Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Repair and Hard disk failure warnings?


  • This topic is locked This topic is locked

#1
PaulG!

PaulG!

    Member

  • Member
  • PipPip
  • 80 posts
Upon startup, all my desktop icons are gone, only 3 remain and Windows Repair window opens, won't close. Hard disk warnings start to appear then Delayed Write warnings? Another set of windows pos up something about dll ... attrib.exe Can't open? Sorry for my lack of knowledge about this stuff. I will be traveling tomorrow,sunday but will keep an eye on this page.
Thank you so much for your time!

***********************************OTL LOG:*****************************************

OTL logfile created on: 4/2/2011 1:55:08 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Paul G!\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 153.00 Mb Available Physical Memory | 30.00% Memory free
864.00 Mb Paging File | 539.00 Mb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.65 Gb Free Space | 63.48% Space Free | Partition Type: NTFS

Computer Name: THEPOWER | User Name: Paul G! | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/01 20:48:03 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
PRC - [2011/04/01 19:20:22 | 000,459,776 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\24764212.exe
PRC - [2011/04/01 19:10:54 | 000,533,504 | -H-- | M] (GPA) -- C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:12 | 000,012,288 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\attrib.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/07/16 12:30:45 | 000,094,208 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\MSN\MSNCoreFiles\msn6.exe
PRC - [2002/09/10 22:26:26 | 000,368,706 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (SafeList) ==========

MOD - [2011/04/01 20:48:03 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:12:01 | 000,121,344 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvfw32.dll
MOD - [2008/04/13 20:12:00 | 001,384,479 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll
MOD - [2008/04/13 20:11:52 | 000,367,616 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - [2007/08/09 03:27:52 | 000,073,728 | -H-- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/11/14 19:13:42 | 000,074,688 | -H-- | M] (AVG) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\qtsmon.sys -- (qtsmon)
DRV - [2010/02/11 08:02:15 | 000,226,880 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/06/11 19:34:34 | 000,049,904 | RH-- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 14:56:06 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:41:01 | 000,052,352 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2007/02/08 15:51:16 | 002,209,408 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/11/02 14:24:34 | 000,424,320 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/15 16:37:52 | 000,264,440 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/09/26 10:41:10 | 000,044,032 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/07/16 12:34:04 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/07/16 12:34:04 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:11:30 | 000,096,640 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 12:11:30 | 000,026,568 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCM4E5.SYS -- (BCM44X2)
DRV - [2001/08/17 12:11:26 | 000,054,271 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX) Broadcom iLine10™


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 08:00:47 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 09:36:09 | 000,000,000 | -H-D | M]

[2009/04/21 21:40:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Extensions
[2011/03/30 23:02:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions
[2010/08/13 14:04:13 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/10 19:39:16 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/03 17:36:09 | 000,000,000 | -H-D | M] ("StumbleUpon") -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/04/30 21:58:28 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2011/03/30 23:02:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/16 18:35:45 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/16 18:35:22 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/16 18:35:22 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2003/07/16 12:23:48 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [VOSwDthSgMPbD] C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe (GPA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231962780789 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul G!\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul G!\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/13 17:20:01 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup\sbcdsl.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/02 13:56:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Paul G!\Recent
[2011/04/01 20:48:31 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
[2011/04/01 19:21:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Paul G!\Start Menu\Programs\Windows Repair
[2011/04/01 19:11:09 | 000,533,504 | -H-- | C] (GPA) -- C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe
[2011/03/29 22:23:20 | 000,000,000 | -H-D | C] -- C:\spoolerlogs

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 000,416,454 | -H-- | M] () -- C:\Documents and Settings\Paul G!\My Documents\Viers
[2011/04/02 13:53:08 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FAD007F6-DED4-468A-96A0-73C433BCB61F}.job
[2011/04/02 13:52:08 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/02 13:51:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/01 20:48:03 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
[2011/04/01 19:21:42 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~24764212
[2011/04/01 19:21:41 | 000,000,120 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~24764212r
[2011/04/01 19:21:16 | 000,000,809 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\Windows Repair.lnk
[2011/04/01 19:20:35 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\24764212
[2011/04/01 19:20:22 | 000,459,776 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\24764212.exe
[2011/04/01 19:10:54 | 000,533,504 | -H-- | M] (GPA) -- C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe
[2011/04/01 18:37:24 | 000,069,987 | -H-- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/04/01 18:33:51 | 000,030,098 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/01 03:25:27 | 000,005,820 | -H-- | M] () -- C:\WINDOWS\Jelly.ini
[2011/03/29 22:29:27 | 000,432,924 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/29 22:29:27 | 000,067,714 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/26 13:16:33 | 000,002,495 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\Microsoft Office Excel 2003.lnk
[2011/03/26 13:16:26 | 000,002,497 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\Microsoft Office Word 2003.lnk
[2011/03/16 21:05:12 | 000,013,824 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/11 20:14:02 | 000,043,361 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\TICHY Hopper decal sheet.jpg
[2011/03/09 22:04:12 | 000,001,355 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/07 02:09:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\DriverCure.job

========== Files Created - No Company Name ==========

[2049/12/31 16:00:00 | 000,416,454 | -H-- | C] () -- C:\Documents and Settings\Paul G!\My Documents\Viers
[2011/04/01 19:21:41 | 000,000,120 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~24764212r
[2011/04/01 19:21:41 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~24764212
[2011/04/01 19:21:16 | 000,000,809 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Desktop\Windows Repair.lnk
[2011/04/01 19:20:35 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\24764212
[2011/04/01 19:20:22 | 000,459,776 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\24764212.exe
[2011/03/11 20:13:59 | 000,043,361 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Desktop\TICHY Hopper decal sheet.jpg
[2010/11/14 01:00:37 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/10/09 02:31:07 | 000,000,051 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/16 21:14:44 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/06/16 21:11:33 | 000,110,056 | -H-- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/06/16 21:11:32 | 000,007,577 | -H-- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/02/10 18:58:35 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/17 00:21:06 | 000,013,824 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/29 18:13:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\iplayer.INI
[2009/04/27 21:37:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/04/21 21:40:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/16 20:07:58 | 000,168,448 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/16 20:07:54 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/16 20:07:54 | 000,795,648 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/16 20:07:54 | 000,130,048 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/16 20:07:52 | 000,067,584 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/09 21:39:45 | 000,005,820 | -H-- | C] () -- C:\WINDOWS\Jelly.ini
[2009/04/08 17:03:39 | 000,000,709 | -H-- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini
[2009/04/08 15:54:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\mtstack.INI
[2009/04/08 15:50:00 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2009/04/08 15:33:31 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/14 16:33:46 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/14 15:22:06 | 000,069,987 | -H-- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/01/14 14:48:57 | 000,757,760 | -H-- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/14 14:48:57 | 000,018,944 | -H-- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/01/14 14:48:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/01/13 17:27:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/13 17:16:37 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/13 12:07:32 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/13 12:06:26 | 000,199,344 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 12:48:28 | 000,004,594 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:48:27 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:43:57 | 000,052,352 | -H-- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2003/07/16 12:35:07 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:35:06 | 000,432,924 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:35:05 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:35:03 | 000,067,714 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:33:18 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:28:25 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:28:14 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:21:49 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:20:48 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/11/14 19:13:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVGQTS
[2010/04/13 19:09:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/10/08 18:38:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/04/13 18:58:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/04/30 21:58:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/13 18:58:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\DriverCure
[2010/11/17 22:26:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\MP3Rocket
[2011/03/07 02:09:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2011/04/02 13:53:08 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FAD007F6-DED4-468A-96A0-73C433BCB61F}.job

========== Purity Check ==========



< End of report >


****************************************EXTRAS LOG:*******************************************



OTL Extras logfile created on: 4/2/2011 1:55:08 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Paul G!\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 153.00 Mb Available Physical Memory | 30.00% Memory free
864.00 Mb Paging File | 539.00 Mb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.65 Gb Free Space | 63.48% Space Free | Partition Type: NTFS

Computer Name: THEPOWER | User Name: Paul G! | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{61B1A9C8-B2AD-4F54-B916-388FFD07BDE7}" = 4300
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A744C7C3-76F5-42F5-9E15-497A3DFBC709}" = 4300Trb
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E769999E-D0D9-4D51-AEFE-1BD44289E550}" = 4300_Help
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"2B77EDB2643AA62CA7DD23F4E52CA138F61AF7B8" = Windows Driver Package - Intel net (02/25/2007 11.1.0.86)
"A5F682C869AF68EB8EDD49BDADFC08B7DF1C11C3" = Windows Driver Package - Intel (NETw4x32) net (02/25/2007 11.1.0.86)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AMA" = AutoCAD 2000 Migration Assistance
"AT&&T Yahoo! Messenger" = AT&T Yahoo! Messenger
"AutoCAD 2000 Uninstall" = AutoCAD 2000
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"BroadJump Client Foundation" = BroadJump Client Foundation
"D1E8C9A9258DD7BF813A3525430A4EB3576736EA" = Windows Driver Package - Intel net (02/25/2007 11.1.0.86)
"FC9E80E6E67400E836A009325C6E1CF5D77EFB1D" = Windows Driver Package - Intel (w29n51) net (02/08/2007 9.0.4.33)
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities" = HP Extended Capabilities 6.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InterActual Player" = InterActual Player
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Train Simulator 1.0" = Microsoft Train Simulator
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2010 9:42:57 PM | Computer Name = THEPOWER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 11/5/2010 5:05:31 PM | Computer Name = THEPOWER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/5/2010 5:05:32 PM | Computer Name = THEPOWER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 11/5/2010 5:30:20 PM | Computer Name = THEPOWER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 11/5/2010 7:51:13 PM | Computer Name = THEPOWER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/5/2010 7:51:14 PM | Computer Name = THEPOWER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 11/5/2010 8:26:25 PM | Computer Name = THEPOWER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 11/7/2010 12:02:13 PM | Computer Name = THEPOWER | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Word.

Error - 11/7/2010 12:02:57 PM | Computer Name = THEPOWER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/7/2010 12:02:58 PM | Computer Name = THEPOWER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 4/1/2011 8:12:11 PM | Computer Name = THEPOWER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 4/1/2011 8:35:02 PM | Computer Name = THEPOWER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 4/1/2011 8:35:02 PM | Computer Name = THEPOWER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 4/1/2011 8:36:00 PM | Computer Name = THEPOWER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 4/1/2011 8:57:23 PM | Computer Name = THEPOWER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 4/1/2011 8:57:23 PM | Computer Name = THEPOWER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 4/1/2011 9:43:41 PM | Computer Name = THEPOWER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 4/1/2011 9:43:41 PM | Computer Name = THEPOWER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 4/2/2011 1:51:41 PM | Computer Name = THEPOWER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 4/2/2011 1:51:41 PM | Computer Name = THEPOWER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay - I will try a quick and dirty fix then we will look for the rest

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [VOSwDthSgMPbD] C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe (GPA)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    [2011/04/01 19:21:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Paul G!\Start Menu\Programs\Windows Repair
    [2011/04/01 19:11:09 | 000,533,504 | -H-- | C] (GPA) -- C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe
    [2011/04/01 19:21:42 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~24764212
    [2011/04/01 19:21:41 | 000,000,120 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~24764212r
    [2011/04/01 19:21:16 | 000,000,809 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\Windows Repair.lnk
    [2011/04/01 19:20:35 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\24764212
    [2011/04/01 19:20:22 | 000,459,776 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\24764212.exe
    [2011/04/01 19:10:54 | 000,533,504 | -H-- | M] (GPA) -- C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

I will add the fix as a text file if you need to transfer by USB [attachment=49095:fix.txt]

FINALLY

Re-run OTL and include the following


[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT


[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • 0

#3
PaulG!

PaulG!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
Hello, thanks for getting back to me so quickly, I really appreciate it!


****************************************************
**************Here is the RogueKiller report:
****************************************************


RogueKiller V4.3.8 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Paul G! [Admin rights]
Mode: Scan -- Date : 04/12/2011 17:10:22

Bad processes: 2
[APPDT/TMP/DESKTOP] VOSwDthSgMPbD.exe -- c:\documents and settings\all users\application data\voswdthsgmpbd.exe -> KILLED
[ROGUE ST] 24764212.exe -- c:\documents and settings\all users\application data\24764212.exe -> KILLED

Registry Entries: 6
[APPDT/TMP/DESKTOP] HKCU\[...]\Run : VOSwDthSgMPbD (C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe) -> FOUND
[APPDT/TMP/DESKTOP] HKUS\S-1-5-21-1454471165-1343024091-704901811-1004[...]\Run : VOSwDthSgMPbD (C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> FOUND
[HJ] HKCU\[...]\ActiveDesktop : NoChangingWallPaper (1) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt



****************************************************
********************Here is the first OTL log:
****************************************************


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\VOSwDthSgMPbD deleted successfully.
C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
C:\Documents and Settings\Paul G!\Start Menu\Programs\Windows Repair folder moved successfully.
File C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe not found.
C:\Documents and Settings\All Users\Application Data\~24764212 moved successfully.
C:\Documents and Settings\All Users\Application Data\~24764212r moved successfully.
C:\Documents and Settings\Paul G!\Desktop\Windows Repair.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\24764212 moved successfully.
C:\Documents and Settings\All Users\Application Data\24764212.exe moved successfully.
File C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Paul G!\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Paul G!\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 239881 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 272032340 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 14451 bytes

User: Paul G!
->Temp folder emptied: 146305244 bytes
->Temporary Internet Files folder emptied: 81963688 bytes
->Java cache emptied: 1904682 bytes
->FireFox cache emptied: 102476613 bytes
->Flash cache emptied: 132544 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 526329 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 118967038 bytes

Total Files Cleaned = 691.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Paul G!
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 04122011_172333

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


********************************************************************************
***************and finally, the file created after running OTL with your extras:
********************************************************************************

OTL logfile created on: 4/2/2011 1:55:08 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Paul G!\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 153.00 Mb Available Physical Memory | 30.00% Memory free
864.00 Mb Paging File | 539.00 Mb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.65 Gb Free Space | 63.48% Space Free | Partition Type: NTFS

Computer Name: THEPOWER | User Name: Paul G! | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/01 20:48:03 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
PRC - [2011/04/01 19:20:22 | 000,459,776 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\24764212.exe
PRC - [2011/04/01 19:10:54 | 000,533,504 | -H-- | M] (GPA) -- C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:12 | 000,012,288 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\attrib.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/07/16 12:30:45 | 000,094,208 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\MSN\MSNCoreFiles\msn6.exe
PRC - [2002/09/10 22:26:26 | 000,368,706 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (SafeList) ==========

MOD - [2011/04/01 20:48:03 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:12:01 | 000,121,344 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvfw32.dll
MOD - [2008/04/13 20:12:00 | 001,384,479 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll
MOD - [2008/04/13 20:11:52 | 000,367,616 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - [2007/08/09 03:27:52 | 000,073,728 | -H-- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/11/14 19:13:42 | 000,074,688 | -H-- | M] (AVG) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\qtsmon.sys -- (qtsmon)
DRV - [2010/02/11 08:02:15 | 000,226,880 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/06/11 19:34:34 | 000,049,904 | RH-- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 14:56:06 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:41:01 | 000,052,352 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2007/02/08 15:51:16 | 002,209,408 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/11/02 14:24:34 | 000,424,320 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/15 16:37:52 | 000,264,440 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/09/26 10:41:10 | 000,044,032 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/07/16 12:34:04 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/07/16 12:34:04 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:11:30 | 000,096,640 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 12:11:30 | 000,026,568 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCM4E5.SYS -- (BCM44X2)
DRV - [2001/08/17 12:11:26 | 000,054,271 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX) Broadcom iLine10™


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 08:00:47 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 09:36:09 | 000,000,000 | -H-D | M]

[2009/04/21 21:40:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Extensions
[2011/03/30 23:02:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions
[2010/08/13 14:04:13 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/10 19:39:16 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/03 17:36:09 | 000,000,000 | -H-D | M] ("StumbleUpon") -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/04/30 21:58:28 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2011/03/30 23:02:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/16 18:35:45 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/16 18:35:22 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/16 18:35:22 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2003/07/16 12:23:48 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [VOSwDthSgMPbD] C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe (GPA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231962780789 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul G!\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul G!\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/13 17:20:01 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup\sbcdsl.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/02 13:56:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Paul G!\Recent
[2011/04/01 20:48:31 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
[2011/04/01 19:21:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Paul G!\Start Menu\Programs\Windows Repair
[2011/04/01 19:11:09 | 000,533,504 | -H-- | C] (GPA) -- C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe
[2011/03/29 22:23:20 | 000,000,000 | -H-D | C] -- C:\spoolerlogs

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 000,416,454 | -H-- | M] () -- C:\Documents and Settings\Paul G!\My Documents\Viers
[2011/04/02 13:53:08 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FAD007F6-DED4-468A-96A0-73C433BCB61F}.job
[2011/04/02 13:52:08 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/02 13:51:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/01 20:48:03 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
[2011/04/01 19:21:42 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~24764212
[2011/04/01 19:21:41 | 000,000,120 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~24764212r
[2011/04/01 19:21:16 | 000,000,809 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\Windows Repair.lnk
[2011/04/01 19:20:35 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\24764212
[2011/04/01 19:20:22 | 000,459,776 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\24764212.exe
[2011/04/01 19:10:54 | 000,533,504 | -H-- | M] (GPA) -- C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe
[2011/04/01 18:37:24 | 000,069,987 | -H-- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/04/01 18:33:51 | 000,030,098 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/01 03:25:27 | 000,005,820 | -H-- | M] () -- C:\WINDOWS\Jelly.ini
[2011/03/29 22:29:27 | 000,432,924 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/29 22:29:27 | 000,067,714 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/26 13:16:33 | 000,002,495 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\Microsoft Office Excel 2003.lnk
[2011/03/26 13:16:26 | 000,002,497 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\Microsoft Office Word 2003.lnk
[2011/03/16 21:05:12 | 000,013,824 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/11 20:14:02 | 000,043,361 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\TICHY Hopper decal sheet.jpg
[2011/03/09 22:04:12 | 000,001,355 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/07 02:09:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\DriverCure.job

========== Files Created - No Company Name ==========

[2049/12/31 16:00:00 | 000,416,454 | -H-- | C] () -- C:\Documents and Settings\Paul G!\My Documents\Viers
[2011/04/01 19:21:41 | 000,000,120 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~24764212r
[2011/04/01 19:21:41 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~24764212
[2011/04/01 19:21:16 | 000,000,809 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Desktop\Windows Repair.lnk
[2011/04/01 19:20:35 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\24764212
[2011/04/01 19:20:22 | 000,459,776 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\24764212.exe
[2011/03/11 20:13:59 | 000,043,361 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Desktop\TICHY Hopper decal sheet.jpg
[2010/11/14 01:00:37 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/10/09 02:31:07 | 000,000,051 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/16 21:14:44 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/06/16 21:11:33 | 000,110,056 | -H-- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/06/16 21:11:32 | 000,007,577 | -H-- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/02/10 18:58:35 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/17 00:21:06 | 000,013,824 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/29 18:13:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\iplayer.INI
[2009/04/27 21:37:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/04/21 21:40:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/16 20:07:58 | 000,168,448 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/16 20:07:54 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/16 20:07:54 | 000,795,648 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/16 20:07:54 | 000,130,048 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/16 20:07:52 | 000,067,584 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/09 21:39:45 | 000,005,820 | -H-- | C] () -- C:\WINDOWS\Jelly.ini
[2009/04/08 17:03:39 | 000,000,709 | -H-- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini
[2009/04/08 15:54:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\mtstack.INI
[2009/04/08 15:50:00 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2009/04/08 15:33:31 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/14 16:33:46 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/14 15:22:06 | 000,069,987 | -H-- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/01/14 14:48:57 | 000,757,760 | -H-- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/14 14:48:57 | 000,018,944 | -H-- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/01/14 14:48:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/01/13 17:27:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/13 17:16:37 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/13 12:07:32 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/13 12:06:26 | 000,199,344 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 12:48:28 | 000,004,594 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:48:27 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:43:57 | 000,052,352 | -H-- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2003/07/16 12:35:07 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:35:06 | 000,432,924 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:35:05 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:35:03 | 000,067,714 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:33:18 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:28:25 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:28:14 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:21:49 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:20:48 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/11/14 19:13:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVGQTS
[2010/04/13 19:09:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/10/08 18:38:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/04/13 18:58:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/04/30 21:58:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/13 18:58:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\DriverCure
[2010/11/17 22:26:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\MP3Rocket
[2011/03/07 02:09:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2011/04/02 13:53:08 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FAD007F6-DED4-468A-96A0-73C433BCB61F}.job

========== Purity Check ==========



< End of report >



That sure looks like a lot of stuff to sift through! Thank you so much for your time!
After running the RogueKiller, I can see all of my desktop icons again, but most of them are kind of 'tinted' blue, as if they have been selected. I double clicked on one of the and it seems to open fine, but thought you should know about these details; I'm not sure if they are relevant. (of 35 icons, all except RecycleBin, MyDocuments, MyComputer, OTL and 2 OTL .txt icons appear as slightly darker)
Thank you again for your time and brain power Essexboy!
PaulG
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK to continue to beat this miscreant up

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2011/04/01 19:20:22 | 000,459,776 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\24764212.exe
    PRC - [2011/04/01 19:10:54 | 000,533,504 | -H-- | M] (GPA) -- C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe
    O4 - HKCU..\Run: [VOSwDthSgMPbD] C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe (GPA)
    [2011/04/01 19:11:09 | 000,533,504 | -H-- | C] (GPA) -- C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe
    [2011/04/01 19:21:42 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~24764212
    [2011/04/01 19:21:41 | 000,000,120 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~24764212r
    [2011/04/01 19:21:16 | 000,000,809 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\Windows Repair.lnk
    [2011/04/01 19:20:35 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\24764212
    [2011/04/01 19:20:22 | 000,459,776 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\24764212.exe
    [2011/04/01 19:10:54 | 000,533,504 | -H-- | M] (GPA) -- C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe
    [2049/12/31 16:00:00 | 000,416,454 | -H-- | C] () -- C:\Documents and Settings\Paul G!\My Documents\Viers
    [2011/04/01 19:21:41 | 000,000,120 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~24764212r
    [2011/04/01 19:21:41 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~24764212
    [2011/04/01 19:21:16 | 000,000,809 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Desktop\Windows Repair.lnk
    [2011/04/01 19:20:35 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\24764212
    [2011/04/01 19:20:22 | 000,459,776 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\24764212.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

AND FINALLY

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you recall what file MBAM deleted ?

Please print these instruction out so that you know what you are doing

Latest version: v3.1.46.0

OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB

  • Download scan.txt to a USB drive [attachment=49303:scan.txt]
  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :D

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Double click the Custom scans and fixes box
  • In the dialogue locate the scan.txt you have on the USB
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#7
PaulG!

PaulG!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
OK, it took a little bit of bribing my IT guy, but I got the disk burned, and the scan ran. Here is the log it produced:

OTL logfile created on: 4/20/2011 6:52:24 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 319.00 Mb Available Physical Memory | 62.00% Memory free
459.00 Mb Paging File | 338.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.76 Gb Free Space | 63.76% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (getPlus® Helper) getPlus®
SRV - [2007/08/09 03:27:52 | 000,073,728 | -H-- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/04/15 18:56:06 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tsk17.tmp -- (Ftdisk)
DRV - [2011/04/15 18:56:06 | 000,077,912 | ---- | M] (Kaspersky Lab, SLA) [File_System | Boot] -- C:\WINDOWS\system32\drivers\klmdb.sys -- (klmdb)
DRV - [2010/11/14 19:13:42 | 000,074,688 | -H-- | M] (AVG) [File_System | System] -- C:\WINDOWS\system32\drivers\qtsmon.sys -- (qtsmon)
DRV - [2010/02/11 08:02:15 | 000,226,880 | -H-- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/06/11 19:34:34 | 000,049,904 | RH-- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 14:56:06 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/02/08 15:51:16 | 002,209,408 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/11/02 14:24:34 | 000,424,320 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/15 16:37:52 | 000,264,440 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/09/26 10:41:10 | 000,044,032 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/07/16 12:34:04 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/07/16 12:34:04 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:11:30 | 000,096,640 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 12:11:30 | 000,026,568 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCM4E5.SYS -- (BCM44X2)
DRV - [2001/08/17 12:11:26 | 000,054,271 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX) Broadcom iLine10™


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Paul_G!_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
IE - HKU\Paul_G!_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Paul_G!_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKU\Paul_G!_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 08:00:47 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 09:36:09 | 000,000,000 | -H-D | M]

[2011/04/14 18:08:00 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/16 18:35:45 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/16 18:35:22 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/14 17:53:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\Administrator_ON_C..\Run: [i8kfangui] File not found
O4 - HKU\Paul_G!_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Paul_G!_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Paul_G!_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231962780789 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1 4.2.2.2 4.2.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/13 17:20:01 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/15 18:56:06 | 000,077,912 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2011/04/14 18:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware_4_14_2011
[2011/04/14 18:21:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/12 17:23:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/12 17:10:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Paul G!\Desktop\RK_Quarantine
[2011/04/12 17:07:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Paul G!\Recent
[2011/04/01 20:48:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
[2011/03/29 22:23:20 | 000,000,000 | -H-D | C] -- C:\spoolerlogs
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/15 18:56:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/15 18:56:06 | 000,077,912 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2011/04/15 18:54:01 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Paul G!\Desktop\tdsskiller.zip
[2011/04/15 15:11:47 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FAD007F6-DED4-468A-96A0-73C433BCB61F}.job
[2011/04/15 08:59:24 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/15 01:09:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2011/04/14 18:40:10 | 000,005,805 | -H-- | M] () -- C:\WINDOWS\Jelly.ini
[2011/04/14 18:24:12 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/14 18:24:12 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/04/14 17:53:51 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/12 17:15:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
[2011/04/12 17:05:16 | 001,103,872 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\RogueKiller.exe
[2011/04/01 18:37:24 | 000,069,987 | -H-- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/04/01 18:33:51 | 000,030,098 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/29 22:29:27 | 000,432,924 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/29 22:29:27 | 000,067,714 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/26 23:24:19 | 000,002,315 | -H-- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/26 13:16:33 | 000,002,495 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\Microsoft Office Excel 2003.lnk
[2011/03/26 13:16:26 | 000,002,497 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\Microsoft Office Word 2003.lnk
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/15 18:54:01 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Paul G!\Desktop\tdsskiller.zip
[2011/04/14 18:24:12 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/12 17:09:52 | 001,103,872 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Desktop\RogueKiller.exe
[2010/11/14 01:00:37 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/10/09 02:31:07 | 000,000,051 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/16 21:14:44 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/06/16 21:11:33 | 000,110,056 | -H-- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/06/16 21:11:32 | 000,007,577 | -H-- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/02/10 18:58:35 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/17 00:21:06 | 000,013,824 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/29 18:13:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\iplayer.INI
[2009/04/27 21:37:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/04/21 21:40:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/16 20:07:58 | 000,168,448 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/16 20:07:54 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/16 20:07:54 | 000,795,648 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/16 20:07:54 | 000,130,048 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/16 20:07:52 | 000,067,584 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/09 21:39:45 | 000,005,805 | -H-- | C] () -- C:\WINDOWS\Jelly.ini
[2009/04/08 17:03:39 | 000,000,709 | -H-- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini
[2009/04/08 15:54:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\mtstack.INI
[2009/04/08 15:50:00 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2009/04/08 15:33:31 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/14 16:33:46 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/14 15:22:06 | 000,069,987 | -H-- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/01/14 14:48:57 | 000,757,760 | -H-- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/14 14:48:57 | 000,018,944 | -H-- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/01/14 14:48:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/01/13 17:27:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/13 17:16:37 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/13 12:07:32 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/13 12:06:26 | 000,199,344 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 12:48:28 | 000,004,594 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:48:27 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:35:07 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:35:06 | 000,432,924 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:35:05 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:35:03 | 000,067,714 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:33:18 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:28:25 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:28:14 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:22:45 | 000,125,056 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ftdisk.sys
[2003/07/16 12:21:49 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:20:48 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/04/30 21:58:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/13 18:58:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\DriverCure
[2010/11/17 22:26:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\MP3Rocket
[2010/11/14 19:13:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVGQTS
[2010/04/13 19:09:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/10/08 18:38:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/04/13 18:58:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/04/15 01:09:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2011/04/15 15:11:47 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FAD007F6-DED4-468A-96A0-73C433BCB61F}.job

========== Purity Check ==========


< End of report >


I hope my 'blue screen of death' isn't permanent...I'm sure a professional like you can get to the bottom of this!lol Thanks for helping me and being patient with me! I'm heading home for a 4 day weekend, going to bring my laptop and should have internet access thru my desktop but I think it was acting up last time I was home (about a month and a half ago). I'll check this thread as soon as I get home.
Thank you so much for helping me, I hope you have a good weekend!
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm I feel you did not run the full scan - as I needed to look at several system files for their location and legitimacy

Could you run OTLPE again please and use this scan.txt

Copy this scan.txt to a USB drive [attachment=49402:scan.txt]

Open OTLPE
Double click in the custom scans box
With the dialogue locate the scan.txt you copied to a USB
Then press run scan
Post the log on completion
  • 0

#9
PaulG!

PaulG!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
OK, I went home on my afternoon break (there are benefits to living across the street from work!) and after pasting the txt file and running the scan, here is the log:

OTL logfile created on: 4/21/2011 5:57:11 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 314.00 Mb Available Physical Memory | 61.00% Memory free
459.00 Mb Paging File | 336.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.76 Gb Free Space | 63.76% Space Free | Partition Type: NTFS
Drive D: | 3.77 Gb Total Space | 3.76 Gb Free Space | 99.96% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (getPlus® Helper) getPlus®
SRV - [2007/08/09 03:27:52 | 000,073,728 | -H-- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/04/15 18:56:06 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tsk17.tmp -- (Ftdisk)
DRV - [2011/04/15 18:56:06 | 000,077,912 | ---- | M] (Kaspersky Lab, SLA) [File_System | Boot] -- C:\WINDOWS\system32\drivers\klmdb.sys -- (klmdb)
DRV - [2010/11/14 19:13:42 | 000,074,688 | -H-- | M] (AVG) [File_System | System] -- C:\WINDOWS\system32\drivers\qtsmon.sys -- (qtsmon)
DRV - [2010/02/11 08:02:15 | 000,226,880 | -H-- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/06/11 19:34:34 | 000,049,904 | RH-- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 14:56:06 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/02/08 15:51:16 | 002,209,408 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/11/02 14:24:34 | 000,424,320 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/15 16:37:52 | 000,264,440 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/09/26 10:41:10 | 000,044,032 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/07/16 12:34:04 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/07/16 12:34:04 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:11:30 | 000,096,640 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 12:11:30 | 000,026,568 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCM4E5.SYS -- (BCM44X2)
DRV - [2001/08/17 12:11:26 | 000,054,271 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX) Broadcom iLine10™


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Paul_G!_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
IE - HKU\Paul_G!_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Paul_G!_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKU\Paul_G!_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 08:00:47 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 09:36:09 | 000,000,000 | -H-D | M]

[2011/04/14 18:08:00 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/16 18:35:45 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/16 18:35:22 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/14 17:53:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\Administrator_ON_C..\Run: [i8kfangui] File not found
O4 - HKU\Paul_G!_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Paul_G!_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Paul_G!_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231962780789 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1 4.2.2.2 4.2.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/13 17:20:01 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.444p - C:\Program Files\AVI compressor\0.958\686\tabdec.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mpng - C:\Program Files\AVI compressor\0.958\686\tabdec.dll File not found
Drivers32: vidc.mvjp - C:\Program Files\AVI compressor\0.958\686\tabdec.dll File not found
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: klmdb.sys - C:\WINDOWS\system32\drivers\klmdb.sys (Kaspersky Lab, SLA)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: klmdb.sys - C:\WINDOWS\system32\drivers\klmdb.sys (Kaspersky Lab, SLA)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E74478E4-6D75-4B05-8D11-5E61F74A5CE1} - NoIE8Tour
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{7DD169D2-DA73-484D-AF90-EBC90AA15A56} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/15 18:56:06 | 000,077,912 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2011/04/14 18:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware_4_14_2011
[2011/04/14 18:21:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/12 17:23:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/12 17:10:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Paul G!\Desktop\RK_Quarantine
[2011/04/12 17:07:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Paul G!\Recent
[2011/04/01 20:48:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
[2011/03/29 22:23:20 | 000,000,000 | -H-D | C] -- C:\spoolerlogs
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/15 18:56:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/15 18:56:06 | 000,077,912 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2011/04/15 18:54:01 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Paul G!\Desktop\tdsskiller.zip
[2011/04/15 15:11:47 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FAD007F6-DED4-468A-96A0-73C433BCB61F}.job
[2011/04/15 08:59:24 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/15 01:09:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2011/04/14 18:40:10 | 000,005,805 | -H-- | M] () -- C:\WINDOWS\Jelly.ini
[2011/04/14 18:24:12 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/14 18:24:12 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/04/14 17:53:51 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/12 17:15:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
[2011/04/12 17:05:16 | 001,103,872 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\RogueKiller.exe
[2011/04/01 18:37:24 | 000,069,987 | -H-- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/04/01 18:33:51 | 000,030,098 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/29 22:29:27 | 000,432,924 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/29 22:29:27 | 000,067,714 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/26 23:24:19 | 000,002,315 | -H-- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/26 13:16:33 | 000,002,495 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\Microsoft Office Excel 2003.lnk
[2011/03/26 13:16:26 | 000,002,497 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\Microsoft Office Word 2003.lnk
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/15 18:54:01 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Paul G!\Desktop\tdsskiller.zip
[2011/04/14 18:24:12 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/12 17:09:52 | 001,103,872 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Desktop\RogueKiller.exe
[2010/11/14 01:00:37 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/10/09 02:31:07 | 000,000,051 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/16 21:14:44 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/06/16 21:11:33 | 000,110,056 | -H-- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/06/16 21:11:32 | 000,007,577 | -H-- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/02/10 18:58:35 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/17 00:21:06 | 000,013,824 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/29 18:13:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\iplayer.INI
[2009/04/27 21:37:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/04/21 21:40:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/16 20:07:58 | 000,168,448 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/16 20:07:54 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/16 20:07:54 | 000,795,648 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/16 20:07:54 | 000,130,048 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/16 20:07:52 | 000,067,584 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/09 21:39:45 | 000,005,805 | -H-- | C] () -- C:\WINDOWS\Jelly.ini
[2009/04/08 17:03:39 | 000,000,709 | -H-- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini
[2009/04/08 15:54:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\mtstack.INI
[2009/04/08 15:50:00 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2009/04/08 15:33:31 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/14 16:33:46 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/14 15:22:06 | 000,069,987 | -H-- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/01/14 14:48:57 | 000,757,760 | -H-- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/14 14:48:57 | 000,018,944 | -H-- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/01/14 14:48:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/01/13 17:27:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/13 17:16:37 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/13 12:07:32 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/13 12:06:26 | 000,199,344 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 12:48:28 | 000,004,594 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:48:27 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:35:07 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:35:06 | 000,432,924 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:35:05 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:35:03 | 000,067,714 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:33:18 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:28:25 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:28:14 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:22:45 | 000,125,056 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ftdisk.sys
[2003/07/16 12:21:49 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:20:48 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/04/30 21:58:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/13 18:58:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\DriverCure
[2010/11/17 22:26:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\MP3Rocket
[2010/11/14 19:13:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVGQTS
[2010/04/13 19:09:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/10/08 18:38:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/04/13 18:58:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/04/15 01:09:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2011/04/15 15:11:47 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FAD007F6-DED4-468A-96A0-73C433BCB61F}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/11/21 18:02:08 | 000,296,448 | -H-- | M] () -- C:\ocsro9ri.exe
[2010/11/18 19:04:35 | 000,296,448 | -H-- | M] () -- C:\rqqxf76n.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:57 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:57 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/26 09:36:00 | 000,552,376 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/26 09:36:00 | 000,552,376 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/26 09:36:00 | 000,552,376 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/26 09:35:55 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/26 09:35:55 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/26 09:35:55 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 08:55:27 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 08:55:27 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 08:55:27 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/07/16 12:30:45 | 000,094,208 | -H-- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/26 09:36:00 | 000,552,376 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/26 09:36:00 | 000,552,376 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/26 09:36:00 | 000,552,376 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/26 09:35:55 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/26 09:35:55 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/26 09:35:55 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 08:55:27 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 08:55:27 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 08:55:27 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/07/16 12:30:45 | 000,094,208 | -H-- | M] (Microsoft Corporation)

< CREATERESTOREPOINT >


< End of report >


At first I ran the fix, and it produced a txt file really quick. At that point, I figured I did it wrong and ran the scan the correct way. I doubt this will show you something you didn't expect, but here is that short txt file:

Error: Unable to interpret <drivers32 > in the current context!
Error: Unable to interpret <msconfig> in the current context!
Error: Unable to interpret <safebootminimal> in the current context!
Error: Unable to interpret <safebootnetwork> in the current context!
Error: Unable to interpret <activex > in the current context!
Error: Unable to interpret <netsvcs> in the current context!
Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
Error: Unable to interpret <winlogon.exe> in the current context!
Error: Unable to interpret <Userinit.exe> in the current context!
Error: Unable to interpret <svchost.exe> in the current context!
Error: Unable to interpret </md5stop> in the current context!
Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context!
Error: Unable to interpret <hklm\software\clients\startmenuinternet|command /rs> in the current context!
Error: Unable to interpret <hklm\software\clients\startmenuinternet|command /64 /rs> in the current context!
Error: Unable to interpret <CREATERESTOREPOINT> in the current context!

OTLPE by OldTimer - Version 3.1.46.0 log created on 04212011_175607


Thanks for the help!
PaulG!
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If it fails to start normally after this then I would like you to search for one more file on your system . For this I will let you paste it in rather than running a scan.txt

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB
[attachment=49410:fix.txt]
  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

If it fails

Reboot to reatogo desktop
Start OTLPE
Type the following into the custom scans box and press run scan

/md5start
VolSnap.*
/md5stop

  • 0

Advertisements


#11
PaulG!

PaulG!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
Hi Essexboy, I tried your instructions but it didn't work. :D
The fix ran ok, (it moved a couple of files?) but the laptop still won't boot without the CD. I tried it a couple of times but it still didn't work. I typed in your fix and that didn't work either; I might have done that wrong. Thinking about it, I may have pressed run fix, instead of run scan... I'll try it again today but I wanted to post the log and keep you informed. I'm on my home computer now, but after not being home for a month and a half, I've got more housework to do than I hoped. I will keep an eye out for any posts from you; in the meantime, I will try and re-run your fix (and be sure to press 'run scan' this time!).
Here is the txt file the last scan produced:

========== OTL ==========
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\i8kfangui deleted successfully.
C:\ocsro9ri.exe moved successfully.
C:\rqqxf76n.exe moved successfully.

OTLPE by OldTimer - Version 3.1.46.0 log created on 04212011_204651


the second time I ran that same fix, the result was similar to the above, but instead of 'deleted/moved successfully' it now reads 'not found' so I guess they really were moved and deleted (like you didn't already know that). lol
Thanks for sticking with me on this one...I hope you like the challenge of this one...it seems a lot more tricky than the usual infections! While it's a bummer that this thing isn't going away, I feel every step we take is in the right direction and beating this thing will be that much sweeter! (I wish we could scan the whole internet and get rid of all these buggers once and for all!)
I'm so very grateful for people like you who fight these things!
Thanks again for your time and patience.
PaulG
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem - lets see if the volsnap file can fix it - when we find the spare copy

Reboot to reatogo desktop
Start OTLPE
Type the following into the custom scans box and press run scan

/md5start
VolSnap.*
/md5stop


  • 0

#13
PaulG!

PaulG!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
I'm still getting 'the blue screen of death'. I ran your VolSnap thing and this is what it produced:


OTL logfile created on: 4/26/2011 10:43:13 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 312.00 Mb Available Physical Memory | 61.00% Memory free
459.00 Mb Paging File | 333.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.76 Gb Free Space | 63.76% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (getPlus® Helper) getPlus®
SRV - [2007/08/09 03:27:52 | 000,073,728 | -H-- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/04/15 18:56:06 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tsk17.tmp -- (Ftdisk)
DRV - [2011/04/15 18:56:06 | 000,077,912 | ---- | M] (Kaspersky Lab, SLA) [File_System | Boot] -- C:\WINDOWS\system32\drivers\klmdb.sys -- (klmdb)
DRV - [2010/11/14 19:13:42 | 000,074,688 | -H-- | M] (AVG) [File_System | System] -- C:\WINDOWS\system32\drivers\qtsmon.sys -- (qtsmon)
DRV - [2010/02/11 08:02:15 | 000,226,880 | -H-- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/06/11 19:34:34 | 000,049,904 | RH-- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 14:56:06 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/02/08 15:51:16 | 002,209,408 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/11/02 14:24:34 | 000,424,320 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/15 16:37:52 | 000,264,440 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/09/26 10:41:10 | 000,044,032 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/07/16 12:34:04 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/07/16 12:34:04 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:11:30 | 000,096,640 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 12:11:30 | 000,026,568 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCM4E5.SYS -- (BCM44X2)
DRV - [2001/08/17 12:11:26 | 000,054,271 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX) Broadcom iLine10™


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Paul_G!_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
IE - HKU\Paul_G!_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Paul_G!_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKU\Paul_G!_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 08:00:47 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 09:36:09 | 000,000,000 | -H-D | M]

[2011/04/14 18:08:00 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/16 18:35:45 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/16 18:35:22 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/14 17:53:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\Paul_G!_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Paul_G!_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Paul_G!_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231962780789 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1 4.2.2.2 4.2.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/13 17:20:01 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/15 18:56:06 | 000,077,912 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2011/04/14 18:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware_4_14_2011
[2011/04/14 18:21:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/12 17:23:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/12 17:10:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Paul G!\Desktop\RK_Quarantine
[2011/04/12 17:07:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Paul G!\Recent
[2011/04/01 20:48:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
[2011/03/29 22:23:20 | 000,000,000 | -H-D | C] -- C:\spoolerlogs
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/15 18:56:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/15 18:56:06 | 000,077,912 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2011/04/15 18:54:01 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Paul G!\Desktop\tdsskiller.zip
[2011/04/15 15:11:47 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FAD007F6-DED4-468A-96A0-73C433BCB61F}.job
[2011/04/15 08:59:24 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/15 01:09:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2011/04/14 18:40:10 | 000,005,805 | -H-- | M] () -- C:\WINDOWS\Jelly.ini
[2011/04/14 18:24:12 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/14 18:24:12 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/04/14 17:53:51 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/12 17:15:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
[2011/04/12 17:05:16 | 001,103,872 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\RogueKiller.exe
[2011/04/01 18:37:24 | 000,069,987 | -H-- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/04/01 18:33:51 | 000,030,098 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/29 22:29:27 | 000,432,924 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/29 22:29:27 | 000,067,714 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/15 18:54:01 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Paul G!\Desktop\tdsskiller.zip
[2011/04/14 18:24:12 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/12 17:09:52 | 001,103,872 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Desktop\RogueKiller.exe
[2010/11/14 01:00:37 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/10/09 02:31:07 | 000,000,051 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/16 21:14:44 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/06/16 21:11:33 | 000,110,056 | -H-- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/06/16 21:11:32 | 000,007,577 | -H-- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/02/10 18:58:35 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/17 00:21:06 | 000,013,824 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/29 18:13:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\iplayer.INI
[2009/04/27 21:37:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/04/21 21:40:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/16 20:07:58 | 000,168,448 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/16 20:07:54 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/16 20:07:54 | 000,795,648 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/16 20:07:54 | 000,130,048 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/16 20:07:52 | 000,067,584 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/09 21:39:45 | 000,005,805 | -H-- | C] () -- C:\WINDOWS\Jelly.ini
[2009/04/08 17:03:39 | 000,000,709 | -H-- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini
[2009/04/08 15:54:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\mtstack.INI
[2009/04/08 15:50:00 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2009/04/08 15:33:31 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/14 16:33:46 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/14 15:22:06 | 000,069,987 | -H-- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/01/14 14:48:57 | 000,757,760 | -H-- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/14 14:48:57 | 000,018,944 | -H-- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/01/14 14:48:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/01/13 17:27:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/13 17:16:37 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/13 12:07:32 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/13 12:06:26 | 000,199,344 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 12:48:28 | 000,004,594 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:48:27 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:35:07 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:35:06 | 000,432,924 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:35:05 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:35:03 | 000,067,714 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:33:18 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:28:25 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:28:14 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:22:45 | 000,125,056 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ftdisk.sys
[2003/07/16 12:21:49 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:20:48 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========



< MD5 for: VOLSNAP.INF >
[2003/07/16 12:43:56 | 000,001,095 | -H-- | M] () MD5=1C43F4D998567C9D2463E18669F33A3C -- C:\WINDOWS\inf\volsnap.inf

< MD5 for: VOLSNAP.PNF >
[2010/04/12 20:10:31 | 000,004,964 | -H-- | M] () MD5=AFD596CED7E01F73495C72AFBBF433C1 -- C:\WINDOWS\inf\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2008/04/13 14:41:01 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2004/08/04 02:00:16 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys
< End of report >


I hope I haven't exhausted your 'bag of tricks'. If this can be fixed by you, looks like it's going to take a while. Forget the cup of tea...we're going to need a whole pot!
Thanks for helping!
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep that file is missing

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB
[attachment=49546:fix.txt]
  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

#15
PaulG!

PaulG!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
Essexboy, you're a genius! I'm back up and running on my laptop! WooHoo! I think we still have a long road ahead of us...my desktop is missing most of my icons and while trying to connect, my geekstogo search was redirected. I noticed a 'hello bar'? on the geekstogo home page I've never seen before; is this evidence of something sinister lurking?
Thanks again for helping, you are awesome!
Here is the scan result after booting normally:

OTL logfile created on: 4/2/2011 1:55:08 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Paul G!\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 153.00 Mb Available Physical Memory | 30.00% Memory free
864.00 Mb Paging File | 539.00 Mb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.65 Gb Free Space | 63.48% Space Free | Partition Type: NTFS

Computer Name: THEPOWER | User Name: Paul G! | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/01 20:48:03 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
PRC - [2011/04/01 19:20:22 | 000,459,776 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\24764212.exe
PRC - [2011/04/01 19:10:54 | 000,533,504 | -H-- | M] (GPA) -- C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:12 | 000,012,288 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\attrib.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/07/16 12:30:45 | 000,094,208 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\MSN\MSNCoreFiles\msn6.exe
PRC - [2002/09/10 22:26:26 | 000,368,706 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (SafeList) ==========

MOD - [2011/04/01 20:48:03 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:12:01 | 000,121,344 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvfw32.dll
MOD - [2008/04/13 20:12:00 | 001,384,479 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll
MOD - [2008/04/13 20:11:52 | 000,367,616 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - [2007/08/09 03:27:52 | 000,073,728 | -H-- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/11/14 19:13:42 | 000,074,688 | -H-- | M] (AVG) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\qtsmon.sys -- (qtsmon)
DRV - [2010/02/11 08:02:15 | 000,226,880 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/06/11 19:34:34 | 000,049,904 | RH-- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 14:56:06 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:41:01 | 000,052,352 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2007/02/08 15:51:16 | 002,209,408 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/11/02 14:24:34 | 000,424,320 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/15 16:37:52 | 000,264,440 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/09/26 10:41:10 | 000,044,032 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/07/16 12:34:04 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/07/16 12:34:04 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:11:30 | 000,096,640 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 12:11:30 | 000,026,568 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCM4E5.SYS -- (BCM44X2)
DRV - [2001/08/17 12:11:26 | 000,054,271 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX) Broadcom iLine10™


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 08:00:47 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 09:36:09 | 000,000,000 | -H-D | M]

[2009/04/21 21:40:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Extensions
[2011/03/30 23:02:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions
[2010/08/13 14:04:13 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/10 19:39:16 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/03 17:36:09 | 000,000,000 | -H-D | M] ("StumbleUpon") -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/04/30 21:58:28 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Paul G!\Application Data\Mozilla\Firefox\Profiles\2wc5tstv.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2011/03/30 23:02:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/16 18:35:45 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/16 18:35:22 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/16 18:35:22 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2003/07/16 12:23:48 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [VOSwDthSgMPbD] C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe (GPA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231962780789 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul G!\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul G!\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/13 17:20:01 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup\sbcdsl.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/02 13:56:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Paul G!\Recent
[2011/04/01 20:48:31 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
[2011/04/01 19:21:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Paul G!\Start Menu\Programs\Windows Repair
[2011/04/01 19:11:09 | 000,533,504 | -H-- | C] (GPA) -- C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe
[2011/03/29 22:23:20 | 000,000,000 | -H-D | C] -- C:\spoolerlogs

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 000,416,454 | -H-- | M] () -- C:\Documents and Settings\Paul G!\My Documents\Viers
[2011/04/02 13:53:08 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FAD007F6-DED4-468A-96A0-73C433BCB61F}.job
[2011/04/02 13:52:08 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/02 13:51:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/01 20:48:03 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul G!\Desktop\OTL.exe
[2011/04/01 19:21:42 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~24764212
[2011/04/01 19:21:41 | 000,000,120 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~24764212r
[2011/04/01 19:21:16 | 000,000,809 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\Windows Repair.lnk
[2011/04/01 19:20:35 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\24764212
[2011/04/01 19:20:22 | 000,459,776 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\24764212.exe
[2011/04/01 19:10:54 | 000,533,504 | -H-- | M] (GPA) -- C:\Documents and Settings\All Users\Application Data\VOSwDthSgMPbD.exe
[2011/04/01 18:37:24 | 000,069,987 | -H-- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/04/01 18:33:51 | 000,030,098 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/01 03:25:27 | 000,005,820 | -H-- | M] () -- C:\WINDOWS\Jelly.ini
[2011/03/29 22:29:27 | 000,432,924 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/29 22:29:27 | 000,067,714 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/26 13:16:33 | 000,002,495 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\Microsoft Office Excel 2003.lnk
[2011/03/26 13:16:26 | 000,002,497 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\Microsoft Office Word 2003.lnk
[2011/03/16 21:05:12 | 000,013,824 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/11 20:14:02 | 000,043,361 | -H-- | M] () -- C:\Documents and Settings\Paul G!\Desktop\TICHY Hopper decal sheet.jpg
[2011/03/09 22:04:12 | 000,001,355 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/07 02:09:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\DriverCure.job

========== Files Created - No Company Name ==========

[2049/12/31 16:00:00 | 000,416,454 | -H-- | C] () -- C:\Documents and Settings\Paul G!\My Documents\Viers
[2011/04/01 19:21:41 | 000,000,120 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~24764212r
[2011/04/01 19:21:41 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~24764212
[2011/04/01 19:21:16 | 000,000,809 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Desktop\Windows Repair.lnk
[2011/04/01 19:20:35 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\24764212
[2011/04/01 19:20:22 | 000,459,776 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\24764212.exe
[2011/03/11 20:13:59 | 000,043,361 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Desktop\TICHY Hopper decal sheet.jpg
[2010/11/14 01:00:37 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/10/09 02:31:07 | 000,000,051 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/16 21:14:44 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/06/16 21:11:33 | 000,110,056 | -H-- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/06/16 21:11:32 | 000,007,577 | -H-- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/02/10 18:58:35 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/17 00:21:06 | 000,013,824 | -H-- | C] () -- C:\Documents and Settings\Paul G!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/29 18:13:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\iplayer.INI
[2009/04/27 21:37:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/04/21 21:40:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/16 20:07:58 | 000,168,448 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/16 20:07:54 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/16 20:07:54 | 000,795,648 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/16 20:07:54 | 000,130,048 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/16 20:07:52 | 000,067,584 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/09 21:39:45 | 000,005,820 | -H-- | C] () -- C:\WINDOWS\Jelly.ini
[2009/04/08 17:03:39 | 000,000,709 | -H-- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini
[2009/04/08 15:54:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\mtstack.INI
[2009/04/08 15:50:00 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2009/04/08 15:33:31 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/14 16:33:46 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/14 15:22:06 | 000,069,987 | -H-- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/01/14 14:48:57 | 000,757,760 | -H-- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/14 14:48:57 | 000,018,944 | -H-- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/01/14 14:48:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/01/13 17:27:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/13 17:16:37 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/13 12:07:32 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/13 12:06:26 | 000,199,344 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 12:48:28 | 000,004,594 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:48:27 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:43:57 | 000,052,352 | -H-- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2003/07/16 12:35:07 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:35:06 | 000,432,924 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:35:05 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:35:03 | 000,067,714 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:33:18 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:28:25 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:28:14 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:21:49 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:20:48 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/11/14 19:13:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVGQTS
[2010/04/13 19:09:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/10/08 18:38:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/04/13 18:58:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/04/30 21:58:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/13 18:58:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\DriverCure
[2010/11/17 22:26:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul G!\Application Data\MP3Rocket
[2011/03/07 02:09:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2011/04/02 13:53:08 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FAD007F6-DED4-468A-96A0-73C433BCB61F}.job

========== Purity Check ==========



< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP