This topic is lockedTell me how you get on.
Malware
Started by
md262
, May 06 2011 02:58 PM
#46
Posted 15 May 2011 - 12:36 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Tell me how you get on.
#47
Posted 15 May 2011 - 05:38 PM
md262
- Topic Starter
-
- Member
-
- 90 posts
Member
Thanks. System wasn't able to run the diagnostics/fix it. Here is the error message:
Fix it troubleshooting cannot continue because an error occurred. The troubleshooter does not apply to this computer.
Fix it troubleshooting cannot continue because an error occurred. The troubleshooter does not apply to this computer.
Attached Thumbnails
#48
Posted 15 May 2011 - 06:02 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
It was an outside chance anyway.
Tell me does your CD drive accept the disk i.e. is it just that it doesn't spin?
Tell me does your CD drive accept the disk i.e. is it just that it doesn't spin?
#49
Posted 15 May 2011 - 07:18 PM
md262
- Topic Starter
-
- Member
-
- 90 posts
Member
Thanks. Yes, that is correct: the CD drive accepts the disk; however it doesn't spin.
#50
Posted 15 May 2011 - 08:07 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Okay then I think we might have a solution.
You will have to follow these instructions carefully. Especially the commands you will need to type. They have to be exactly as shown.
Now
First we need to set you computer to boot from a CD.
To set your computer BIOS to boot from a CD
1. Restart your computer. Watch the start-up instructions that are displayed on-screen.
A message will be displayed instructing you to press a named key (often F2, F12, or Delete) to go into settings/setup/configuration. (The key and the message will vary according to the type of computer that you are running.)
Press this key to enter the BIOS setup mode.
(If your computer is particularly fast, it may remove the message before you have the chance to press the key; in this case, try pressing the key once a second, starting the moment you reboot.)
Some examples:
For most situations, a suitable sequence is:
1. A (Floppy)
2. CDROM (or DVDROM)
3. HD1 (or C).
3. Save the settings and exit.
4. When your computer reboots, it will check the CD or DVD drive containing the disk before it checks the hard drive.
Thanks to Cities site University of Illinois for these instructions
Next
Boot (restart your machine) with the CD, Select Repair your Computer and bring the computer to a command prompt. At the prompt type the following and press Enter:
BCDEdit /export c:\bcd_backup
Leave a space among the following arguments:
This command should be successful before continuing. It is always important to backup the BCD before rebuilding the store. If successful, at the prompt type the following and press Enter after each line:
Line 1
Attrib -r -s -h C:\boot\bcd
Leave a space among the following arguments (letters/items):
Line 2
Ren C:\boot\bcd bcd.old
Leave a space among the following arguments (letters/items):
Line 3
bootrec /rebuildbcd
Leave a space among the following arguments (letters/items):
The computer will be scanned, and once the installation is detected a dialog box will appear asking if you want to add the installation to the boot list. Select Yes(Y)
If successful, restart the computer and test.
Note: If you have any questions, ask.
You will have to follow these instructions carefully. Especially the commands you will need to type. They have to be exactly as shown.
Now
First we need to set you computer to boot from a CD.
To set your computer BIOS to boot from a CD
1. Restart your computer. Watch the start-up instructions that are displayed on-screen.
A message will be displayed instructing you to press a named key (often F2, F12, or Delete) to go into settings/setup/configuration. (The key and the message will vary according to the type of computer that you are running.)
Press this key to enter the BIOS setup mode.
(If your computer is particularly fast, it may remove the message before you have the chance to press the key; in this case, try pressing the key once a second, starting the moment you reboot.)
Some examples:
- On a Dell computer, you should hit F2 to enter the BIOS.
- Other computers may require you to hit the DEL (Delete) button to enter the BIOS.
- On newer computers, you may be able to hit F12 to select a temporary boot device rather than changing the permanent boot sequence in the BIOS itself. If your computer offers this option, simply select the CD or DVD drive containing the antivirus CD as your temporary boot device, and skip steps 2 and 3.
For most situations, a suitable sequence is:
1. A (Floppy)
2. CDROM (or DVDROM)
3. HD1 (or C).
3. Save the settings and exit.
4. When your computer reboots, it will check the CD or DVD drive containing the disk before it checks the hard drive.
Thanks to Cities site University of Illinois for these instructions
Next
Boot (restart your machine) with the CD, Select Repair your Computer and bring the computer to a command prompt. At the prompt type the following and press Enter:
BCDEdit /export c:\bcd_backup
Leave a space among the following arguments:
BCDEdit
/export
c:\bcd_backup
This command should be successful before continuing. It is always important to backup the BCD before rebuilding the store. If successful, at the prompt type the following and press Enter after each line:
Line 1
Attrib -r -s -h C:\boot\bcd
Leave a space among the following arguments (letters/items):
Attrib
-r
-s
-h
C:\boot\bcd
Line 2
Ren C:\boot\bcd bcd.old
Leave a space among the following arguments (letters/items):
Ren
C:\boot\bcd
bcd.old
Line 3
bootrec /rebuildbcd
Leave a space among the following arguments (letters/items):
bootrec
/rebuildbcd
The computer will be scanned, and once the installation is detected a dialog box will appear asking if you want to add the installation to the boot list. Select Yes(Y)
If successful, restart the computer and test.
Note: If you have any questions, ask.
#51
Posted 15 May 2011 - 08:33 PM
md262
- Topic Starter
-
- Member
-
- 90 posts
Member
Thanks. I interchanged the boot configuration so that Second Boot Device is now CDROM and the Third Boot Device is Hard Disk (see Pic 1). 
However, when the PC was restarted, I don't believe it read the disk because it went through the same bootup process and showed the Windows Recovery Screen, and prompted me to select safe mode, safe mode with networking , safe mode with command prompt or start windows normally (See Pic 2).
However, when the PC was restarted, I don't believe it read the disk because it went through the same bootup process and showed the Windows Recovery Screen, and prompted me to select safe mode, safe mode with networking , safe mode with command prompt or start windows normally (See Pic 2).
#52
Posted 15 May 2011 - 08:40 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hmm... I take it then that the disk didn't start when you rebooted?
#53
Posted 15 May 2011 - 08:46 PM
md262
- Topic Starter
-
- Member
-
- 90 posts
Member
No, the disk didn't start. The CDrom drive still wouldn't spin. Thanks.
Edited by md262, 15 May 2011 - 08:54 PM.
#54
Posted 15 May 2011 - 09:00 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
When I research Dell booting from CD I get a number of answers
Here is one that you might work.
Insert CD into the CD drive.
Shut down and restart the computer.
When the DELL® logo appears, press <F12> immediately.
If you wait too long and the Windows logo appears, continue to wait until you see the Windows desktop. Then shut down your computer through the Start menu and try again.
NOTE: This feature changes the boot sequence for one time only. On the next start-up, the computer boots according to the devices specified in system setup.
When the boot device list appears, highlight CD-ROM Device and press <Enter>.
Select the CD-ROM Device option from the CD boot menu.
Tell me if this works.
Here is one that you might work.
Insert CD into the CD drive.
Shut down and restart the computer.
When the DELL® logo appears, press <F12> immediately.
If you wait too long and the Windows logo appears, continue to wait until you see the Windows desktop. Then shut down your computer through the Start menu and try again.
NOTE: This feature changes the boot sequence for one time only. On the next start-up, the computer boots according to the devices specified in system setup.
When the boot device list appears, highlight CD-ROM Device and press <Enter>.
Select the CD-ROM Device option from the CD boot menu.
Tell me if this works.
#55
Posted 15 May 2011 - 09:23 PM
md262
- Topic Starter
-
- Member
-
- 90 posts
Member
Thanks. Unfortunately, it didn't work. Got into the Boot Menu and selected CDROM (Pic 1)
However, after selecting CDROM, the following message displayed (No boot device available, press ENTER key to retry):
Thank you again for your patience and sticking with this and providing me suggestions.
However, after selecting CDROM, the following message displayed (No boot device available, press ENTER key to retry):
Thank you again for your patience and sticking with this and providing me suggestions.
#56
Posted 15 May 2011 - 09:51 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
I am going to have to consult again on this.
As I said before, might take a bit of time but I will come back.
As I said before, might take a bit of time but I will come back.
#57
Posted 16 May 2011 - 01:03 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hi md262,
Let's see if we can get some more information to help us pin this thing down.
Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit > Select All.
Go File > Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
After that
Let's see if we can get some more information to help us pin this thing down.
Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit > Select All.
Go File > Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
After that
- Close all windows and open OTL again.
- under the Extra Registry heading please check Use SafeList
- Click Run Scan and let the program run uninterrupted
- It will produce a log for you. Post the log here.
#58
Posted 16 May 2011 - 07:09 PM
md262
- Topic Starter
-
- Member
-
- 90 posts
Member
Thanks. Here are the logs:
BSOD
==================================================
Dump File : Mini051011-01.dmp
Crash Time : 5/10/2011 10:47:03 PM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827d4cec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini051011-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050811-02.dmp
Crash Time : 5/8/2011 12:56:52 PM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827cccec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050811-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050811-01.dmp
Crash Time : 5/8/2011 11:45:32 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827c0cec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050811-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050611-01.dmp
Crash Time : 5/6/2011 5:21:20 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827c4cec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050611-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050511-06.dmp
Crash Time : 5/5/2011 5:36:14 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827cccec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050511-06.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050511-05.dmp
Crash Time : 5/5/2011 4:35:47 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827d0cec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050511-05.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050511-04.dmp
Crash Time : 5/5/2011 4:10:39 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827cccec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050511-04.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050511-03.dmp
Crash Time : 5/5/2011 3:17:27 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827cccec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050511-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050511-02.dmp
Crash Time : 5/5/2011 2:08:46 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827cccec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050511-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050511-01.dmp
Crash Time : 5/5/2011 1:27:46 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827cccec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050511-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050411-02.dmp
Crash Time : 5/4/2011 11:04:54 PM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827c0cec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050411-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050411-01.dmp
Crash Time : 5/4/2011 10:04:07 PM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x82bc8cec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050411-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
--------------------------------------------------------------------------------
OTL logfile created on: 5/16/2011 5:59:40 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\jklm\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.72 Gb Total Space | 264.94 Gb Free Space | 58.14% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.29 Gb Free Space | 62.87% Space Free | Partition Type: NTFS
Computer Name: JKLM-PC | User Name: jklm | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/10 19:42:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/12/07 18:37:52 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (SafeList) ==========
MOD - [2011/05/10 19:42:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
MOD - [2006/11/02 02:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2007/09/05 09:45:20 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Stopped] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/03/19 10:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
========== Driver Services (SafeList) ==========
DRV - [2011/02/19 15:21:03 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\utm5ndm3.sys -- (utm5ndm3)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/10/21 23:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/21 23:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/05/03 20:32:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/25 10:10:48 | 000,005,376 | ---- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 11:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/02/20 19:17:00 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=2070905
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {57DBC34D-AEB3-4F4B-AF6B-2A4F07172859}:1.9.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/27 21:52:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/04 14:31:22 | 000,000,000 | ---D | M]
[2010/03/21 07:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jklm\AppData\Roaming\Mozilla\Extensions
[2011/01/14 16:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jklm\AppData\Roaming\Mozilla\Firefox\Profiles\k9fdndyk.default\extensions
[2010/07/26 22:17:22 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\jklm\AppData\Roaming\Mozilla\Firefox\Profiles\k9fdndyk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/03/21 07:33:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\jklm\AppData\Roaming\Mozilla\Firefox\Profiles\k9fdndyk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
File not found (No name found) -- C:\USERS\JKLM\APPDATA\LOCAL\{57DBC34D-AEB3-4F4B-AF6B-2A4F07172859}
Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: motive.com ([pattta.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/16 17:57:02 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2011/05/16 17:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2011/05/12 23:36:53 | 000,061,440 | ---- | C] ( ) -- C:\Users\jklm\Desktop\VEW.exe
[2011/05/12 07:15:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/12 07:15:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/12 07:15:02 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\temp
[2011/05/10 23:18:40 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\jklm\Desktop\TDSSKiller.exe
[2011/05/10 19:44:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/10 19:43:32 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\jklm\Desktop\aswMBR.exe
[2011/05/07 22:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/06 13:43:15 | 000,000,000 | ---D | C] -- C:\Users\jklm\Desktop\5-6-11
[2011/05/06 13:38:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
[2011/05/05 22:58:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/05 22:58:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/05 22:58:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/05 22:58:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/05 22:57:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/22 23:55:20 | 000,000,000 | ---D | C] -- C:\Users\jklm\Desktop\Run
[2009/02/07 21:59:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\jklm\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2011/05/16 17:58:05 | 000,000,076 | ---- | M] () -- C:\Users\jklm\Desktop\Blue screen of death (STOP error) information in dump files..url
[2011/05/16 17:49:46 | 000,000,090 | ---- | M] () -- C:\Users\jklm\Desktop\Malware - Geeks to Go Forums - Page 4.url
[2011/05/16 17:15:14 | 000,000,680 | ---- | M] () -- C:\Users\jklm\AppData\Local\d3d9caps.dat
[2011/05/15 20:53:50 | 000,685,376 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/15 20:53:50 | 000,126,264 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/15 20:49:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/15 20:48:58 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/05/15 20:47:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/13 16:43:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/12 23:36:54 | 000,061,440 | ---- | M] ( ) -- C:\Users\jklm\Desktop\VEW.exe
[2011/05/12 06:59:03 | 004,346,712 | R--- | M] () -- C:\Users\jklm\Desktop\ComboFix.exe
[2011/05/12 06:03:40 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/10 23:06:02 | 000,002,981 | ---- | M] () -- C:\Users\jklm\Desktop\Malware - Geeks to Go Forums.url
[2011/05/10 22:49:00 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 22:49:00 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 22:46:53 | 196,708,589 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/10 22:12:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2296283253-215777900-395999709-1000UA.job
[2011/05/10 19:51:51 | 000,002,039 | ---- | M] () -- C:\Users\jklm\Desktop\Google Chrome.lnk
[2011/05/10 19:51:51 | 000,002,001 | ---- | M] () -- C:\Users\jklm\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/10 19:43:36 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\jklm\Desktop\aswMBR.exe
[2011/05/10 19:42:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
[2011/05/09 17:47:00 | 000,000,341 | ---- | M] () -- C:\Users\jklm\Desktop\Malware - Browser redirects to spam sites [MALWARE] - Geeks to Go Forums.url
[2011/05/08 14:12:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2296283253-215777900-395999709-1000Core.job
[2011/05/04 09:39:02 | 000,002,633 | ---- | M] () -- C:\Users\jklm\Desktop\Microsoft Office Outlook 2007.lnk
[2011/05/03 06:25:04 | 000,000,166 | ---- | M] () -- C:\Users\jklm\Desktop\NEW MEPHISTO WOMEN'S BABATA SANDAL BROWN 35 5 US $225 - eBay.url
[2011/05/02 17:43:10 | 000,200,192 | ---- | M] () -- C:\Users\jklm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\jklm\Desktop\TDSSKiller.exe
[2011/04/22 07:29:48 | 000,002,609 | ---- | M] () -- C:\Users\jklm\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
========== Files Created - No Company Name ==========
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\nikujohe
[2011/05/16 17:58:05 | 000,000,076 | ---- | C] () -- C:\Users\jklm\Desktop\Blue screen of death (STOP error) information in dump files..url
[2011/05/16 17:49:46 | 000,000,090 | ---- | C] () -- C:\Users\jklm\Desktop\Malware - Geeks to Go Forums - Page 4.url
[2011/05/12 06:58:46 | 004,346,712 | R--- | C] () -- C:\Users\jklm\Desktop\ComboFix.exe
[2011/05/10 22:57:07 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/05/09 17:47:00 | 000,000,341 | ---- | C] () -- C:\Users\jklm\Desktop\Malware - Browser redirects to spam sites [MALWARE] - Geeks to Go Forums.url
[2011/05/06 16:40:12 | 000,002,981 | ---- | C] () -- C:\Users\jklm\Desktop\Malware - Geeks to Go Forums.url
[2011/05/05 22:58:03 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/05 22:58:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/05 22:58:03 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/05 22:58:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/05 22:58:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/04 22:03:44 | 196,708,589 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/03 06:25:04 | 000,000,166 | ---- | C] () -- C:\Users\jklm\Desktop\NEW MEPHISTO WOMEN'S BABATA SANDAL BROWN 35 5 US $225 - eBay.url
[2011/02/09 06:44:40 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\utm5ndm3.sys
[2010/07/18 20:08:12 | 000,000,120 | ---- | C] () -- C:\Users\jklm\AppData\Local\Uhadoh.dat
[2010/07/18 20:08:12 | 000,000,000 | ---- | C] () -- C:\Users\jklm\AppData\Local\Egodejuzak.bin
[2009/07/23 17:16:35 | 000,000,680 | ---- | C] () -- C:\Users\jklm\AppData\Local\d3d9caps.dat
[2009/02/07 21:59:14 | 000,007,887 | ---- | C] () -- C:\Users\jklm\AppData\Roaming\pcouffin.cat
[2009/02/07 21:59:14 | 000,001,144 | ---- | C] () -- C:\Users\jklm\AppData\Roaming\pcouffin.inf
[2007/09/21 05:11:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/09/16 18:31:16 | 000,397,312 | ---- | C] () -- C:\Windows\System32\zshp1020.exe
[2007/09/16 18:21:14 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1020.dll
[2007/09/16 18:12:05 | 000,200,192 | ---- | C] () -- C:\Users\jklm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/05 09:47:40 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/05 09:47:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/09/05 09:47:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2006/11/10 06:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 12:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,418,704 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,685,376 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,126,264 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 00:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 00:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
< End of report >
-----------------------------------------------------------------------------
OTL Extras logfile created on: 5/16/2011 5:59:40 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\jklm\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.72 Gb Total Space | 264.94 Gb Free Space | 58.14% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.29 Gb Free Space | 62.87% Space Free | Partition Type: NTFS
Computer Name: JKLM-PC | User Name: jklm | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A4443683-63BD-4AFA-8384-AEBA2E1C92DD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017987AD-A597-40B1-ACF3-1F4A9BA724CA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0C9BE2E1-8336-46D5-9B4C-FD9ECBDFBBD9}" = protocol=6 | dir=in | app=c:\windows\servicing\trustedinstaller.exe |
"{128D15FF-68CA-484C-9DF3-EE480CD7C830}" = protocol=17 | dir=in | app=c:\windows\servicing\trustedinstaller.exe |
"{147B7379-A2D4-4131-9518-27ECE3DD56E8}" = protocol=6 | dir=in | app=c:\windows\system32\logonui.exe |
"{1B9A0C73-1428-4A1F-9652-8708FE4A7FC0}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{20602F05-FB36-41B8-9FC0-360A14F7123D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5415A3AA-7EB2-4754-91D4-FB64AA5CF5AB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{61A37F26-CA62-4E41-8A85-120887C164A4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7A625494-DCFB-4181-B11F-1B633548E8F3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A9527B14-3CC4-4CAB-BE3B-5725A9D963F9}" = protocol=17 | dir=in | app=c:\windows\system32\logonui.exe |
"{BE6D5BDD-952A-4995-BB79-F51335334B3F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EB6A993A-1843-4DB5-9C80-2E0B98B34BE9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{A95037B5-9F73-49E1-88C8-96C04E88205D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F0229D1E-1F1F-41C4-BCA0-269EDEA4F641}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{836A5650-9619-4C54-9458-40DF647E64BD}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{A79D3154-1FEF-4A2A-B14A-418925D098B5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03C5896D-8F49-471E-8F92-801A94570038}" = VideoCam Suite
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATT-SST" = AT&T Self Support Tool
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.7
"Google Desktop" = Google Desktop
"HandBrake" = HandBrake 0.9.5
"HijackThis" = HijackThis 2.0.2
"HP-LaserJet 1020 series" = LaserJet 1020 series
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"PROPLUSR" = Microsoft Office Professional Plus 2007
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
BSOD
==================================================
Dump File : Mini051011-01.dmp
Crash Time : 5/10/2011 10:47:03 PM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827d4cec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini051011-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050811-02.dmp
Crash Time : 5/8/2011 12:56:52 PM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827cccec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050811-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050811-01.dmp
Crash Time : 5/8/2011 11:45:32 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827c0cec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050811-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050611-01.dmp
Crash Time : 5/6/2011 5:21:20 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827c4cec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050611-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050511-06.dmp
Crash Time : 5/5/2011 5:36:14 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827cccec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050511-06.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050511-05.dmp
Crash Time : 5/5/2011 4:35:47 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827d0cec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050511-05.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050511-04.dmp
Crash Time : 5/5/2011 4:10:39 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827cccec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050511-04.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050511-03.dmp
Crash Time : 5/5/2011 3:17:27 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827cccec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050511-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050511-02.dmp
Crash Time : 5/5/2011 2:08:46 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827cccec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050511-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050511-01.dmp
Crash Time : 5/5/2011 1:27:46 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827cccec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050511-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050411-02.dmp
Crash Time : 5/4/2011 11:04:54 PM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x827c0cec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050411-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
==================================================
Dump File : Mini050411-01.dmp
Crash Time : 5/4/2011 10:04:07 PM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 0x00000001
Parameter 2 : 0x82bc8cec
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+65a4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16407 (vista_gdr.061223-1640)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini050411-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,648
==================================================
--------------------------------------------------------------------------------
OTL logfile created on: 5/16/2011 5:59:40 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\jklm\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.72 Gb Total Space | 264.94 Gb Free Space | 58.14% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.29 Gb Free Space | 62.87% Space Free | Partition Type: NTFS
Computer Name: JKLM-PC | User Name: jklm | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/10 19:42:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/12/07 18:37:52 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (SafeList) ==========
MOD - [2011/05/10 19:42:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
MOD - [2006/11/02 02:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2007/09/05 09:45:20 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Stopped] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/03/19 10:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
========== Driver Services (SafeList) ==========
DRV - [2011/02/19 15:21:03 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\utm5ndm3.sys -- (utm5ndm3)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/10/21 23:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/21 23:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/05/03 20:32:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/25 10:10:48 | 000,005,376 | ---- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 11:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/02/20 19:17:00 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=2070905
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {57DBC34D-AEB3-4F4B-AF6B-2A4F07172859}:1.9.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/27 21:52:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/04 14:31:22 | 000,000,000 | ---D | M]
[2010/03/21 07:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jklm\AppData\Roaming\Mozilla\Extensions
[2011/01/14 16:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jklm\AppData\Roaming\Mozilla\Firefox\Profiles\k9fdndyk.default\extensions
[2010/07/26 22:17:22 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\jklm\AppData\Roaming\Mozilla\Firefox\Profiles\k9fdndyk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/03/21 07:33:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\jklm\AppData\Roaming\Mozilla\Firefox\Profiles\k9fdndyk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
File not found (No name found) -- C:\USERS\JKLM\APPDATA\LOCAL\{57DBC34D-AEB3-4F4B-AF6B-2A4F07172859}
Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: motive.com ([pattta.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/16 17:57:02 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2011/05/16 17:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2011/05/12 23:36:53 | 000,061,440 | ---- | C] ( ) -- C:\Users\jklm\Desktop\VEW.exe
[2011/05/12 07:15:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/12 07:15:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/12 07:15:02 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\temp
[2011/05/10 23:18:40 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\jklm\Desktop\TDSSKiller.exe
[2011/05/10 19:44:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/10 19:43:32 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\jklm\Desktop\aswMBR.exe
[2011/05/07 22:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/06 13:43:15 | 000,000,000 | ---D | C] -- C:\Users\jklm\Desktop\5-6-11
[2011/05/06 13:38:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
[2011/05/05 22:58:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/05 22:58:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/05 22:58:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/05 22:58:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/05 22:57:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/22 23:55:20 | 000,000,000 | ---D | C] -- C:\Users\jklm\Desktop\Run
[2009/02/07 21:59:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\jklm\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2011/05/16 17:58:05 | 000,000,076 | ---- | M] () -- C:\Users\jklm\Desktop\Blue screen of death (STOP error) information in dump files..url
[2011/05/16 17:49:46 | 000,000,090 | ---- | M] () -- C:\Users\jklm\Desktop\Malware - Geeks to Go Forums - Page 4.url
[2011/05/16 17:15:14 | 000,000,680 | ---- | M] () -- C:\Users\jklm\AppData\Local\d3d9caps.dat
[2011/05/15 20:53:50 | 000,685,376 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/15 20:53:50 | 000,126,264 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/15 20:49:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/15 20:48:58 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/05/15 20:47:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/13 16:43:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/12 23:36:54 | 000,061,440 | ---- | M] ( ) -- C:\Users\jklm\Desktop\VEW.exe
[2011/05/12 06:59:03 | 004,346,712 | R--- | M] () -- C:\Users\jklm\Desktop\ComboFix.exe
[2011/05/12 06:03:40 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/10 23:06:02 | 000,002,981 | ---- | M] () -- C:\Users\jklm\Desktop\Malware - Geeks to Go Forums.url
[2011/05/10 22:49:00 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 22:49:00 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 22:46:53 | 196,708,589 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/10 22:12:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2296283253-215777900-395999709-1000UA.job
[2011/05/10 19:51:51 | 000,002,039 | ---- | M] () -- C:\Users\jklm\Desktop\Google Chrome.lnk
[2011/05/10 19:51:51 | 000,002,001 | ---- | M] () -- C:\Users\jklm\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/10 19:43:36 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\jklm\Desktop\aswMBR.exe
[2011/05/10 19:42:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
[2011/05/09 17:47:00 | 000,000,341 | ---- | M] () -- C:\Users\jklm\Desktop\Malware - Browser redirects to spam sites [MALWARE] - Geeks to Go Forums.url
[2011/05/08 14:12:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2296283253-215777900-395999709-1000Core.job
[2011/05/04 09:39:02 | 000,002,633 | ---- | M] () -- C:\Users\jklm\Desktop\Microsoft Office Outlook 2007.lnk
[2011/05/03 06:25:04 | 000,000,166 | ---- | M] () -- C:\Users\jklm\Desktop\NEW MEPHISTO WOMEN'S BABATA SANDAL BROWN 35 5 US $225 - eBay.url
[2011/05/02 17:43:10 | 000,200,192 | ---- | M] () -- C:\Users\jklm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\jklm\Desktop\TDSSKiller.exe
[2011/04/22 07:29:48 | 000,002,609 | ---- | M] () -- C:\Users\jklm\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
========== Files Created - No Company Name ==========
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\nikujohe
[2011/05/16 17:58:05 | 000,000,076 | ---- | C] () -- C:\Users\jklm\Desktop\Blue screen of death (STOP error) information in dump files..url
[2011/05/16 17:49:46 | 000,000,090 | ---- | C] () -- C:\Users\jklm\Desktop\Malware - Geeks to Go Forums - Page 4.url
[2011/05/12 06:58:46 | 004,346,712 | R--- | C] () -- C:\Users\jklm\Desktop\ComboFix.exe
[2011/05/10 22:57:07 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/05/09 17:47:00 | 000,000,341 | ---- | C] () -- C:\Users\jklm\Desktop\Malware - Browser redirects to spam sites [MALWARE] - Geeks to Go Forums.url
[2011/05/06 16:40:12 | 000,002,981 | ---- | C] () -- C:\Users\jklm\Desktop\Malware - Geeks to Go Forums.url
[2011/05/05 22:58:03 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/05 22:58:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/05 22:58:03 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/05 22:58:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/05 22:58:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/04 22:03:44 | 196,708,589 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/03 06:25:04 | 000,000,166 | ---- | C] () -- C:\Users\jklm\Desktop\NEW MEPHISTO WOMEN'S BABATA SANDAL BROWN 35 5 US $225 - eBay.url
[2011/02/09 06:44:40 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\utm5ndm3.sys
[2010/07/18 20:08:12 | 000,000,120 | ---- | C] () -- C:\Users\jklm\AppData\Local\Uhadoh.dat
[2010/07/18 20:08:12 | 000,000,000 | ---- | C] () -- C:\Users\jklm\AppData\Local\Egodejuzak.bin
[2009/07/23 17:16:35 | 000,000,680 | ---- | C] () -- C:\Users\jklm\AppData\Local\d3d9caps.dat
[2009/02/07 21:59:14 | 000,007,887 | ---- | C] () -- C:\Users\jklm\AppData\Roaming\pcouffin.cat
[2009/02/07 21:59:14 | 000,001,144 | ---- | C] () -- C:\Users\jklm\AppData\Roaming\pcouffin.inf
[2007/09/21 05:11:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/09/16 18:31:16 | 000,397,312 | ---- | C] () -- C:\Windows\System32\zshp1020.exe
[2007/09/16 18:21:14 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1020.dll
[2007/09/16 18:12:05 | 000,200,192 | ---- | C] () -- C:\Users\jklm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/05 09:47:40 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/05 09:47:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/09/05 09:47:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2006/11/10 06:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 12:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,418,704 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,685,376 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,126,264 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 00:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 00:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
< End of report >
-----------------------------------------------------------------------------
OTL Extras logfile created on: 5/16/2011 5:59:40 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\jklm\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.72 Gb Total Space | 264.94 Gb Free Space | 58.14% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.29 Gb Free Space | 62.87% Space Free | Partition Type: NTFS
Computer Name: JKLM-PC | User Name: jklm | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A4443683-63BD-4AFA-8384-AEBA2E1C92DD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017987AD-A597-40B1-ACF3-1F4A9BA724CA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0C9BE2E1-8336-46D5-9B4C-FD9ECBDFBBD9}" = protocol=6 | dir=in | app=c:\windows\servicing\trustedinstaller.exe |
"{128D15FF-68CA-484C-9DF3-EE480CD7C830}" = protocol=17 | dir=in | app=c:\windows\servicing\trustedinstaller.exe |
"{147B7379-A2D4-4131-9518-27ECE3DD56E8}" = protocol=6 | dir=in | app=c:\windows\system32\logonui.exe |
"{1B9A0C73-1428-4A1F-9652-8708FE4A7FC0}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{20602F05-FB36-41B8-9FC0-360A14F7123D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5415A3AA-7EB2-4754-91D4-FB64AA5CF5AB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{61A37F26-CA62-4E41-8A85-120887C164A4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7A625494-DCFB-4181-B11F-1B633548E8F3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A9527B14-3CC4-4CAB-BE3B-5725A9D963F9}" = protocol=17 | dir=in | app=c:\windows\system32\logonui.exe |
"{BE6D5BDD-952A-4995-BB79-F51335334B3F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EB6A993A-1843-4DB5-9C80-2E0B98B34BE9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{A95037B5-9F73-49E1-88C8-96C04E88205D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F0229D1E-1F1F-41C4-BCA0-269EDEA4F641}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{836A5650-9619-4C54-9458-40DF647E64BD}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{A79D3154-1FEF-4A2A-B14A-418925D098B5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03C5896D-8F49-471E-8F92-801A94570038}" = VideoCam Suite
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATT-SST" = AT&T Self Support Tool
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.7
"Google Desktop" = Google Desktop
"HandBrake" = HandBrake 0.9.5
"HijackThis" = HijackThis 2.0.2
"HP-LaserJet 1020 series" = LaserJet 1020 series
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"PROPLUSR" = Microsoft Office Professional Plus 2007
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
#59
Posted 16 May 2011 - 08:25 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello md262,
Please copy (Edit->Select All, Edit->Copy) the contents of the file and paste it into your reply.
- Double click on the OTL icon to run it. Make sure all other windows are closed to let it run uninterrupted.
- Under the Custom Scan box paste this in:
/md5start
hal.dll
/md5stop
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
Please copy (Edit->Select All, Edit->Copy) the contents of the file and paste it into your reply.
#60
Posted 16 May 2011 - 09:07 PM
md262
- Topic Starter
-
- Member
-
- 90 posts
Member
Thanks. Here is the log:
OTL logfile created on: 5/16/2011 7:29:11 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\jklm\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.72 Gb Total Space | 264.93 Gb Free Space | 58.13% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.29 Gb Free Space | 62.87% Space Free | Partition Type: NTFS
Computer Name: JKLM-PC | User Name: jklm | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/10 19:42:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/12/07 18:37:52 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (SafeList) ==========
MOD - [2011/05/10 19:42:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
MOD - [2006/11/02 02:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2007/09/05 09:45:20 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Stopped] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/03/19 10:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
========== Driver Services (SafeList) ==========
DRV - [2011/02/19 15:21:03 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\utm5ndm3.sys -- (utm5ndm3)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/10/21 23:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/21 23:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/05/03 20:32:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/25 10:10:48 | 000,005,376 | ---- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 11:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/02/20 19:17:00 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=2070905
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {57DBC34D-AEB3-4F4B-AF6B-2A4F07172859}:1.9.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/27 21:52:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/04 14:31:22 | 000,000,000 | ---D | M]
[2010/03/21 07:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jklm\AppData\Roaming\Mozilla\Extensions
[2011/01/14 16:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jklm\AppData\Roaming\Mozilla\Firefox\Profiles\k9fdndyk.default\extensions
[2010/07/26 22:17:22 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\jklm\AppData\Roaming\Mozilla\Firefox\Profiles\k9fdndyk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/03/21 07:33:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\jklm\AppData\Roaming\Mozilla\Firefox\Profiles\k9fdndyk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
File not found (No name found) -- C:\USERS\JKLM\APPDATA\LOCAL\{57DBC34D-AEB3-4F4B-AF6B-2A4F07172859}
Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: motive.com ([pattta.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/16 17:57:02 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2011/05/16 17:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2011/05/12 23:36:53 | 000,061,440 | ---- | C] ( ) -- C:\Users\jklm\Desktop\VEW.exe
[2011/05/12 07:15:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/12 07:15:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/12 07:15:02 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\temp
[2011/05/10 23:18:40 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\jklm\Desktop\TDSSKiller.exe
[2011/05/10 19:44:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/10 19:43:32 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\jklm\Desktop\aswMBR.exe
[2011/05/07 22:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/06 13:43:15 | 000,000,000 | ---D | C] -- C:\Users\jklm\Desktop\5-6-11
[2011/05/06 13:38:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
[2011/05/05 22:58:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/05 22:58:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/05 22:58:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/05 22:58:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/05 22:57:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/22 23:55:20 | 000,000,000 | ---D | C] -- C:\Users\jklm\Desktop\Run
[2009/02/07 21:59:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\jklm\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2011/05/16 19:08:02 | 000,000,680 | ---- | M] () -- C:\Users\jklm\AppData\Local\d3d9caps.dat
[2011/05/16 17:49:46 | 000,000,090 | ---- | M] () -- C:\Users\jklm\Desktop\Malware - Geeks to Go Forums - Page 4.url
[2011/05/15 20:53:50 | 000,685,376 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/15 20:53:50 | 000,126,264 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/15 20:49:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/15 20:48:58 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/05/15 20:47:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/13 16:43:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/12 23:36:54 | 000,061,440 | ---- | M] ( ) -- C:\Users\jklm\Desktop\VEW.exe
[2011/05/12 06:59:03 | 004,346,712 | R--- | M] () -- C:\Users\jklm\Desktop\ComboFix.exe
[2011/05/12 06:03:40 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/10 23:06:02 | 000,002,981 | ---- | M] () -- C:\Users\jklm\Desktop\Malware - Geeks to Go Forums.url
[2011/05/10 22:49:00 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 22:49:00 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 22:46:53 | 196,708,589 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/10 22:12:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2296283253-215777900-395999709-1000UA.job
[2011/05/10 19:51:51 | 000,002,039 | ---- | M] () -- C:\Users\jklm\Desktop\Google Chrome.lnk
[2011/05/10 19:51:51 | 000,002,001 | ---- | M] () -- C:\Users\jklm\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/10 19:43:36 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\jklm\Desktop\aswMBR.exe
[2011/05/10 19:42:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
[2011/05/09 17:47:00 | 000,000,341 | ---- | M] () -- C:\Users\jklm\Desktop\Malware - Browser redirects to spam sites [MALWARE] - Geeks to Go Forums.url
[2011/05/08 14:12:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2296283253-215777900-395999709-1000Core.job
[2011/05/04 09:39:02 | 000,002,633 | ---- | M] () -- C:\Users\jklm\Desktop\Microsoft Office Outlook 2007.lnk
[2011/05/03 06:25:04 | 000,000,166 | ---- | M] () -- C:\Users\jklm\Desktop\NEW MEPHISTO WOMEN'S BABATA SANDAL BROWN 35 5 US $225 - eBay.url
[2011/05/02 17:43:10 | 000,200,192 | ---- | M] () -- C:\Users\jklm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\jklm\Desktop\TDSSKiller.exe
[2011/04/22 07:29:48 | 000,002,609 | ---- | M] () -- C:\Users\jklm\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
========== Files Created - No Company Name ==========
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\nikujohe
[2011/05/16 17:49:46 | 000,000,090 | ---- | C] () -- C:\Users\jklm\Desktop\Malware - Geeks to Go Forums - Page 4.url
[2011/05/12 06:58:46 | 004,346,712 | R--- | C] () -- C:\Users\jklm\Desktop\ComboFix.exe
[2011/05/10 22:57:07 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/05/09 17:47:00 | 000,000,341 | ---- | C] () -- C:\Users\jklm\Desktop\Malware - Browser redirects to spam sites [MALWARE] - Geeks to Go Forums.url
[2011/05/06 16:40:12 | 000,002,981 | ---- | C] () -- C:\Users\jklm\Desktop\Malware - Geeks to Go Forums.url
[2011/05/05 22:58:03 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/05 22:58:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/05 22:58:03 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/05 22:58:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/05 22:58:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/04 22:03:44 | 196,708,589 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/03 06:25:04 | 000,000,166 | ---- | C] () -- C:\Users\jklm\Desktop\NEW MEPHISTO WOMEN'S BABATA SANDAL BROWN 35 5 US $225 - eBay.url
[2011/02/09 06:44:40 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\utm5ndm3.sys
[2010/07/18 20:08:12 | 000,000,120 | ---- | C] () -- C:\Users\jklm\AppData\Local\Uhadoh.dat
[2010/07/18 20:08:12 | 000,000,000 | ---- | C] () -- C:\Users\jklm\AppData\Local\Egodejuzak.bin
[2009/07/23 17:16:35 | 000,000,680 | ---- | C] () -- C:\Users\jklm\AppData\Local\d3d9caps.dat
[2009/02/07 21:59:14 | 000,007,887 | ---- | C] () -- C:\Users\jklm\AppData\Roaming\pcouffin.cat
[2009/02/07 21:59:14 | 000,001,144 | ---- | C] () -- C:\Users\jklm\AppData\Roaming\pcouffin.inf
[2007/09/21 05:11:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/09/16 18:31:16 | 000,397,312 | ---- | C] () -- C:\Windows\System32\zshp1020.exe
[2007/09/16 18:21:14 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1020.dll
[2007/09/16 18:12:05 | 000,200,192 | ---- | C] () -- C:\Users\jklm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/05 09:47:40 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/05 09:47:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/09/05 09:47:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2006/11/10 06:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 12:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,418,704 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,685,376 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,126,264 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 00:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 00:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
========== Custom Scans ==========
< MD5 for: HAL.DLL >
[2007/09/05 09:43:24 | 000,160,872 | ---- | M] (Microsoft Corporation) MD5=779D32272A54384807A4424D90293378 -- C:\Windows\System32\hal.dll
< End of report >
OTL logfile created on: 5/16/2011 7:29:11 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\jklm\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.72 Gb Total Space | 264.93 Gb Free Space | 58.13% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.29 Gb Free Space | 62.87% Space Free | Partition Type: NTFS
Computer Name: JKLM-PC | User Name: jklm | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/10 19:42:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/12/07 18:37:52 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (SafeList) ==========
MOD - [2011/05/10 19:42:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
MOD - [2006/11/02 02:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2007/09/05 09:45:20 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Stopped] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/03/19 10:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
========== Driver Services (SafeList) ==========
DRV - [2011/02/19 15:21:03 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\utm5ndm3.sys -- (utm5ndm3)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/10/21 23:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/21 23:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/05/03 20:32:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/25 10:10:48 | 000,005,376 | ---- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 11:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/02/20 19:17:00 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=2070905
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {57DBC34D-AEB3-4F4B-AF6B-2A4F07172859}:1.9.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/27 21:52:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/04 14:31:22 | 000,000,000 | ---D | M]
[2010/03/21 07:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jklm\AppData\Roaming\Mozilla\Extensions
[2011/01/14 16:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jklm\AppData\Roaming\Mozilla\Firefox\Profiles\k9fdndyk.default\extensions
[2010/07/26 22:17:22 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\jklm\AppData\Roaming\Mozilla\Firefox\Profiles\k9fdndyk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/03/21 07:33:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\jklm\AppData\Roaming\Mozilla\Firefox\Profiles\k9fdndyk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
File not found (No name found) -- C:\USERS\JKLM\APPDATA\LOCAL\{57DBC34D-AEB3-4F4B-AF6B-2A4F07172859}
Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: motive.com ([pattta.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/16 17:57:02 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2011/05/16 17:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2011/05/12 23:36:53 | 000,061,440 | ---- | C] ( ) -- C:\Users\jklm\Desktop\VEW.exe
[2011/05/12 07:15:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/12 07:15:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/12 07:15:02 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\temp
[2011/05/10 23:18:40 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\jklm\Desktop\TDSSKiller.exe
[2011/05/10 19:44:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/10 19:43:32 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\jklm\Desktop\aswMBR.exe
[2011/05/07 22:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/06 13:43:15 | 000,000,000 | ---D | C] -- C:\Users\jklm\Desktop\5-6-11
[2011/05/06 13:38:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
[2011/05/05 22:58:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/05 22:58:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/05 22:58:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/05 22:58:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/05 22:57:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/22 23:55:20 | 000,000,000 | ---D | C] -- C:\Users\jklm\Desktop\Run
[2009/02/07 21:59:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\jklm\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2011/05/16 19:08:02 | 000,000,680 | ---- | M] () -- C:\Users\jklm\AppData\Local\d3d9caps.dat
[2011/05/16 17:49:46 | 000,000,090 | ---- | M] () -- C:\Users\jklm\Desktop\Malware - Geeks to Go Forums - Page 4.url
[2011/05/15 20:53:50 | 000,685,376 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/15 20:53:50 | 000,126,264 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/15 20:49:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/15 20:48:58 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/05/15 20:47:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/13 16:43:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/12 23:36:54 | 000,061,440 | ---- | M] ( ) -- C:\Users\jklm\Desktop\VEW.exe
[2011/05/12 06:59:03 | 004,346,712 | R--- | M] () -- C:\Users\jklm\Desktop\ComboFix.exe
[2011/05/12 06:03:40 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/10 23:06:02 | 000,002,981 | ---- | M] () -- C:\Users\jklm\Desktop\Malware - Geeks to Go Forums.url
[2011/05/10 22:49:00 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 22:49:00 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 22:46:53 | 196,708,589 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/10 22:12:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2296283253-215777900-395999709-1000UA.job
[2011/05/10 19:51:51 | 000,002,039 | ---- | M] () -- C:\Users\jklm\Desktop\Google Chrome.lnk
[2011/05/10 19:51:51 | 000,002,001 | ---- | M] () -- C:\Users\jklm\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/10 19:43:36 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\jklm\Desktop\aswMBR.exe
[2011/05/10 19:42:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
[2011/05/09 17:47:00 | 000,000,341 | ---- | M] () -- C:\Users\jklm\Desktop\Malware - Browser redirects to spam sites [MALWARE] - Geeks to Go Forums.url
[2011/05/08 14:12:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2296283253-215777900-395999709-1000Core.job
[2011/05/04 09:39:02 | 000,002,633 | ---- | M] () -- C:\Users\jklm\Desktop\Microsoft Office Outlook 2007.lnk
[2011/05/03 06:25:04 | 000,000,166 | ---- | M] () -- C:\Users\jklm\Desktop\NEW MEPHISTO WOMEN'S BABATA SANDAL BROWN 35 5 US $225 - eBay.url
[2011/05/02 17:43:10 | 000,200,192 | ---- | M] () -- C:\Users\jklm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\jklm\Desktop\TDSSKiller.exe
[2011/04/22 07:29:48 | 000,002,609 | ---- | M] () -- C:\Users\jklm\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
========== Files Created - No Company Name ==========
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\nikujohe
[2011/05/16 17:49:46 | 000,000,090 | ---- | C] () -- C:\Users\jklm\Desktop\Malware - Geeks to Go Forums - Page 4.url
[2011/05/12 06:58:46 | 004,346,712 | R--- | C] () -- C:\Users\jklm\Desktop\ComboFix.exe
[2011/05/10 22:57:07 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/05/09 17:47:00 | 000,000,341 | ---- | C] () -- C:\Users\jklm\Desktop\Malware - Browser redirects to spam sites [MALWARE] - Geeks to Go Forums.url
[2011/05/06 16:40:12 | 000,002,981 | ---- | C] () -- C:\Users\jklm\Desktop\Malware - Geeks to Go Forums.url
[2011/05/05 22:58:03 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/05 22:58:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/05 22:58:03 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/05 22:58:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/05 22:58:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/04 22:03:44 | 196,708,589 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/03 06:25:04 | 000,000,166 | ---- | C] () -- C:\Users\jklm\Desktop\NEW MEPHISTO WOMEN'S BABATA SANDAL BROWN 35 5 US $225 - eBay.url
[2011/02/09 06:44:40 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\utm5ndm3.sys
[2010/07/18 20:08:12 | 000,000,120 | ---- | C] () -- C:\Users\jklm\AppData\Local\Uhadoh.dat
[2010/07/18 20:08:12 | 000,000,000 | ---- | C] () -- C:\Users\jklm\AppData\Local\Egodejuzak.bin
[2009/07/23 17:16:35 | 000,000,680 | ---- | C] () -- C:\Users\jklm\AppData\Local\d3d9caps.dat
[2009/02/07 21:59:14 | 000,007,887 | ---- | C] () -- C:\Users\jklm\AppData\Roaming\pcouffin.cat
[2009/02/07 21:59:14 | 000,001,144 | ---- | C] () -- C:\Users\jklm\AppData\Roaming\pcouffin.inf
[2007/09/21 05:11:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/09/16 18:31:16 | 000,397,312 | ---- | C] () -- C:\Windows\System32\zshp1020.exe
[2007/09/16 18:21:14 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1020.dll
[2007/09/16 18:12:05 | 000,200,192 | ---- | C] () -- C:\Users\jklm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/05 09:47:40 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/05 09:47:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/09/05 09:47:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2006/11/10 06:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 12:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,418,704 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,685,376 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,126,264 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 00:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 00:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
========== Custom Scans ==========
< MD5 for: HAL.DLL >
[2007/09/05 09:43:24 | 000,160,872 | ---- | M] (Microsoft Corporation) MD5=779D32272A54384807A4424D90293378 -- C:\Windows\System32\hal.dll
< End of report >
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
