.

For now just go ahead with the online scanner.

Post the log when that is done.

Or let me know if that will work or not.

[ericneedhelp]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=fc6d779d89732c4c9810e33cdfa1676b

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-03-23 02:49:00

# local_time=2010-03-22 09:49:00 (-0600, Central Daylight Time)

# country="United States"

# lang=9

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 67367531 67367531 0 0

# compatibility_mode=5892 16776573 100 100 0 105914327 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=137043

# found=0

# cleaned=0

# scan_time=5741

[kahdah]

Please try the instructions here:

http://social.answers.microsoft.com/Forums...b8-60c7bd2a9344

and see if you can then launch mbam and install it.

[ericneedhelp]

That Hotfix from microsoft didn't work for me. I unzipped it and when I tried to run it, it told me the update was not appropriate for my machine. I posted my question to the InstallShield forum, so I guess I'll just wait and see if I get a response for now.

[ericneedhelp]

I found a chat where someone suggested the InstallShield error meant the file might be corrupted. I downloaded the program again, and was able to run it. Below is my quick scan log. It came out clean.

Malwarebytes' Anti-Malware 1.44

Database version: 3907

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

3/23/2010 9:41:15 PM

mbam-log-2010-03-23 (21-41-15).txt

Scan type: Quick Scan

Objects scanned: 110416

Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[kahdah]

Great should of thought of that myself

Anyway how are things running now are you still getting alerts from Trend Micro?

• Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
    

[ericneedhelp]

OTL logfile created on: 3/24/2010 6:15:48 PM - Run 2

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\egaylord\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.74 Gb Total Space | 94.94 Gb Free Space | 69.43% Space Free | Partition Type: NTFS

Drive D: | 9.77 Gb Total Space | 5.05 Gb Free Space | 51.75% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MACCHINAMIA-PC

Current User Name: egaylord

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\egaylord\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe (ParetoLogic Inc.)

PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)

PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)

PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)

PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)

PRC - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

PRC - C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe (InstallShield Software Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\egaylord\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ZeppelinService) -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe (ParetoLogic Inc.)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (GoogleDesktopManager-061008-081103) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)

SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)

SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)

SRV - (Tmntsrv) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)

SRV - (PcCtlCom) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)

DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.)

DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.)

DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.)

DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (iaNvStor) Intel® -- C:\Windows\system32\drivers\ianvstor.sys (Intel Corporation)

DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)

DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)

DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)

DRV - (tmcfw) -- C:\Windows\System32\drivers\TM_CFW.sys (Trend Micro Inc.)

DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)

DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)

DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 03:02:02 | 000,000,000 | ---D | M]

[2009/08/25 00:30:37 | 000,000,000 | ---D | M] -- C:\Users\egaylord\AppData\Roaming\Mozilla\Extensions

[2009/08/25 00:30:37 | 000,000,000 | ---D | M] -- C:\Users\egaylord\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)

O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\egaylord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\INetHTTPFilter.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\INetHTTPFilter.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\INetHTTPFilter.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\INetHTTPFilter.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: marquetteassociates.com ([mx] https in Trusted sites)

O15 - HKCU\..Trusted Domains: marquetteassociates.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\egaylord\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\egaylord\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/23 21:29:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/03/23 21:29:27 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/03/23 21:28:06 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\egaylord\Desktop\mbam-setup.exe

[2010/03/23 18:25:07 | 001,286,643 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Users\egaylord\Desktop\317377_intl_i386_zip.exe

[2010/03/22 20:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/03/22 18:18:39 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Connect.dll

[2010/03/22 18:17:22 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010/03/22 18:17:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/03/20 23:49:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2010/03/20 23:49:28 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2010/03/20 23:49:28 | 000,000,000 | ---D | C] -- C:\Users\egaylord\AppData\Local\temp

[2010/03/20 23:34:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/03/20 23:34:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/03/20 23:34:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/03/20 23:33:36 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/03/20 17:26:26 | 000,000,000 | ---D | C] -- C:\Avenger

[2010/03/20 17:20:49 | 000,000,000 | ---D | C] -- C:\Users\egaylord\Desktop\avenger

[2010/03/19 20:54:54 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\egaylord\Desktop\OTL.exe

[2010/03/19 18:11:22 | 000,000,000 | ---D | C] -- C:\Users\egaylord\Desktop\Other

[2010/03/18 21:03:52 | 000,000,000 | ---D | C] -- C:\Users\egaylord\Desktop\RootRepeal

[2010/03/18 19:39:57 | 000,472,064 | ---- | C] ( ) -- C:\Users\egaylord\Desktop\RootRepl.exe

[2010/03/18 17:33:57 | 000,000,000 | ---D | C] -- C:\Users\egaylord\Desktop\the_one

[2010/03/17 22:56:29 | 000,000,000 | ---D | C] -- C:\Users\egaylord\Desktop\tdsskiller

[2010/03/17 02:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic Anti-Virus PLUS

[2010/03/17 02:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic

[2010/03/17 02:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic

[2010/03/17 02:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic

[2010/03/17 02:24:30 | 000,000,000 | ---D | C] -- C:\Users\egaylord\AppData\Local\Downloaded Installations

[2010/03/17 02:09:33 | 050,682,256 | ---- | C] (Microsoft Corporation) -- C:\Users\egaylord\Desktop\mpam-fe.exe

[2010/03/17 02:05:14 | 050,993,552 | ---- | C] (Microsoft Corporation) -- C:\Users\egaylord\Desktop\mpam-fex64.exe

[2010/03/10 04:01:20 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll

[2010/03/10 04:01:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

[2010/03/09 02:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter

[2010/02/23 20:52:04 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2010/02/23 20:51:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/02/23 20:51:27 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2010/02/23 20:51:27 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2010/02/23 20:51:25 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2010/02/23 20:51:25 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2010/02/23 20:51:25 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2010/02/23 20:51:25 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2010/02/23 20:51:25 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2010/02/23 20:51:25 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2010/02/23 20:51:24 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2010/02/23 20:51:21 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2010/02/23 20:51:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010/02/23 20:51:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

========== Files - Modified Within 30 Days ==========

[2010/03/24 18:16:25 | 005,297,184 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat

[2010/03/24 18:15:54 | 002,359,296 | -HS- | M] () -- C:\Users\egaylord\NTUSER.DAT

[2010/03/24 18:09:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/03/23 23:08:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/03/23 23:08:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/03/23 21:29:31 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/23 21:28:14 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\egaylord\Desktop\mbam-setup.exe

[2010/03/23 18:25:22 | 001,286,643 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Users\egaylord\Desktop\317377_intl_i386_zip.exe

[2010/03/22 18:18:39 | 001,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Connect.dll

[2010/03/22 18:18:38 | 000,000,743 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

[2010/03/21 11:16:03 | 001,045,258 | ---- | M] () -- C:\Users\egaylord\Desktop\False Posistive.zip.zip

[2010/03/20 23:46:15 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2010/03/20 23:32:47 | 003,895,855 | R--- | M] () -- C:\Users\egaylord\Desktop\ComboFix.exe

[2010/03/20 22:43:08 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2010/03/20 17:31:53 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/03/20 17:31:53 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/03/20 17:31:53 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/03/20 17:26:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/20 17:26:37 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/20 17:26:09 | 000,066,824 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx

[2010/03/20 17:25:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/03/20 17:24:58 | 000,524,288 | -HS- | M] () -- C:\Users\egaylord\NTUSER.DAT{1101a4f1-6a93-11dd-9308-001e4ce808ae}.TMContainer00000000000000000001.regtrans-ms

[2010/03/20 17:24:58 | 000,065,536 | -HS- | M] () -- C:\Users\egaylord\NTUSER.DAT{1101a4f1-6a93-11dd-9308-001e4ce808ae}.TM.blf

[2010/03/20 17:24:49 | 001,990,859 | -H-- | M] () -- C:\Users\egaylord\AppData\Local\IconCache.db

[2010/03/20 17:20:22 | 000,724,952 | ---- | M] () -- C:\Users\egaylord\Desktop\avenger.zip

[2010/03/19 21:40:25 | 000,293,376 | ---- | M] () -- C:\Users\egaylord\Desktop\cn1t0e9d.exe

[2010/03/19 20:55:09 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\egaylord\Desktop\OTL.exe

[2010/03/19 20:21:41 | 000,227,840 | ---- | M] () -- C:\Users\egaylord\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/19 20:18:32 | 000,001,356 | ---- | M] () -- C:\Users\egaylord\AppData\Local\d3d9caps.dat

[2010/03/18 22:12:10 | 000,000,000 | ---- | M] () -- C:\Users\egaylord\Desktop\settings.dat

[2010/03/18 21:00:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat

[2010/03/18 21:00:21 | 000,464,491 | ---- | M] () -- C:\Users\egaylord\Desktop\RootRepeal.zip

[2010/03/17 23:22:25 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job

[2010/03/17 22:55:49 | 000,155,752 | ---- | M] () -- C:\Users\egaylord\Desktop\tdsskiller.zip

[2010/03/17 21:40:50 | 000,015,069 | ---- | M] () -- C:\Users\egaylord\Desktop\need.docx

[2010/03/17 02:36:22 | 000,000,000 | ---- | M] () -- C:\rollback.ini

[2010/03/17 02:09:36 | 050,682,256 | ---- | M] (Microsoft Corporation) -- C:\Users\egaylord\Desktop\mpam-fe.exe

[2010/03/17 02:05:19 | 050,993,552 | ---- | M] (Microsoft Corporation) -- C:\Users\egaylord\Desktop\mpam-fex64.exe

[2010/03/16 20:21:40 | 000,009,805 | ---- | M] () -- C:\Users\egaylord\Documents\list2.xlsx

[2010/03/15 10:33:04 | 000,146,042 | ---- | M] () -- C:\Users\egaylord\Desktop\St. Louis.jpg

[2010/03/13 17:18:52 | 002,901,504 | ---- | M] () -- C:\Users\egaylord\Desktop\M.Gocheva-CV-EN-2010.doc

[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe

[2010/03/11 22:00:48 | 269,221,086 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/03/08 21:09:23 | 000,002,585 | ---- | M] () -- C:\Users\egaylord\Desktop\Microsoft Office Excel 2007.lnk

[2010/03/04 19:34:29 | 000,000,162 | -H-- | M] () -- C:\Users\egaylord\Desktop\~$itar pedals.docx

[2010/02/25 00:52:50 | 000,074,912 | ---- | M] () -- C:\Users\egaylord\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010/02/24 04:24:25 | 000,313,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/03/23 21:29:31 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/23 18:25:52 | 001,181,109 | ---- | C] () -- C:\Users\egaylord\Desktop\Windows6.0-KB939677-v2-x86.msu

[2010/03/22 18:18:38 | 000,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

[2010/03/21 11:13:03 | 001,045,258 | ---- | C] () -- C:\Users\egaylord\Desktop\False Posistive.zip.zip

[2010/03/20 23:34:24 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe

[2010/03/20 23:34:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/03/20 23:34:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/03/20 23:34:24 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2010/03/20 23:34:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/03/20 23:32:40 | 003,895,855 | R--- | C] () -- C:\Users\egaylord\Desktop\ComboFix.exe

[2010/03/20 17:19:34 | 000,724,952 | ---- | C] () -- C:\Users\egaylord\Desktop\avenger.zip

[2010/03/19 21:38:43 | 000,293,376 | ---- | C] () -- C:\Users\egaylord\Desktop\cn1t0e9d.exe

[2010/03/19 20:29:23 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys

[2010/03/18 22:12:10 | 000,000,000 | ---- | C] () -- C:\Users\egaylord\Desktop\settings.dat

[2010/03/18 21:00:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat

[2010/03/18 21:00:10 | 000,464,491 | ---- | C] () -- C:\Users\egaylord\Desktop\RootRepeal.zip

[2010/03/17 22:55:38 | 000,155,752 | ---- | C] () -- C:\Users\egaylord\Desktop\tdsskiller.zip

[2010/03/17 21:40:49 | 000,015,069 | ---- | C] () -- C:\Users\egaylord\Desktop\need.docx

[2010/03/17 02:40:10 | 000,000,448 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2010/03/17 02:37:46 | 005,295,392 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat

[2010/03/17 02:37:46 | 000,066,824 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx

[2010/03/17 02:36:22 | 000,000,000 | ---- | C] () -- C:\rollback.ini

[2010/03/17 02:29:50 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job

[2010/03/15 10:32:17 | 000,146,042 | ---- | C] () -- C:\Users\egaylord\Desktop\St. Louis.jpg

[2010/03/13 17:18:50 | 002,901,504 | ---- | C] () -- C:\Users\egaylord\Desktop\M.Gocheva-CV-EN-2010.doc

[2010/03/09 02:09:16 | 000,380,928 | ---- | C] () -- C:\Windows\System32\ac3filter.acm

[2010/03/04 19:34:29 | 000,000,162 | -H-- | C] () -- C:\Users\egaylord\Desktop\~$itar pedals.docx

[2010/01/14 11:27:14 | 000,111,960 | ---- | C] () -- C:\Windows\System32\INetHTTPFilter.dll

[2008/11/21 16:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008/11/21 16:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest

[2008/11/21 16:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest

[2008/11/21 16:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2008/07/20 21:39:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2008/03/17 01:09:44 | 000,001,356 | ---- | C] () -- C:\Users\egaylord\AppData\Local\d3d9caps.dat

[2008/01/30 23:28:49 | 000,227,840 | ---- | C] () -- C:\Users\egaylord\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/01/22 19:17:36 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2008/01/22 19:17:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll

[2008/01/22 19:17:35 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2008/01/22 19:17:33 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll

[2008/01/22 19:17:33 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/01/22 19:17:31 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2007/07/25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll

[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Files - Unicode (All) ==========

[2010/03/13 17:16:03 | 000,113,664 | ---- | M] ()(C:\Users\egaylord\Desktop\?.??????-?????????????-2010.doc) -- C:\Users\egaylord\Desktop\М.Гочева-Автобиография-2010.doc

[2010/03/13 15:54:59 | 000,113,664 | ---- | C] ()(C:\Users\egaylord\Desktop\?.??????-?????????????-2010.doc) -- C:\Users\egaylord\Desktop\М.Гочева-Автобиография-2010.doc

[2009/10/13 23:23:28 | 000,000,000 | ---D | M](C:\Users\egaylord\Desktop\CTAPOCE?) -- C:\Users\egaylord\Desktop\CTAPOCEЛ

[2009/10/11 13:40:33 | 000,000,000 | ---D | C](C:\Users\egaylord\Desktop\CTAPOCE?) -- C:\Users\egaylord\Desktop\CTAPOCEЛ

< End of report >

[kahdah]

Great how are things running?

Anymore alerts by Trend Micro?