Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

nvcpl.dll error and others popping up

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

nvcpl.dll error and others popping up

Unread postby matt111 » September 7th, 2011, 12:03 am

Hello.

nvcpl.dll error and C:\Windows\System32\NvCpl.dll Error and one more error, will give to you next thread. Errors only pop up at start up. Computer is running slow and will not communicate with printer.

Here are my two dds logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Matthew at 20:52:58 on 2011-09-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3964.1463 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.veritaspub.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
uRun: [Sidebar] Disable_By_C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [ehTray.exe] Disable_By_C:\Windows\ehome\ehTray.exe
uRun: [RDReminder]
uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [QuickTime Task] Disable_By_"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] Disable_By_"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [NvCplDaemon] C:\Windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
mRun: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7E1E8EFF-3834-48AF-842F-69DA113EE89D} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun-x64: [QuickTime Task] Disable_By_"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] Disable_By_"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [NvCplDaemon] C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
mRun-x64: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
mRun-x64: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\c88rblr4.default\
FF - prefs.js: browser.startup.homepage - www.veritaspub.com
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2008-12-2 102608]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-4-20 197960]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-4-20 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-4-20 158832]
R3 CAXHWBS3;CAXHWBS3;C:\Windows\system32\DRIVERS\CAXHWBS3.sys --> C:\Windows\system32\DRIVERS\CAXHWBS3.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" --> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [?]
S2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe --> C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [?]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-4-20 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-4-20 249936]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-4-20 249936]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-09-06 23:33:17 -------- d-----w- C:\Users\Matthew\AppData\Roaming\Uniblue
2011-09-06 23:33:11 -------- d-----w- C:\Program Files (x86)\Uniblue
2011-09-06 23:33:03 -------- d-----w- C:\Users\Matthew\AppData\Local\PackageAware
2011-09-06 23:21:58 1840 ----a-w- C:\Windows\System32\ASOROSet.bin
2011-09-06 23:17:11 -------- d-----w- C:\Users\Matthew\AppData\Roaming\dll-files.com
2011-09-06 23:16:58 17128 ----a-w- C:\Windows\System32\roboot64.exe
2011-09-06 23:16:57 1404928 ----a-w- C:\Windows\SysWow64\nvcpl.dll
2011-09-06 23:16:55 -------- d-----w- C:\Program Files (x86)\Dll-Files.com Fixer
2011-09-06 22:50:38 -------- d-----w- C:\Windows\pss
2011-09-06 20:15:23 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F9D9D38-1A12-4072-B4CE-6B5FBB92F459}\mpengine.dll
2011-08-29 03:26:09 -------- dc-h--w- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-23 20:41:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-23 20:41:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-20 03:29:23 -------- d-----w- C:\Users\Matthew\AppData\Roaming\IDM
2011-08-20 03:29:23 -------- d-----w- C:\Users\Matthew\AppData\Roaming\DMCache
2011-08-20 03:29:15 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2011-08-10 10:02:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-10 10:02:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-08-10 01:41:38 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-08-10 01:41:38 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-08-10 01:41:27 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-08-10 01:41:24 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-08-10 01:41:22 1427344 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-10 01:41:03 4699536 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-08 17:46:12 145008 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
.
==================== Find3M ====================
.
2011-08-17 03:26:44 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-02 04:03:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 20:53:51.91 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/19/2008 5:20:58 AM
System Uptime: 9/6/2011 5:08:55 PM (3 hours ago)
.
Motherboard: FOXCONN | | Napa
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz | Socket 775 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 323 GiB total, 235.549 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.175 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
RP1311: 8/27/2011 5:12:16 PM - Removed Ask Toolbar.
RP1312: 8/27/2011 5:24:23 PM - Removed Ask Toolbar.
RP1313: 8/28/2011 3:00:26 AM - Windows Update
RP1314: 8/28/2011 3:15:59 PM - Scheduled Checkpoint
RP1315: 8/29/2011 3:00:25 AM - Windows Update
RP1316: 9/1/2011 6:31:30 PM - Windows Update
RP1317: 9/1/2011 6:36:37 PM - Windows Update
RP1318: 9/2/2011 3:17:24 PM - Windows Update
RP1319: 9/2/2011 3:21:10 PM - Windows Update
RP1320: 9/3/2011 1:23:38 PM - Windows Update
RP1321: 9/4/2011 12:18:04 PM - Windows Update
RP1322: 9/6/2011 11:42:59 AM - Windows Update
RP1323: 9/6/2011 1:15:07 PM - Windows Update
RP1324: 9/6/2011 4:20:39 PM - DLL-Files.com Fixer Tue, Sep 06, 11 16:20
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader X (10.1.0)
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Software Update
Astronomer's Control Panel
AVS Update Manager 1.0
AVS Video Editor 4 4.2.1.166
AVS Video Recorder 2.4 (Service Version)
AVS4YOU Software Navigator 1.3
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
ContentManager
CyberLink DVD Suite Deluxe
Dell Toolbar
DIGOpt
Dll-Files.com Fixer
ESET Online Scanner v3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Photosmart Essential 2.5
HP Recovery Manager RSS
HP Update
HPAsset component for HP Active Support Library
HPPhotoSmartPhotobookWebPack1
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 26
LabelPrint
LightScribe System Software
LightScribeTemplateLabeler
McAfee Security Scan Plus
McAfee Total Protection
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Script Host
Microsoft Works
Microsoft WorldWide Telescope
Mozilla Firefox 6.0.2 (x86 en-US)
MSN
muvee autoProducer 6.1
NETGEAR Live Parental Controls Management Utility 2.0b44
PDF Settings
Power2Go
PowerDirector
PSSWCORE
Python 2.5.2
QuickConnect
QuickTime
Realtek High Definition Audio Driver
Secunia CSI (4.1.0.2007)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Uniblue RegistryBooster
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
Visual C++ 8.0 MFC (x86) WinSXS MSM
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
.
==== Event Viewer Messages From Past Week ========
.
9/6/2011 8:53:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Services service to connect.
9/6/2011 8:53:55 PM, Error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/6/2011 8:37:41 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 001FE25546F0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am
Advertisement
Register to Remove

Re: nvcpl.dll error and others popping up

Unread postby MWR 3 day Mod » September 12th, 2011, 3:27 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: nvcpl.dll error and others popping up

Unread postby deltalima » September 16th, 2011, 3:45 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: nvcpl.dll error and others popping up

Unread postby deltalima » September 16th, 2011, 4:01 pm

Hi matt111,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Registry Cleaners

Re. Uniblue RegistryBooster

I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.


This post by Bill Castner is veryinformative: WhatTheTech Forum

Please uninstall Uniblue RegistryBooster

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Right click on CKScanner.exe and select: Run as Administrator then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\Windows\System32\NvCpl.dll

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.


nvcpl.dll error and C:\Windows\System32\NvCpl.dll Error and one more error


Please let me know the exact wording of the error message that you see.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: nvcpl.dll error and others popping up

Unread postby matt111 » September 16th, 2011, 10:37 pm

Thank you for your help!!

Uniblue Registry Booster has been removed.

Here the ckfile:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.WDABDB
----- EOF -----


Here is the Virustotal:

AhnLab-V3 2011.09.16.00 2011.09.16 -
AntiVir 7.11.14.223 2011.09.16 -
Antiy-AVL 2.0.3.7 2011.09.16 -
Avast 4.8.1351.0 2011.09.16 -
Avast5 5.0.677.0 2011.09.16 -
AVG 10.0.0.1190 2011.09.16 -
BitDefender 7.2 2011.09.17 -
ByteHero 1.0.0.1 2011.09.13 -
CAT-QuickHeal 11.00 2011.09.16 -
ClamAV 0.97.0.0 2011.09.17 -
Commtouch 5.3.2.6 2011.09.16 -
Comodo 10141 2011.09.17 -
DrWeb 5.0.2.03300 2011.09.17 -
Emsisoft 5.1.0.11 2011.09.17 -
eSafe 7.0.17.0 2011.09.15 -
eTrust-Vet 36.1.8565 2011.09.16 -
F-Prot 4.6.2.117 2011.09.16 -
F-Secure 9.0.16440.0 2011.09.17 -
Fortinet 4.3.370.0 2011.09.17 -
GData 22 2011.09.17 -
Ikarus T3.1.1.107.0 2011.09.16 -
Jiangmin 13.0.900 2011.09.16 -
K7AntiVirus 9.113.5146 2011.09.16 -
Kaspersky 9.0.0.837 2011.09.17 -
McAfee 5.400.0.1158 2011.09.17 -
McAfee-GW-Edition 2010.1D 2011.09.16 -
Microsoft 1.7604 2011.09.16 -
NOD32 6470 2011.09.17 -
nProtect 2011-09-16.01 2011.09.16 -
Panda 10.0.3.5 2011.09.16 -
PCTools 8.0.0.5 2011.09.17 -
Prevx 3.0 2011.09.17 -
Rising 23.75.04.02 2011.09.16 -
Sophos 4.69.0 2011.09.17 -
SUPERAntiSpyware 4.40.0.1006 2011.09.17 -
Symantec 20111.2.0.82 2011.09.17 -
TheHacker 6.7.0.1.297 2011.09.15 -
TrendMicro 9.500.0.1008 2011.09.16 -
TrendMicro-HouseCall 9.500.0.1008 2011.09.17 -
VBA32 3.12.16.4 2011.09.16 -
VIPRE 10499 2011.09.17 -
ViRobot 2011.9.16.4672 2011.09.16 -
VirusBuster 14.0.217.0 2011.09.16 -
Additional information
MD5 : ae00d1f268bf1756c0d48487ffa98c7a
SHA1 : e8bab8bceaeafc9857ad42dda0d5231e07b4fd7f
SHA256: a994a627dbd88e07164fa3aa288529e8caeb40d36d1b973e1cd2eeaeeb41ce58
ssdeep: 24576:D+ZJV4tGXYMihXJ8r6N/1jM1psR2XTI1P8lzBZ2sdzUpFOoV9ls:mVjYMqTNNQsR2XT5T
Z2sqFOs9W
File size : 1404928 bytes
First seen: 2009-05-03 22:05:44
Last seen : 2011-09-17 02:07:52
TrID:
Windows OCX File (46.2%)
Win64 Executable Generic (32.0%)
Win32 Executable MS Visual C++ (generic) (14.1%)
Win32 Executable Generic (3.1%)
Win32 Dynamic Link Library (generic) (2.8%)
sigcheck:
publisher....: NVIDIA Corporation
copyright....: Copyright (c)1998-2001 NVIDIA Corporation
product......: NVIDIA Compatible Windows 2000 Display driver, Version 15.20
description..: NVIDIA Display Properties Extension
original name: NVCPL.DLL
internal name: NvCpl
file version.: 5.13.01.1520
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: Armadillo v1.xx - v2.xx
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x59535
timedatestamp....: 0x3B8F438A (Fri Aug 31 07:58:02 2001)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x62186, 0x63000, 6.27, 9869a94f6d0ad61733e236db136d4005
.rdata, 0x64000, 0x26A9, 0x3000, 4.94, a71ae663bf014f86df1319baef036525
.data, 0x67000, 0x10A40, 0x7000, 4.05, 3dea1f612d9b5d1b3545e3716fc56eb8
.rsrc, 0x78000, 0xE0B38, 0xE1000, 6.94, 950274040e1d4c947776ddc6d67bea07
.reloc, 0x159000, 0x781A, 0x8000, 6.26, bbf84f246c41018b87db5e7f0e85e3a4

[[ 8 import(s) ]]
KERNEL32.dll: FreeLibrary, GetNumberFormatA, lstrlenA, OutputDebugStringA, PulseEvent, CloseHandle, MulDiv, lstrcpyA, GlobalAlloc, FreeResource, GlobalLock, GlobalUnlock, GlobalFree, LockResource, WideCharToMultiByte, CreateEventA, WaitForSingleObject, OpenEventA, EnterCriticalSection, CreateThread, LeaveCriticalSection, GetWindowsDirectoryA, InitializeCriticalSection, DeleteCriticalSection, SetLastError, GetSystemDirectoryA, LoadResource, GetModuleHandleA, GetUserDefaultLangID, FormatMessageA, FindResourceA, CreateProcessA, CreateMutexA, LocalFree, ReleaseMutex, GetCurrentThread, lstrcatA, GetVersionExA, GetCurrentProcess, LoadLibraryA, GetProcAddress, CompareStringA, GetLastError, GlobalMemoryStatus, GetTickCount, WaitForMultipleObjects, GetLocaleInfoA, GetOEMCP, GetCPInfo, GetStringTypeW, GetStringTypeA, ReadFile, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, CreateFileA, FlushFileBuffers, SetStdHandle, WriteFile, GetACP, GetEnvironmentStringsW, GetEnvironmentStrings, Sleep, FreeEnvironmentStringsW, FreeEnvironmentStringsA, LCMapStringW, LCMapStringA, MultiByteToWideChar, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, SetFilePointer, IsBadWritePtr, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, GetModuleFileNameA, HeapSize, TerminateProcess, ExitProcess, HeapReAlloc, GetVersion, GetCommandLineA, HeapAlloc, HeapFree, RtlUnwind, RaiseException, SetEndOfFile
USER32.dll: ShowWindow, CheckDlgButton, SetWindowPos, DialogBoxIndirectParamA, wsprintfA, GetDlgCtrlID, CopyRect, InflateRect, DestroyIcon, InvalidateRect, EnableWindow, SetDlgItemTextA, GetDlgItem, KillTimer, IsDlgButtonChecked, SetFocus, FillRect, GetClassNameA, GetDC, ReleaseDC, GetNextDlgTabItem, SetTimer, RegisterClassA, SetCapture, SetCursor, GetWindowRect, ClipCursor, ReleaseCapture, DestroyCursor, DefWindowProcA, CreateWindowExA, MessageBeep, GetParent, MessageBoxA, ScreenToClient, PostMessageA, SendDlgItemMessageA, LoadBitmapA, GetClientRect, SendMessageA, GetWindowLongA, GetSysColor, BeginPaint, EndPaint, WinHelpA, SetWindowLongA, SetDlgItemInt, GetDlgItemInt, UpdateWindow, CheckRadioButton, EndDialog, SetWindowTextA, GetSystemMetrics, RedrawWindow, ClientToScreen, DestroyMenu, TrackPopupMenuEx, GetSubMenu, ChildWindowFromPointEx, CharLowerA, GetDesktopWindow, ShowCursor, GetAsyncKeyState, DrawIconEx, InsertMenuItemA, CreatePopupMenu, SetForegroundWindow, DestroyWindow, FindWindowA, LoadMenuA, LoadIconA, LoadImageA, LoadCursorA, GetWindow, GetDCEx, GetCursorPos, DeleteMenu, GetMenuItemCount, SetMenuItemInfoA, EnumWindows, EnumChildWindows, BroadcastSystemMessageA, ExitWindowsEx, SystemParametersInfoA, GetWindowTextA, RegisterClipboardFormatA, UnregisterClassA, RegisterClassExA, PtInRect, LoadStringA
GDI32.dll: CreateCompatibleDC, SetTextColor, DeleteObject, SetBkMode, DeleteDC, GetDeviceCaps, GetObjectA, CreateSolidBrush, StretchBlt, CreateDCA, SelectPalette, CreateDIBitmap, RealizePalette, Polyline, SetROP2, CreatePalette, ExtEscape, UpdateColors, CreatePen, CreateCompatibleBitmap, CreateFontA, Rectangle, ExtTextOutA, GetTextExtentPoint32A, TextOutA, SetDeviceGammaRamp, BitBlt, SetBkColor, GetDeviceGammaRamp, LineTo, MoveToEx, CreateFontIndirectA, SelectObject, GetStockObject
ADVAPI32.dll: RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, RegOpenKeyExA, RegEnumValueA, RegQueryInfoKeyA, AdjustTokenPrivileges, OpenProcessToken, LookupPrivilegeValueA, RegEnumKeyExA, RegDeleteValueA, FreeSid, EqualSid, AllocateAndInitializeSid, GetTokenInformation, OpenThreadToken, RegSetValueExA, RegQueryValueExA
SHELL32.dll: ShellExecuteExA
DDRAW.dll: DirectDrawCreate
COMCTL32.dll: ImageList_ReplaceIcon, PropertySheetA, ImageList_Destroy, ImageList_Create, DestroyPropertySheetPage, CreatePropertySheetPageA, InitCommonControlsEx, -
VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

[[ 12 export(s) ]]
DllCanUnloadNow, DllGetClassObject, ExportNvCplAdapterString, ExportNvWsApps, ExportOEMDefaults, NvCplMonitorDetection, NvQTweak, NvStartup, NvValidateNvidiaCapable, launchtvapplet, setview, updateview
ExifTool:
file metadata
CharacterSet: Windows, Latin2 (Eastern European)
CodeSize: 405504
CompanyName: NVIDIA Corporation
EntryPoint: 0x59535
FileDescription: NVIDIA Display Properties Extension
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 1372 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 5.13.01.1520
FileVersionNumber: 5.13.1.1520
ImageVersion: 0.0
InitializedDataSize: 1036288
InternalName: NvCpl
LanguageCode: English (U.S.)
LegalCopyright: Copyright (c)1998-2001 NVIDIA Corporation
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
OriginalFilename: NVCPL.DLL
PEType: PE32
ProductName: NVIDIA Compatible Windows 2000 Display driver, Version 15.20
ProductVersion: 5.13.01.1520
ProductVersionNumber: 5.13.1.1520
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2001:08:31 09:58:02+02:00
UninitializedDataSize: 0


These errors pop-up when starting up windows and randomly sometimes:

C:\Windows\system32\NvCpl.dll,NvStartup

%ProgramFiles%\Windows Defender\MSASCui.exe –hide

C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe

C:\Windows\system32\NvCpl.dll,NvStartup


This pops up when downloading a file:

IDM CC Extension:

Cannot transfer the download to IDM
Error 0x80040154



Thanks again!!!
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am

Re: nvcpl.dll error and others popping up

Unread postby deltalima » September 17th, 2011, 12:14 pm

Hi matt111,

These errors pop-up when starting up windows and randomly sometimes:

C:\Windows\system32\NvCpl.dll,NvStartup


Is that ALL of the error message? Please post a screen shot if possible.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: nvcpl.dll error and others popping up

Unread postby matt111 » September 18th, 2011, 12:23 am

OTL logfile created on: 9/17/2011 6:55:43 PM - Run 2
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Matthew\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 39.67% Memory free
7.96 Gb Paging File | 5.74 Gb Available in Paging File | 72.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 323.20 Gb Total Space | 239.42 Gb Free Space | 74.08% Space Free | Partition Type: NTFS
Drive D: | 12.15 Gb Total Space | 1.20 Gb Free Space | 9.86% Space Free | Partition Type: NTFS

Computer Name: ALTOCIRRUS-PC | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Matthew\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (dlea_device) -- C:\Windows\SysWow64\dleacoms.exe ( )
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\DRIVERS\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (CAXHWBS3) -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys (Conexant Systems, Inc.)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.veritaspub.com/
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.veritaspub.com
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.veritaspub.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/09/06 15:53:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/06 16:28:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/06 14:10:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Matthew\AppData\Roaming\IDM\idmmzcc5 [2011/08/19 21:00:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Matthew\AppData\Roaming\IDM\idmmzcc5 [2011/08/19 21:00:35 | 000,000,000 | ---D | M]

[2011/08/27 16:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Extensions
[2010/08/09 18:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Extensions\wizard@opendns.com
[2011/08/19 20:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/01 21:05:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/06 15:53:41 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/08/19 21:00:35 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\MATTHEW\APPDATA\ROAMING\IDM\IDMMZCC5
[2009/07/07 12:04:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/03 13:20:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/06/30 13:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\mozilla firefox\components\coFFPlgn.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/07/01 21:03:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 20:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/06/16 17:26:25 | 000,001,949 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110716150816.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [dleamon.exe] File not found
O4:64bit: - HKLM..\Run: [EzPrint] File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found
O4 - HKLM..\Run: [dleamon.exe] File not found
O4 - HKLM..\Run: [EzPrint] File not found
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\SysWow64\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] File not found
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [TkBellExe] File not found
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001..\Run: [ehTray.exe] File not found
O4 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001..\Run: [HPADVISOR] File not found
O4 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001..\Run: [RDReminder] File not found
O4 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001..\Run: [Sidebar] File not found
O4 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001..\Run: [WMPNSCFG] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9b15e8d9-fb97-11dd-a29c-001fe25546f0}\Shell - "" = AutoRun
O33 - MountPoints2\{9b15e8d9-fb97-11dd-a29c-001fe25546f0}\Shell\AutoRun\command - "" = K:\StarterOfficeGuardian.exe
O33 - MountPoints2\{f95bfd5a-9b9e-11dd-b6c7-001fe25546f0}\Shell - "" = AutoRun
O33 - MountPoints2\{f95bfd5a-9b9e-11dd-b6c7-001fe25546f0}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-3389329001-2147706668-1598446199-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/16 13:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/06 16:33:03 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\PackageAware
[2011/09/06 16:17:11 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\dll-files.com
[2011/09/06 16:16:58 | 000,017,128 | ---- | C] (Dll-Files.com) -- C:\Windows\SysNative\roboot64.exe
[2011/09/06 16:16:57 | 001,404,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcpl.dll
[2011/09/06 16:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files.com Fixer
[2011/09/06 16:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dll-Files.com Fixer
[2011/09/06 15:56:58 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Documents\Autoruns
[2011/09/06 15:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/09/06 15:50:38 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/01 19:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/09/01 19:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/08/28 20:26:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2011/08/19 20:29:23 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\IDM
[2011/08/19 20:29:23 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\DMCache
[2011/08/19 20:29:17 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2011/08/19 20:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2011/08/19 20:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2010/12/02 19:38:58 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
[2010/12/02 19:38:58 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
[2010/12/02 19:38:57 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
[2010/12/02 19:38:55 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
[2010/12/02 19:38:55 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
[2010/12/02 19:38:54 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
[2010/12/02 19:38:54 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
[2010/12/02 19:38:53 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
[2010/12/02 19:38:53 | 000,602,792 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
[2010/12/02 19:38:51 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
[2010/12/02 19:38:51 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
[2010/12/02 19:38:50 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/17 18:38:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/17 18:38:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/17 18:37:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/16 15:53:16 | 000,002,579 | ---- | M] () -- C:\Users\Matthew\Desktop\Microsoft Word.lnk
[2011/09/16 14:43:15 | 000,703,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/16 14:43:15 | 000,603,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/16 14:43:15 | 000,105,032 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/16 14:03:23 | 000,000,614 | ---- | M] () -- C:\Users\Matthew\Desktop\CKScanner - Shortcut.lnk
[2011/09/14 21:03:27 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2011/09/08 05:37:51 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job
[2011/09/06 16:27:06 | 000,001,840 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2011/09/06 16:16:58 | 000,001,829 | ---- | M] () -- C:\Users\Matthew\Desktop\Check PC For Errors.lnk
[2011/09/06 16:16:58 | 000,001,813 | ---- | M] () -- C:\Users\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/09/06 15:54:27 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2011/08/29 01:08:28 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2011/08/19 20:25:32 | 000,000,874 | ---- | M] () -- C:\Users\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/19 20:25:32 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/19 19:31:23 | 000,000,126 | ---- | M] () -- C:\Windows\wininit.ini
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/16 14:03:23 | 000,000,614 | ---- | C] () -- C:\Users\Matthew\Desktop\CKScanner - Shortcut.lnk
[2011/09/06 16:21:58 | 000,001,840 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2011/09/06 16:17:15 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2011/09/06 16:17:14 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job
[2011/09/06 16:16:58 | 000,001,829 | ---- | C] () -- C:\Users\Matthew\Desktop\Check PC For Errors.lnk
[2011/09/06 16:16:58 | 000,001,813 | ---- | C] () -- C:\Users\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/09/06 15:51:11 | 000,001,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/09/06 15:51:11 | 000,001,771 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/08/29 01:08:15 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/08/19 20:25:32 | 000,000,874 | ---- | C] () -- C:\Users\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/19 20:25:32 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/19 20:25:31 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/18 17:08:24 | 000,000,126 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/16 17:17:36 | 000,001,460 | ---- | C] () -- C:\Users\Matthew\AppData\Local\d3d9caps64.dat
[2010/12/02 19:38:59 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
[2010/12/02 19:38:59 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
[2010/12/02 19:38:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
[2010/12/02 19:38:58 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
[2010/12/02 19:38:57 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
[2010/12/02 19:38:57 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
[2010/12/02 19:38:56 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
[2010/12/02 19:38:56 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
[2010/12/02 19:38:56 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
[2010/12/02 19:38:49 | 000,086,118 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
[2010/12/02 19:28:34 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLEAsm.dll
[2010/12/02 19:28:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLEAsmr.dll
[2010/02/13 21:55:59 | 000,000,680 | ---- | C] () -- C:\Users\Matthew\AppData\Local\d3d9caps.dat
[2009/10/19 21:12:13 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/23 15:49:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 15:48:49 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/23 15:48:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/23 12:21:27 | 000,009,566 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\wklnhst.dat
[2009/04/18 20:05:22 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\astro32.dll
[2009/02/27 13:37:44 | 000,020,480 | ---- | C] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/04 11:52:00 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/10/04 03:07:14 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/08/25 22:04:16 | 000,107,384 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/25 21:40:48 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/08/25 21:40:48 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >


OTL Extras logfile created on: 9/17/2011 6:55:43 PM - Run 2
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Matthew\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 39.67% Memory free
7.96 Gb Paging File | 5.74 Gb Available in Paging File | 72.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 323.20 Gb Total Space | 239.42 Gb Free Space | 74.08% Space Free | Partition Type: NTFS
Drive D: | 12.15 Gb Total Space | 1.20 Gb Free Space | 9.86% Space Free | Partition Type: NTFS

Computer Name: ALTOCIRRUS-PC | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3389329001-2147706668-1598446199-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3389329001-2147706668-1598446199-1001\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = CB 6E E3 2A D2 3E CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3F1F764F-5EE3-4EA3-B7FB-FEB0D39DB143}" = rport=137 | protocol=17 | dir=out | app=system |
"{544222AA-B274-4354-A769-1C902B187BE5}" = lport=137 | protocol=17 | dir=in | app=system |
"{561E50F2-0B0F-4F0F-8763-48C18BD70F8C}" = lport=139 | protocol=6 | dir=in | app=system |
"{59693706-AA6F-4A3D-9172-EBCF9BB8B7BA}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{A279C6F9-7165-49FB-85F1-AB5CB4859D83}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C72B5647-6D33-494C-BB69-94E2F0CE0417}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CD332AA2-52FC-45DF-A2C9-2F6FD4E22B23}" = lport=445 | protocol=6 | dir=in | app=system |
"{CEA107B3-22E6-4156-90ED-E7B53981EF3C}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF7C110D-943E-45BB-B692-5D0702ED0AA2}" = lport=138 | protocol=17 | dir=in | app=system |
"{EA8DD66F-A446-4E33-A7AC-D8482ACFEE76}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{F7D94CCB-CC5A-4FB2-94E4-463DE7F188BF}" = rport=445 | protocol=6 | dir=out | app=system |
"{F9805DBE-34F2-4D21-A931-0142B35F2CFB}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{069EDF2B-C6F6-422E-B377-018DC6B655D3}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{06E73218-0D39-43E9-AD92-7AE81FA47912}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v310-v510 series\dleafax.exe |
"{10382C5A-677C-44F8-9A8B-6ADDC5194DDE}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{145A67DD-7A11-455C-9C67-A33F0DB465F7}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{1F0546DC-C418-49B9-BE6B-446FD2084F02}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1F0DEF60-93F1-43F4-ADAF-01055767FA23}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v310-v510 series\dleafax.exe |
"{26BD1B88-77FE-4486-855E-8A05E6E68638}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2EBABF1F-EF2B-4BC1-A358-127FF1BCC047}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{328040FD-8E78-40F9-B2F2-C4664D123FC2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{37AD0FCB-1311-40AD-8E33-E5555F06699E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{49AA1C67-41F8-442F-8196-CDF9F1D6E3C2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{510138C9-046D-4DCB-89EF-4F8FE054E525}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{566AD295-2372-4C5B-85C3-B5E316C0633F}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{58A6240D-2399-46F5-81B5-D6903BC2E7C5}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{59F85FDF-4601-4C20-86F2-AD986590A503}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{5CE94466-8403-40FB-A454-B3C3A46A4AD6}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{6800875D-E276-4186-98FE-1D354A478716}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{82D3A30B-2B39-48F2-8D74-55AD3DB034C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A62D1EFA-0986-48E9-ABCE-CB6975291BBB}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{A8C0A048-525A-4197-BF4E-76DE5EDC4575}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{B0F930B8-3913-4FFF-9BF3-DBDFC5AEA5A5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{CB7BA605-B1CB-4242-9E52-B7009D3D505D}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{D4AB2534-B291-4944-90A8-C901D741D61D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DDB3BC03-566E-422A-87EF-D169BA38C66C}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{E6DC782C-EFDD-48C7-82E0-88369872D7CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FEDC803E-82BD-4FCF-96A6-E9E06D108D76}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"TCP Query User{0FB65F5A-4C42-42E1-907B-9CE56D9D82E8}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{3EAB35A6-4372-4120-A4C3-F07D18FC9DF8}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{8F70B02B-B858-4A3D-B750-01ABD6F212F3}C:\users\matthew\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\matthew\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{996F5FF7-60B7-40ED-B0F7-9446A71797D3}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{D08E3BAA-C74B-466B-BFD1-E7398BA860E1}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe |
"UDP Query User{11F3F24A-FB71-4BCE-9509-1E7B0BC854D0}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{35226EB6-18C5-428B-A309-65CF30DAADCE}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe |
"UDP Query User{7D3A85AA-BA9C-4800-874A-FD588F6D9613}C:\users\matthew\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\matthew\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{965E92F7-09A9-4410-ADB9-C36C319A3F4B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"Dell V310-V510 Series" = Dell V310-V510 Series
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1CECBC-670F-4DAA-81D6-944B12450917}" = DIGOpt
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88704942-56A8-4EEC-A121-77687677DEE5}" = Microsoft WorldWide Telescope
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC (x86) WinSXS MSM
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AF5937B6-B68F-4197-8854-5079D5D1CC2B}" = QuickConnect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = ContentManager
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"Astronomer's Control Panel" = Astronomer's Control Panel
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.166
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Internet Download Manager" = Internet Download Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MSC" = McAfee Total Protection
"MSNINST" = MSN
"Netgear Live Parental Controls Management Utility" = NETGEAR Live Parental Controls Management Utility 2.0b44
"Secunia CSI" = Secunia CSI (4.1.0.2007)
"WindowsScriptHost" = Microsoft Windows Script Host

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3389329001-2147706668-1598446199-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/3/2011 6:58:15 PM | Computer Name = altocirrus-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/3/2011 6:58:15 PM | Computer Name = altocirrus-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/4/2011 3:15:41 PM | Computer Name = altocirrus-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/4/2011 3:15:41 PM | Computer Name = altocirrus-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/6/2011 2:41:42 PM | Computer Name = altocirrus-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/6/2011 2:41:42 PM | Computer Name = altocirrus-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/6/2011 6:45:57 PM | Computer Name = altocirrus-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/6/2011 6:55:19 PM | Computer Name = altocirrus-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/6/2011 6:55:19 PM | Computer Name = altocirrus-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/7/2011 11:35:21 PM | Computer Name = altocirrus-PC | Source = EventSystem | ID = 4621
Description =

[ Media Center Events ]
Error - 10/11/2009 11:35:10 PM | Computer Name = altocirrus-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/1/2010 7:56:27 PM | Computer Name = altocirrus-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/17/2011 10:02:50 PM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/17/2011 10:02:50 PM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/17/2011 10:02:51 PM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/17/2011 10:02:51 PM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/17/2011 10:02:51 PM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/17/2011 10:02:51 PM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/17/2011 10:02:52 PM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/17/2011 10:02:52 PM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/17/2011 10:02:52 PM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/17/2011 10:02:52 PM | Computer Name = altocirrus-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


Malwarebytes' Anti-Malware 1.51.2.1300
http://www.malwarebytes.org

Database version: 7737

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/17/2011 7:18:20 PM
mbam-log-2011-09-17 (19-18-20).txt

Scan type: Quick scan
Objects scanned: 204651
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Is that ALL of the error message? Please post a screen shot if possible.


Found three more error messages:

1. Error loading NVCPL.DLL

The specified module could not be found


2. Error loading C:\Windows\system32\NvCpl.dll

The specified module could not be found


3. Error loading C:\Windows\system32\NvMcTray.dll

The specified module could not be found


I do not know how to do a screen shot.

Thank You!!
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am

Re: nvcpl.dll error and others popping up

Unread postby deltalima » September 18th, 2011, 3:15 pm

Hi matt111,

PANDA ONLINE SCAN

Please go Here to run Panda's ActiveScan
  • Once you are on the Panda site, click the Scan your PC button
  • A new window will open...click the Scan Now button
  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: nvcpl.dll error and others popping up

Unread postby matt111 » September 19th, 2011, 12:54 am

deltalima,

I downloaded Panda. Although, it will not let me finish the installation. It says that it is not compatible with Mcafee Antivirus program and that the McAfee software will have to be uninstalled to finish Panda's installation. I thought maybe putting McAfee in disable mode might work. However, I try to run McAfee in administrator mode, regular mode, right click on the toolbar icon, everything and it will not open. I also tried restarting the computer.

I have two more licenses to download Mcafee. So, I tried to uninstall it through the control panel and on an option Panda gave me(to uninstall McAfee) while in the process of following the prompts to install Panda. All that shows up is:

:!: Navigation to the webpage was cancelled

___________________________________

What you can try:

Refresh the webpage.


The question mark is upside down. My internet connection is working fine.

Thanks for everything!!!

matt111
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am

Re: nvcpl.dll error and others popping up

Unread postby deltalima » September 19th, 2011, 9:48 am

Hi matt111,

I have two more licenses to download Mcafee. So, I tried to uninstall it through the control panel


Please do not uninstall Mcafee.

We will try another scan instead of Panda.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: nvcpl.dll error and others popping up

Unread postby matt111 » September 20th, 2011, 2:21 am

deltalima,

I tried putting McAfee in disable mode. However, I tried to run McAfee in administrator mode, regular mode, right click on the toolbar icon, everything and it will not open. I also tried restarting the computer. I tried downloading McAfee again. Nothing will work, I cannot open the McAfee program and so I could not disable it. I ran the eset scan anyway.

C:\Users\altocirrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HUP6T5NP\index-functions[1].js Win32/RegistryBooster application
C:\Users\altocirrus\AppData\Local\Temp\miaDF4C.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe Win32/RegistryBooster application
C:\Users\altocirrus\AppData\Local\Temp\miaDF4C.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe Win32/RegistryBooster application
C:\Users\altocirrus\AppData\Local\Temp\miaDF4C.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe Win32/RegistryBooster application
C:\Users\altocirrus\AppData\Local\Temp\miaDF4C.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe Win32/RegistryBooster application
C:\Users\altocirrus\AppData\Local\Temp\miaDF4C.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_ubm.exe Win32/RegistryBooster application
C:\Users\altocirrus\AppData\Local\Temp\miaDF4C.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe Win32/RegistryBooster application
C:\Users\altocirrus\Downloads\registrybooster.exe Win32/RegistryBooster application
C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALEUY3AM\index-functions[1].js Win32/RegistryBooster application
C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P4TBBC4Y\cnet_Firefox Setup 6_0_exe.exe a variant of Win32/InstallCore.C application
C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D26UUSRF\cnet_Firefox%20Setup%206_0_exe[1].exe a variant of Win32/InstallCore.C application
C:\Users\Matthew\AppData\Local\Temp\ICReinstall\cnet_Firefox Setup 6_0_exe.exe a variant of Win32/InstallCore.C application
C:\Users\Matthew\AppData\Local\Temp\miaEC60.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe Win32/RegistryBooster application
C:\Users\Matthew\AppData\Local\Temp\miaEC60.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe Win32/RegistryBooster application
C:\Users\Matthew\AppData\Local\Temp\miaEC60.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe Win32/RegistryBooster application
C:\Users\Matthew\AppData\Local\Temp\miaEC60.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe Win32/RegistryBooster application
C:\Users\Matthew\AppData\Local\Temp\miaEC60.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_ubm.exe Win32/RegistryBooster application
C:\Users\Matthew\AppData\Local\Temp\miaEC60.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe Win32/RegistryBooster application
C:\Users\Matthew\Downloads\registrybooster.exe Win32/RegistryBooster application

Thank you for all your help!

matt111
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am

Re: nvcpl.dll error and others popping up

Unread postby deltalima » September 20th, 2011, 6:25 am

Hi matt111,

Run OTL Script

  • Right click OTL.exe and select: Run as Administrator.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :files
    C:\Users\altocirrus\Downloads\registrybooster.exe 
    C:\Users\Matthew\Downloads\registrybooster.exe 
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please download aswMBR and save it to your Desktop.

  • Right click aswMBR.exe and select " Run as administrator " to run it.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: nvcpl.dll error and others popping up

Unread postby matt111 » September 21st, 2011, 11:12 pm

deltalima,

I am sorry I did not respond yesterday. My internet connection was not working on my PC, however it was still working on my netbook. So today I changed the ethernet cord running from the modem to the PC. Still no internet connection on the PC. I tried everything that the PC suggested and everything I usually do to make the connection better. NO luck. The only other thing I can think of is that the jack on the modem that I use to connect the PC to the modem is faulty. Because the jack I connect the outside wire to the modem must be working because I get an internet connection on my netbook. I do have a local connection on the PC. I also may have to see if the internet company I have can fix it.

I am in the process of moving, but they cannot come out to switch my connection to the new place until September 29 and I do not know if they will come out right away if I can't fix it.

I might just go buy another modem, but I have to move a lot of stuff in a short amount of time and the nearest store for a modem is 45 minutes one-way.

What a mess!

Will malwareremoval.com let my post stay open until September 30 or would I have to start over? (if I cannot fix the connection and/or get a modem)

Can malware make the Internet connection not work?

Do you have any other ideas on what I should do to make the internet connection work?

Sorry for any inconvenience,

matt111
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am

Re: nvcpl.dll error and others popping up

Unread postby deltalima » September 22nd, 2011, 5:05 am

Hi matt111,

Will malwareremoval.com let my post stay open until September 30 or would I have to start over?


Unfortunatley we cannot keep topics open for more than 3 days without any activity.

Can malware make the Internet connection not work?


It is possible for Malware to prevent the Internet connection from working.

Because the jack I connect the outside wire to the modem must be working because I get an internet connection on my netbook. I do have a local connection on the PC.


It sounds like you have proved that the Internet connection is working with your netbook.

However after a thorough check, there are no remaining signs of active malware on the computer.

The problem may be caused by incompatible dlls or some other issue with Windows.

If you wish to investigate further to make sure there is no malware issue, would it be possible for you to use your netbook to access the Internet, and transfer tools to the problem computer and logs back using a USB memory stick?

If so please run a new scan with DDS and post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: nvcpl.dll error and others popping up

Unread postby matt111 » September 23rd, 2011, 10:53 pm

deltalima,

Thanks for the knowledge.

Here are my new dds logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Matthew at 19:09:19 on 2011-09-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3964.2648 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\msiexec.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.veritaspub.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
uRun: [Sidebar] Disable_By_C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] Disable_By_C:\Windows\ehome\ehTray.exe
uRun: [RDReminder]
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [QuickTime Task] Disable_By_"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] Disable_By_"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [NvCplDaemon] C:\Windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
mRun: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [LanzarP2012tmp] "C:\Users\Matthew\AppData\Local\Temp\P2012tmp\Install.exe" /SETUP:"/l0x0009"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7E1E8EFF-3834-48AF-842F-69DA113EE89D} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun-x64: [QuickTime Task] Disable_By_"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] Disable_By_"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [NvCplDaemon] C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
mRun-x64: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
mRun-x64: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [LanzarP2012tmp] "C:\Users\Matthew\AppData\Local\Temp\P2012tmp\Install.exe" /SETUP:"/l0x0009"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\c88rblr4.default\
FF - prefs.js: browser.startup.homepage - www.veritaspub.com
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2008-12-2 102608]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-4-20 197960]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-4-20 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-4-20 158832]
R3 CAXHWBS3;CAXHWBS3;C:\Windows\system32\DRIVERS\CAXHWBS3.sys --> C:\Windows\system32\DRIVERS\CAXHWBS3.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" --> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [?]
S2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe --> C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [?]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-4-20 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-4-20 249936]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-4-20 249936]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-09-21 03:29:34 -------- d-----w- C:\_OTL
2011-09-16 20:47:50 -------- d-----w- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-09-16 09:13:17 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C05143D5-3C99-43C5-A0BE-CF6DC4084393}\mpengine.dll
2011-09-16 03:17:05 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-09-16 03:17:05 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-09-06 23:33:03 -------- d-----w- C:\Users\Matthew\AppData\Local\PackageAware
2011-09-06 23:21:58 1840 ----a-w- C:\Windows\System32\ASOROSet.bin
2011-09-06 23:17:11 -------- d-----w- C:\Users\Matthew\AppData\Roaming\dll-files.com
2011-09-06 23:16:58 17128 ----a-w- C:\Windows\System32\roboot64.exe
2011-09-06 23:16:57 1404928 ----a-w- C:\Windows\SysWow64\nvcpl.dll
2011-09-06 23:16:55 -------- d-----w- C:\Program Files (x86)\Dll-Files.com Fixer
2011-09-06 22:50:38 -------- d-----w- C:\Windows\pss
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
.
==================== Find3M ====================
.
2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-17 03:26:44 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-11 13:45:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-11 13:25:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-06 15:49:23 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-06 15:14:42 145008 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2011-07-02 04:03:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 19:11:16.57 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/19/2008 5:20:58 AM
System Uptime: 9/23/2011 6:57:04 PM (1 hours ago)
.
Motherboard: FOXCONN | | Napa
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz | Socket 775 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 323 GiB total, 222.48 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.172 GiB free.
E: is CDROM ()
F: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader X (10.1.1)
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Software Update
Astronomer's Control Panel
AVS Update Manager 1.0
AVS Video Editor 4 4.2.1.166
AVS Video Recorder 2.4 (Service Version)
AVS4YOU Software Navigator 1.3
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
ContentManager
CyberLink DVD Suite Deluxe
Dell Toolbar
DIGOpt
Dll-Files.com Fixer
ESET Online Scanner v3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Photosmart Essential 2.5
HP Recovery Manager RSS
HP Update
HPAsset component for HP Active Support Library
HPPhotoSmartPhotobookWebPack1
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 26
LabelPrint
LightScribe System Software
LightScribeTemplateLabeler
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Total Protection
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Script Host
Microsoft Works
Microsoft WorldWide Telescope
Mozilla Firefox 6.0.2 (x86 en-US)
MSN
muvee autoProducer 6.1
NETGEAR Live Parental Controls Management Utility 2.0b44
PDF Settings
Power2Go
PowerDirector
PSSWCORE
Python 2.5.2
QuickConnect
QuickTime
Realtek High Definition Audio Driver
Secunia CSI (4.1.0.2007)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
Visual C++ 8.0 MFC (x86) WinSXS MSM
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
.
==== Event Viewer Messages From Past Week ========
.
9/23/2011 7:12:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Services service to connect.
9/23/2011 7:12:24 PM, Error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/23/2011 7:09:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2533523).
9/23/2011 7:09:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871).
9/23/2011 7:09:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2518870).
9/23/2011 7:09:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2478663).
9/23/2011 7:01:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service mcmscsvc with arguments "" in order to run the server: {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}
9/23/2011 6:59:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee VirusScan Announcer service to connect.
9/23/2011 6:59:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Network Agent service to connect.
9/23/2011 6:59:53 PM, Error: Service Control Manager [7000] - The McAfee VirusScan Announcer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/23/2011 6:59:53 PM, Error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/23/2011 6:59:52 PM, Error: Service Control Manager [7024] - The KtmRm for Distributed Transaction Coordinator service terminated with service-specific error 2147942438 (0x80070026).
9/23/2011 6:59:48 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The system cannot find the file specified.
9/23/2011 6:59:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfewfpk
9/23/2011 6:59:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Proxy Service service to connect.
9/23/2011 6:59:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Personal Firewall Service service to connect.
9/23/2011 6:59:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Anti-Spam Service service to connect.
9/23/2011 6:59:05 PM, Error: Service Control Manager [7000] - The XAudioService service failed to start due to the following error: The system cannot find the file specified.
9/23/2011 6:59:05 PM, Error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/23/2011 6:59:05 PM, Error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/23/2011 6:59:05 PM, Error: Service Control Manager [7000] - The McAfee Anti-Spam Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/23/2011 6:59:05 PM, Error: Service Control Manager [7000] - The dleaCATSCustConnectService service failed to start due to the following error: The system cannot find the file specified.
9/23/2011 6:59:05 PM, Error: Service Control Manager [7000] - The dlea_device service failed to start due to the following error: The system cannot find the file specified.
9/23/2011 6:59:05 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the file specified.
9/23/2011 6:59:05 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the file specified.
9/23/2011 6:58:33 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================


I did finish the OTL project from a couple of posts ago. But, I did not download the aswMBR and finish that project.

Do you want me to download the aswMBR?
If needed could I transfer that with the USB?

Thank you again!!!

matt111
matt111
Regular Member
 
Posts: 24
Joined: June 17th, 2011, 12:08 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 142 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware