Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser times out after 3-5 hours, but ping, nslookup do not - first s

Started by helpingdad , Feb 27 2010 04:59 PM

  • Please log in to reply

#1
helpingdad
Posted 27 February 2010 - 04:59 PM

helpingdad

    New Member

  • Member
  • Pip
  • 2 posts
Hello,

My father is having a recurring issue on his machine and I am working remotely to help resolve the problem. Any assistance to me and to him will be very much appreciated. The issues appear after hours of use. Because I am working remotely, I cannot always determine if/when the issue arises. My response time might be delayed a bit. My father can monitor the discussion.

I searched both the internet and this site to see if any similar problems existed. I tried several of the solutions to no avail. So, I am pretty sure that this has not been posted previously.

I am posting to this forum to ensure that the machine gets a clean bill of health. If this is not the right forum, please feel free to direct me to the correct one.

Thank you for your help!

========================

Machine: Dell Latitude E5500, 3 Gb RAM, 150 Gb hard drive, 120 Gb free
OS: Windows XP SP3
Anti-virus, spam, firewall software: McAfee Total Protection Service 5.0.0 Patch 004; kept current
Browsers: Firefox 3.6 and IE8
Printer: HP Photosmart C7200 Series

========================

The symptoms:
On startup, user can access internet from any browser (Firefox, IE8), automatic updates to anti-virus or MSFT all work fine. I can login remotely with LogMeIn (my only access method).

After ~3-5 hours, user can no longer access the internet through browsers, automatic update software cannot access internet. Of course, LogMeIn is also no longer accessible. User must reboot to regain access to internet. Logoff/logon does not fix the problem. A reboot is required.

Remote VPN access to his place of work has stopped working, despite local IT support reinstalling. Others can access VPN just fine.

Other machines on the network, either wired or wireless, work just fine.

Symptoms began in late November, early December 2009. Dell service has been involved, but to no avail.

On a recent visit (2 weeks ago), I experienced the issue first hand. Browsing was fine until about 3 hours after boot. Then, no page would load. The current page would not reload.

Low-level network services seem to be working fine. I can ping the router, other machines on the network, all of the websites that won't load, nslookup works fine, etc. Perhaps this points to a Winsock issue, perhaps not.

========================

What has been tried:

The first step was to call Dell Service, who performed a number of system tests, reinstalled software, etc. My father spent lots of time (~8 hours, several days) on the phone with remote support (including escalation to more senior support staff). All to no avail. In frustration, they sent a technician out to replace the motherboard and the LAN hardware. Again, to no avail. At least we know it isn't the hardware. They also updated the BIOS. Updated drivers. Several other things I probably don't know about. They inadvertently disabled wireless (I fixed that by installing the right DellControl Point Manager software). Somewhere in all this, the printer interface stopped working properly.

When I had physical access to the machine, I performed some maintenance:
* Uninstalled several pieces of software that were not being used (including HiJackThis)
* Uninstalled AOL
* Ensured Windows Updates correctly configured, installed
* Ensured application updates correctly configured, installed
* Ran virus checker on system
* Checked that firewall was turned on
* Defragmented disk
* Installed correct DellConnection Manager software (which enabled wireless to work again)
* Did a System Restore to a mid-November date (when we know the issue was not present) - No success
* Undid the above system restore
* Read through many, many posts on this site about ping, nslookup working, but not browser
* Tried several suggestions
* Did the ipconfig/release and /renew
* Registered on this site, downloaded the software and ran all the tests. Everything seemed OK.

None of this had any effect on the issue. (Well, hopefully, the last step will ultimately work :-)

An IT expert (15+ yrs experience) suggested that it might be Winsock. So, I downloaded Winsock XP Fix from PCWorld. Followed instructions for backing up Registry, executed the program. No effect.

==========================================================================
Here are the steps I have taken following the directions for a first post:
==========================================================================

TFC v3.1.4.0: executed remotely with father on machine locally to answer all program requests.

ERUNT: Installed and Registry backed up.

MBAM: Database version 3802 (2/27/2010) No issues found. LOG IS PASTED BELOW.

ANTIVIRUS scan: Scanned entire system with McAfee Total Protection with current virus defs. I realize this is not a prefered antivirus, but the subscription service is straightforward for daily use. Only cookies were detected, so did not reboot.
55 tracking cookies identified and deleted. LOG IS PASTED BELOW.

GMER 1.0.15.15281: Rootkit followed the cleaning guide directions precisely. LOG IS PASTED BELOW.

***********************************************************************
******************* Machine BlueScreened while scanning **************
***********************************************************************
Powered machine off, booted up. Reran scan.

It blue screened again.
***********************************************************************
******************* Machine BlueScreened while scanning **************
***********************************************************************

Because it blue screened, I could not get the log.

Powered off, booted up. DID NOT RE-RUN SCAN.



OTL: Ran according to instructions.

=======================
= MBAM LOG =
=======================

Malwarebytes' Anti-Malware 1.44
Database version: 3802
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/27/2010 12:15:39 PM
mbam-log-2010-02-27 (12-15-39).txt

Scan type: Quick Scan
Objects scanned: 137627
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

=======================
= MCAFEE LOG =
=======================

Scan Statistics
Date : Saturday, February 27, 2010
Time started : 12:20:50 PM
Elapsed time : 00:53:17
Scan engine version : 5400.1158
DAT file version : 5905.0000
Last update : Saturday, February 27, 2010
Completion status : Scan completed
Location : C:\
Location : D:\
Location : E:\
Files scanned : 194346
File threats detected : 0
Files cleaned : 0
Files deleted : 0
Registry threats detected : 0
Registry threats cleaned : 0
Cookie threats detected : 55
Cookie threats cleaned : 0

Threats detected
In Type Object Threat Status
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@2o7[2].txt Cookie-2O7 Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][2].txt Cookie-Yieldmanager Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][2].txt Cookie-Yieldmanager Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][3].txt Cookie-Yieldmanager Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][3].txt Cookie-Yieldmanager Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][2].txt Cookie-Pointroll Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][2].txt Cookie-Pointroll Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][2].txt Cookie-Pointroll Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][2].txt Cookie-Pointroll Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][2].txt Cookie-Pointroll Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][2].txt Cookie-Pointroll Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][2].txt Cookie-Pointroll Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@advertising[2].txt Cookie-Advertising Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@advertising[2].txt Cookie-Advertising Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@advertising[2].txt Cookie-Advertising Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@advertising[2].txt Cookie-Advertising Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@advertising[2].txt Cookie-Advertising Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][2].txt Cookie-Atwola Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][2].txt Cookie-Atwola Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@atdmt[1].txt Cookie-Atdmt Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@atdmt[1].txt Cookie-Atdmt Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@atdmt[2].txt Cookie-Atdmt Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@atdmt[2].txt Cookie-Atdmt Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@doubleclick[2].txt Cookie-Doubleclick Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@fastclick[1].txt Cookie-Fastclick Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@fastclick[1].txt Cookie-Fastclick Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@fastclick[1].txt Cookie-Fastclick Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@fastclick[3].txt Cookie-Fastclick Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@fastclick[3].txt Cookie-Fastclick Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@fastclick[3].txt Cookie-Fastclick Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@fastclick[3].txt Cookie-Fastclick Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@imrworldwide[2].txt Cookie-Imrworldwide Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@imrworldwide[2].txt Cookie-Imrworldwide Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@insightexpressai[2].txt Cookie-Insightexpres Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@insightexpressai[2].txt Cookie-Insightexpres Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@insightexpressai[2].txt Cookie-Insightexpres Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@insightexpressai[2].txt Cookie-Insightexpres Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@insightexpressai[2].txt Cookie-Insightexpres Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@mediaplex[2].txt Cookie-Mediaplex Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@mediaplex[2].txt Cookie-Mediaplex Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@mediaplex[2].txt Cookie-Mediaplex Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][1].txt Cookie-2O7 Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][1].txt Cookie-2O7 Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][1].txt Cookie-2O7 Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\[email protected][1].txt Cookie-RealMedia Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@pointroll[1].txt Cookie-Pointroll Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@pointroll[1].txt Cookie-Pointroll Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@realmedia[2].txt Cookie-RealMedia Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@realmedia[2].txt Cookie-RealMedia Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@realmedia[2].txt Cookie-RealMedia Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@realmedia[2].txt Cookie-RealMedia Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@realmedia[2].txt Cookie-RealMedia Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@zedo[2].txt Cookie-Zedo Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@zedo[2].txt Cookie-Zedo Threat detected
Cookie Cookie c:\documents and settings\john spellmeyernnn\cookies\john_spellmeyer@zedo[2].txt Cookie-Zedo Threat detected
=======================
= GMER LOG =
=======================

NO LOG GENERATED - SYSTEM BLUESCREENED TWICE

=======================
= OTL LOG =
= OTL.txt =
=======================


OTL logfile created on: 2/27/2010 4:39:22 PM - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\John SpellmeyernNn\Desktop\Spyware Removal Utilities - DCS
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 116.80 Gb Free Space | 78.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNSPELLMEYER
Current User Name: John Spellmeyer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/14 18:21:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John SpellmeyernNn\Desktop\Spyware Removal Utilities - DCS\OTL.exe
PRC - [2010/02/13 09:42:50 | 002,396,160 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2010/02/13 09:42:50 | 000,025,088 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2010/02/13 09:42:49 | 002,134,016 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2009/12/18 10:03:12 | 000,472,384 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
PRC - [2009/12/18 10:01:08 | 000,282,824 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2009/12/15 14:22:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
PRC - [2009/12/15 14:21:04 | 000,014,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
PRC - [2009/10/01 14:33:21 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/10/01 14:33:08 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/05/08 16:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/08/25 11:04:18 | 000,069,632 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2008/08/25 11:01:26 | 001,486,848 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
PRC - [2008/08/20 19:42:42 | 000,370,872 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/08/18 09:42:30 | 001,205,528 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2008/08/18 09:39:28 | 000,455,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2008/08/15 07:51:34 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/08/15 07:51:34 | 000,342,624 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2008/08/12 18:34:42 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2008/08/12 18:34:32 | 000,141,848 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2008/08/12 18:34:28 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2008/07/24 17:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/07/24 17:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/06/30 15:59:52 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/06/30 15:59:30 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/06/30 15:59:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/06/30 15:59:26 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/06/30 15:18:28 | 000,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/06/30 15:18:24 | 000,221,273 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R190031\stacsv.exe
PRC - [2008/06/30 15:18:22 | 000,466,944 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/06/24 06:16:50 | 000,243,000 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2008/06/15 05:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/15 05:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/06/12 07:59:58 | 000,786,432 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2008/06/11 10:39:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/06/03 14:28:50 | 000,386,328 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2008/05/30 02:29:28 | 000,593,920 | ---- | M] (Dell, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2008/05/14 16:42:16 | 000,105,472 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2008/05/05 15:59:06 | 000,079,168 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005/09/19 02:24:00 | 000,856,064 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/09/19 02:20:58 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe


========== Modules (SafeList) ==========

MOD - [2010/02/14 18:21:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John SpellmeyernNn\Desktop\Spyware Removal Utilities - DCS\OTL.exe
MOD - [2008/08/18 09:43:40 | 000,103,704 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\dadkeyb.dll
MOD - [2008/08/15 07:46:02 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2008/08/15 07:43:46 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008/08/12 18:34:28 | 000,106,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/13 09:42:50 | 000,025,088 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009/12/18 10:01:08 | 000,282,824 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc)
SRV - [2009/12/15 14:22:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)
SRV - [2009/12/15 14:21:04 | 000,014,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)
SRV - [2009/11/24 15:51:15 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/10/01 14:33:21 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/06/01 09:35:41 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/30 12:54:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/05/08 16:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/04/18 14:38:04 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/16 19:12:28 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/25 11:04:18 | 000,069,632 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2008/08/20 19:42:42 | 000,370,872 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/08/18 09:39:28 | 000,455,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2008/08/15 07:51:34 | 000,342,624 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/07/24 17:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/07/18 12:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/06/30 15:18:24 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R190031\stacsv.exe -- (STacSV)
SRV - [2008/06/15 05:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/06/12 07:59:58 | 000,786,432 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2008/06/11 10:39:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/06/03 14:28:50 | 000,386,328 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/05/05 15:59:06 | 000,079,168 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2008/04/25 14:45:40 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/03/25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 20:25:50 | 000,630,784 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/03/10 14:48:48 | 001,249,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/07/11 08:33:28 | 000,069,632 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/09/19 02:25:20 | 000,229,376 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/09/19 02:24:00 | 000,856,064 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/09/19 02:20:58 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/09/19 01:57:14 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005/09/19 01:56:32 | 000,401,408 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/09/16 16:55:36 | 001,388,648 | ---- | M] (America Online, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080922
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...?channel=us-smb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080922

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 9B C4 82 25 B2 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.4.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/11/09 06:59:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/14 18:11:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/14 18:11:00 | 000,000,000 | ---D | M]

[2008/10/13 09:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John SpellmeyernNn\Application Data\Mozilla\Extensions
[2010/02/27 07:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John SpellmeyernNn\Application Data\Mozilla\Firefox\Profiles\2n3wrki2.default\extensions
[2010/02/14 17:58:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\John SpellmeyernNn\Application Data\Mozilla\Firefox\Profiles\2n3wrki2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/14 17:58:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\John SpellmeyernNn\Application Data\Mozilla\Firefox\Profiles\2n3wrki2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/14 17:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John SpellmeyernNn\Application Data\Mozilla\Firefox\Profiles\2n3wrki2.default\extensions\[email protected]
[2010/02/14 17:59:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/21 09:35:25 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [DCPstrApp] C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe (Broadcom Corporation)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell, Inc.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe File not found
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\John Spellmeyer\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 01 00 00 00 [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: pchclinic.com ([vpn] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.pchclini...ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1223930300062 (MUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///D:/CDVIEWER/CdViewer.cab (AMI DicomDir TreeView Control 2.1)
O16 - DPF: MIW Deployment https://10.128.0.32/...s/MIWDeploy.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.705.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{97611366-80e5-11de-ba88-001fe1bedc41}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/04/25 15:28:57 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/21 09:35:43 | 000,000,000 | ---D | C] -- C:\HOLD
[2010/02/14 18:36:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/14 18:36:34 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/14 18:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/14 18:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/14 18:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/14 18:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John SpellmeyernNn\Desktop\Spyware Removal Utilities - DCS
[2010/02/14 18:00:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John SpellmeyernNn\Recent
[2010/02/14 17:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John SpellmeyernNn\Local Settings\Application Data\Deployment
[2010/02/14 17:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DellUCM
[2010/02/14 17:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John SpellmeyernNn\Desktop\Dell drivers
[2010/02/14 17:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/14 17:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/14 17:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/14 17:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John SpellmeyernNn\Application Data\SUPERAntiSpyware.com
[2010/02/14 17:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/14 17:58:02 | 000,000,000 | ---D | C] -- C:\MappedFiles
[2010/02/14 10:33:37 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2009/09/13 08:11:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/09/13 08:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/09 05:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/06/30 04:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/04/18 14:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/09/22 11:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
[2008/04/25 15:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/04/25 15:29:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/02/27 16:11:54 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/27 16:11:54 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/27 16:11:54 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/27 16:08:28 | 000,019,208 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/02/27 16:07:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/27 16:04:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\John SpellmeyernNn\Local Settings\Application Data\WavXMapDrive.bat
[2010/02/27 16:04:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/27 16:04:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/27 16:04:39 | 3711,082,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/27 12:02:04 | 004,669,440 | ---- | M] () -- C:\Documents and Settings\John SpellmeyernNn\ntuser.dat
[2010/02/27 12:01:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\John SpellmeyernNn\ntuser.ini
[2010/02/18 07:02:20 | 000,001,284 | ---- | M] () -- C:\Documents and Settings\John SpellmeyernNn\Desktop\Lotus SmartSuite.lnk
[2010/02/14 18:35:02 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\John Spellmeyer\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/14 18:01:51 | 000,356,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/02/18 07:02:20 | 000,001,284 | ---- | C] () -- C:\Documents and Settings\John SpellmeyernNn\Desktop\Lotus SmartSuite.lnk
[2010/02/14 18:35:02 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\John Spellmeyer\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/13 10:07:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/10/03 06:15:57 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/12 06:02:39 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI
[2009/07/12 06:02:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI
[2009/05/30 13:30:44 | 000,006,287 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/10/13 14:27:37 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\John SpellmeyernNn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/13 14:22:34 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/10/13 14:09:53 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
[2008/10/13 12:15:58 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Approach.ini
[2008/10/13 12:14:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2008/10/13 09:27:32 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\John SpellmeyernNn\Local Settings\Application Data\fusioncache.dat
[2008/09/29 15:30:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John SpellmeyernNn\Local Settings\Application Data\WavXMapDrive.bat
[2008/09/22 14:30:35 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4964.dll
[2008/09/22 14:28:39 | 000,001,156 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/09/22 12:10:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/22 12:07:08 | 000,000,283 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/22 12:06:08 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/09/22 11:53:33 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/08/25 10:59:16 | 000,652,800 | ---- | C] () -- C:\WINDOWS\System32\SMgina.dll
[2008/08/15 07:46:30 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/07/28 17:03:06 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2008/06/13 10:18:56 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2008/06/13 10:18:56 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2008/06/13 10:18:54 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2008/06/13 10:18:54 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2008/06/13 10:18:52 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2008/06/13 10:18:52 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2008/06/13 10:18:52 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2008/06/13 10:18:50 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2008/06/13 10:18:50 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2008/06/13 10:18:48 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2008/06/13 10:18:48 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2008/06/13 10:18:46 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2008/06/13 10:18:44 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2008/06/13 10:18:44 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2008/06/13 10:18:42 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2008/06/13 10:16:16 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2008/05/30 08:38:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2008/05/30 08:38:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2008/05/30 08:37:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2008/05/30 08:37:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2008/05/30 08:37:22 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2008/05/30 08:37:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2008/05/30 08:37:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2008/05/30 08:37:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2008/05/30 08:37:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2008/05/30 08:37:12 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2008/05/30 08:37:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2008/05/30 08:37:10 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2008/05/30 08:37:08 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2008/05/30 08:37:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2008/05/30 08:37:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2008/05/14 16:40:30 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2008/04/25 15:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/03/18 12:02:52 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/02/25 11:04:48 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2007/05/11 15:12:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/08/14 10:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/30 11:58:44 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 11:58:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 07:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2005/09/19 02:15:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/09/14 19:05:36 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/09/14 19:05:36 | 000,831,488 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/09/14 19:05:36 | 000,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/09/14 19:05:36 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2005/08/29 16:29:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/11/30 03:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/09/10 11:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 11:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2003/10/02 00:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 00:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/03/19 16:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/03/10 19:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1998/01/13 19:23:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/14 19:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1994/07/25 19:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 19:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

========== LOP Check ==========

[2008/09/22 12:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/10/14 14:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2010/01/23 15:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/04/18 14:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/04/18 09:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/09/22 11:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2010/02/14 17:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/03 08:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/22 12:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/02/14 18:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/05/30 09:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John SpellmeyernNn\Application Data\BACS.exe
[2009/11/01 07:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John SpellmeyernNn\Application Data\Cisco
[2010/02/18 06:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John SpellmeyernNn\Application Data\MSNStockQuote
[2008/09/22 12:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John SpellmeyernNn\Application Data\Wave Systems Corp

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 06:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 06:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 06:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/14 06:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 06:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 06:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 06:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/06/15 05:12:08 | 000,395,800 | ---- | M] (Intel Corporation) MD5=0B6C9C8F2E00E8B61C8379E62A9F921B -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/07/02 15:54:04 | 000,318,488 | ---- | M] (Intel Corporation) MD5=692830B048AACD7E0D6EDEDF098ACC01 -- C:\drivers\storage\R190228\IaStor.sys
[2008/06/15 05:11:58 | 000,318,488 | ---- | M] (Intel Corporation) MD5=692830B048AACD7E0D6EDEDF098ACC01 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/07/02 15:54:04 | 000,318,488 | ---- | M] (Intel Corporation) MD5=692830B048AACD7E0D6EDEDF098ACC01 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 06:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 06:00:00 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/25 03:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/25 03:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/25 03:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John SpellmeyernNn\My Documents\why.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John SpellmeyernNn\My Documents\uss_montana.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John SpellmeyernNn\My Documents\Unzipped:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John SpellmeyernNn\My Documents\Tornado.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John SpellmeyernNn\My Documents\Simply Super Software:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John SpellmeyernNn\My Documents\Openingabaggage.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John SpellmeyernNn\My Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John SpellmeyernNn\My Documents\DSCN3544:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John SpellmeyernNn\My Documents\AOL Saved PFC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John SpellmeyernNn\My Documents\AKitchenOilFire.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John SpellmeyernNn\Desktop\trial12-20-09.wav:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John SpellmeyernNn\Desktop\Spyware Removal Utilities - DCS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John SpellmeyernNn\Desktop\Dell drivers:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John SpellmeyernNn\Desktop\6-28-09 sermon.wav:Roxio EMC Stream
< End of report >
  • 0

Advertisements

#2
helpingdad
Posted 01 March 2010 - 08:14 AM

helpingdad

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Unfortunately, Dell is now recommending a complete OS reinstall. :) Would you kindly close/delete this post? I thank all of you who viewed the issue and worked to resolve it.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP