Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Reboot Problem possibly fixed but verifying


  • This topic is locked This topic is locked

#1
Pete677

Pete677

    Member

  • Member
  • PipPip
  • 77 posts
Howdy,
Had some reboot problem occuring last couple of weeks and recently had it fixed by looking at old posts here and removing some Trojans.
Wanted to post the OTL and EXTRA logs to see if any of you could see any other hidden potential problems that may occur again.
Note: At the end of OTL End of Report begins the EXTRA.

OTL logfile created on: 7/10/2011 3:42:51 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner.BAYSINN\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.58 Mb Total Physical Memory | 315.36 Mb Available Physical Memory | 35.29% Memory free
2.11 Gb Paging File | 1.60 Gb Available in Paging File | 75.70% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.75 Gb Total Space | 104.32 Gb Free Space | 72.57% Space Free | Partition Type: NTFS
Drive D: | 37.27 Gb Total Space | 37.20 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive E: | 5.28 Gb Total Space | 5.28 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: BAYSINN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/10 15:42:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.BAYSINN\Desktop\OTL.exe
PRC - [2011/05/26 16:47:16 | 000,826,896 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\TightVNC\tvnserver.exe
PRC - [2009/04/10 07:54:28 | 019,267,584 | ---- | M] (Anand Systems Inc) -- C:\Program Files\ASI\ASI FrontDesk\ASIFD.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/31 12:50:21 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/12/09 20:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2003/08/01 19:28:24 | 000,474,624 | ---- | M] (Constantin Kaplinsky) -- C:\Program Files\TightVNC\WinVNC.exe
PRC - [1999/03/21 20:00:00 | 000,057,393 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/10 15:42:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.BAYSINN\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/08/01 19:28:22 | 000,060,928 | ---- | M] () -- C:\Program Files\TightVNC\VNCHooks.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/26 16:47:16 | 000,826,896 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/07/31 12:50:21 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/01/14 16:03:26 | 000,050,176 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008/12/24 05:40:12 | 000,080,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008/12/16 06:10:34 | 000,070,016 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NmSerial.sys -- (nmserial)
DRV - [2008/04/13 13:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2006/07/31 13:05:14 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/04/06 16:20:44 | 004,258,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/18 20:41:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/15 23:48:08 | 001,477,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/17 11:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 11:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 11:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/10 19:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 19:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/05 02:25:02 | 000,023,296 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\u2s2kxp.sys -- (U2SP) USB to Serial Converter Driver(Philips)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baysinn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()



O1 HOSTS File: ([2011/07/10 13:59:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\Owner.BAYSINN\Start Menu\Programs\Startup\Launch Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner.BAYSINN\Start Menu\Programs\Startup\Launch TightVNC Server.lnk = C:\Program Files\TightVNC\WinVNC.exe (Constantin Kaplinsky)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} http://24.56.66.133/dvrweb.cab (DHSurveillanceCtrl Control)
O16 - DPF: {5A99FD4F-BE4A-4FBF-8ABF-FEE1793EF79C} http://72.17.185.242/WebLoaderPro.cab (ActiveFormX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1199279495976 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...ows-i586-jc.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} http://pcpitstop.com...irus/PitPav.cab (AV Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.BAYSINN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.BAYSINN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/07 07:37:45 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{4f1c5482-fc21-11df-b029-001676d4f682}\Shell - "" = AutoRun
O33 - MountPoints2\{4f1c5482-fc21-11df-b029-001676d4f682}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f1c5482-fc21-11df-b029-001676d4f682}\Shell\AutoRun\command - "" = K:\setup.exe -a
O33 - MountPoints2\{ba67c87e-d358-11dc-add0-001676d4f682}\Shell - "" = AutoRun
O33 - MountPoints2\{ba67c87e-d358-11dc-add0-001676d4f682}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ba67c87e-d358-11dc-add0-001676d4f682}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/10 15:42:25 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.BAYSINN\Desktop\OTL.exe
[2011/07/10 14:11:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/10 14:05:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/10 13:50:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/06/30 14:40:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.BAYSINN\Recent
[2011/06/30 14:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2011/06/30 14:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2011/06/30 12:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Puran Defrag
[2011/06/30 12:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/06/29 10:33:46 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/06/29 09:57:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/06/17 10:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BAYSINN\Application Data\Lekyej
[2011/06/17 10:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BAYSINN\Application Data\Kuasi
[2001/04/02 13:07:00 | 000,032,768 | ---- | C] (  ) -- C:\WINDOWS\System32\ASIDLL.dll

========== Files - Modified Within 30 Days ==========

[2011/07/10 15:42:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.BAYSINN\Desktop\OTL.exe
[2011/07/10 15:40:59 | 031,293,440 | ---- | M] () -- C:\Documents and Settings\Owner.BAYSINN\My Documents\outlook.pst
[2011/07/10 14:54:34 | 000,498,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/10 14:54:33 | 000,094,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/10 14:54:17 | 000,002,313 | ---- | M] () -- C:\Documents and Settings\Owner.BAYSINN\Application Data\Microsoft\Internet Explorer\Quick Launch\Bays Inn Check Inn.lnk
[2011/07/10 14:51:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/10 14:49:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/10 14:10:13 | 000,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/10 13:59:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/10 13:51:12 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/10 13:51:12 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/10 11:58:52 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ASI FrontDesk.lnk
[2011/06/29 12:50:49 | 000,011,264 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2011/06/29 12:50:49 | 000,002,388 | ---- | M] () -- C:\WINDOWS\DCEBOOT.CFG
[2011/06/26 05:57:46 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Owner.BAYSINN\Desktop\ASI FrontDesk Configuration.lnk

========== Files Created - No Company Name ==========

[2011/06/29 12:50:12 | 000,002,388 | ---- | C] () -- C:\WINDOWS\DCEBOOT.CFG
[2011/04/15 22:52:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/01 12:20:09 | 000,011,264 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2009/12/15 08:50:37 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner.BAYSINN\Local Settings\Application Data\housecall.guid.cache
[2009/10/27 16:19:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NetViewer16ch_iplog.ini
[2009/09/11 13:45:27 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP21.INI
[2009/09/07 17:52:03 | 000,054,908 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fx2Cam.bin
[2009/06/12 15:52:29 | 000,331,264 | ---- | C] () -- C:\WINDOWS\System32\SS8NRWIA.dll
[2009/06/12 15:52:29 | 000,331,264 | ---- | C] () -- C:\WINDOWS\System32\SS8DXWIA.DLL
[2009/06/12 15:52:29 | 000,331,264 | ---- | C] () -- C:\WINDOWS\System32\SS8DNWIA.DLL
[2009/06/12 15:52:28 | 000,331,264 | ---- | C] () -- C:\WINDOWS\System32\CSS8RWIA.dll
[2008/02/21 13:43:48 | 000,000,359 | ---- | C] () -- C:\WINDOWS\NetViewer16ch.INI
[2007/09/12 10:19:56 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/04/20 10:18:47 | 000,000,248 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2007/03/08 02:46:27 | 000,000,266 | ---- | C] () -- C:\Documents and Settings\Owner.BAYSINN\Application Data\wklnhst.dat
[2007/01/22 04:50:39 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Owner.BAYSINN\Local Settings\Application Data\fusioncache.dat
[2007/01/12 10:54:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/07 12:55:13 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Owner.BAYSINN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/27 19:04:55 | 000,000,033 | ---- | C] () -- C:\WINDOWS\SLib.INI
[2006/11/27 19:01:05 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP12.INI
[2006/07/31 13:04:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/31 13:02:45 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/07/31 13:02:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/07/31 13:02:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/07/31 12:59:11 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006/07/31 12:55:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/31 12:29:08 | 000,112,421 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/06/21 04:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 04:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/17 04:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 04:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 04:24:58 | 000,001,386 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 04:24:57 | 000,000,469 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 04:24:04 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/06/17 04:24:04 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/06/17 04:24:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/06/17 04:24:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/06/17 04:24:04 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/06/17 04:23:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/06/17 04:23:22 | 000,498,000 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/17 04:23:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/06/17 04:23:22 | 000,094,554 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/17 04:23:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/06/17 04:23:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/06/17 04:23:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/06/17 04:23:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/17 04:23:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/06/17 04:23:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/06/17 04:23:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/06/17 04:23:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/06/16 21:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 21:30:47 | 000,161,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 23:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2002/03/14 12:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[1999/03/21 20:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2009/08/12 15:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASI
[2007/03/19 10:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/06/12 17:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Card Scanning Solutions
[2009/06/12 15:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CSActApp
[2006/12/08 13:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.2 Setup
[2011/03/24 14:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2007/01/12 10:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/09/11 13:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/02/15 15:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2006/07/31 13:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/01/12 10:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/09/26 23:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BAYSINN\Application Data\Canon
[2006/12/08 13:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BAYSINN\Application Data\eFax Messenger
[2011/06/29 10:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BAYSINN\Application Data\Kuasi
[2011/06/28 12:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BAYSINN\Application Data\Lekyej
[2006/07/31 13:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BAYSINN\Application Data\SampleView
[2007/03/08 02:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BAYSINN\Application Data\Template

========== Purity Check ==========



< End of report >
______________________________________________________________________________________________________________________________________________

OTL Extras logfile created on: 7/10/2011 3:42:51 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner.BAYSINN\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.58 Mb Total Physical Memory | 315.36 Mb Available Physical Memory | 35.29% Memory free
2.11 Gb Paging File | 1.60 Gb Available in Paging File | 75.70% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.75 Gb Total Space | 104.32 Gb Free Space | 72.57% Space Free | Partition Type: NTFS
Drive D: | 37.27 Gb Total Space | 37.20 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive E: | 5.28 Gb Total Space | 5.28 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: BAYSINN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1024:TCP" = 1024:TCP:*:Disabled:ASIFD

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\TightVNC\WinVNC.exe" = C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server -- (Constantin Kaplinsky)
"C:\Program Files\NetViewer\NetViewer16ch.exe" = C:\Program Files\NetViewer\NetViewer16ch.exe:*:Enabled:Network Viewer -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{269DBC9C-CAFC-472d-B1F1-0D327C2FFA76}" = Canon MF3200 Series
"{2BC80BB6-6A2C-4B9A-B547-F58C5D250A5D}" = RadioShack USB to Serial Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf08
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{85A52A89-81D8-4736-BF5D-032AC2CD61E5}" = eFax Messenger 4.2
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B77CAF30-4EC9-4B15-A78D-F26FF37D56E9}" = ASI FrontDesk
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{DE2A62F3-85A2-4F9D-B0AA-8311A5830324}" = Staples USB-to-Serial Adapter 2.03
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"E.M. PowerPoint Video Converter_is1" = E.M. PowerPoint Video Converter 3.20
"EDT for Windows_is1" = EDT for Windows V4.02
"FileHippo.com" = FileHippo.com Update Checker
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"InstallShield_{B77CAF30-4EC9-4B15-A78D-F26FF37D56E9}" = ASI FrontDesk
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NetViewer_is1" = NetViewer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCPitstop Panda AntiVirus Scan" = PCPitstop Panda AntiVirus Scan (remove only)
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"RealPlayer 6.0" = RealPlayer Basic
"ScanShell OCR Ver. 9.36.10.75" = ScanShell OCR Ver. 9.36.10.75
"TightVNC" = TightVNC 2.0.3
"TightVNC_is1" = TightVNC 1.2.9
"Videoplayer" = Videoplayer
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2011 2:31:46 PM | Computer Name = BAYSINN | Source = Application Error | ID = 1000
Description = Faulting application frontpg.exe, version 4.0.2.2717, faulting module
mso9.dll, version 9.0.0.2720, fault address 0x0006bbad.

Error - 6/8/2011 2:54:28 PM | Computer Name = BAYSINN | Source = Application Error | ID = 1000
Description = Faulting application frontpg.exe, version 4.0.2.2717, faulting module
mso9.dll, version 9.0.0.2720, fault address 0x0006bbad.

Error - 6/23/2011 2:57:07 PM | Computer Name = BAYSINN | Source = CanonPrinterDriver3 | ID = 1
Description = Entry Function: DrvBitBlt, Base Address: 71B00000, Exception Address:
20012867, Exception Code: ACCESS_VIOLATION

Error - 6/23/2011 2:58:02 PM | Computer Name = BAYSINN | Source = CanonPrinterDriver3 | ID = 1
Description = Entry Function: DrvBitBlt, Base Address: 71B00000, Exception Address:
20012867, Exception Code: ACCESS_VIOLATION

Error - 6/23/2011 3:00:25 PM | Computer Name = BAYSINN | Source = CanonPrinterDriver3 | ID = 1
Description = Entry Function: DrvBitBlt, Base Address: 71B00000, Exception Address:
20012867, Exception Code: ACCESS_VIOLATION

Error - 6/24/2011 11:39:05 AM | Computer Name = BAYSINN | Source = CanonPrinterDriver3 | ID = 1
Description = Entry Function: DrvBitBlt, Base Address: 71B00000, Exception Address:
20012867, Exception Code: ACCESS_VIOLATION

Error - 6/24/2011 11:39:05 AM | Computer Name = BAYSINN | Source = CanonPrinterDriver3 | ID = 1
Description = Entry Function: DrvBitBlt, Base Address: 71B00000, Exception Address:
20012867, Exception Code: ACCESS_VIOLATION

Error - 6/24/2011 11:39:05 AM | Computer Name = BAYSINN | Source = CanonPrinterDriver3 | ID = 1
Description = Entry Function: DrvBitBlt, Base Address: 71B00000, Exception Address:
20012867, Exception Code: ACCESS_VIOLATION

Error - 7/10/2011 1:26:29 PM | Computer Name = BAYSINN | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 7/10/2011 1:27:00 PM | Computer Name = BAYSINN | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

[ System Events ]
Error - 7/10/2011 3:01:04 PM | Computer Name = BAYSINN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm pavboot

Error - 7/10/2011 3:09:11 PM | Computer Name = BAYSINN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/10/2011 3:10:59 PM | Computer Name = BAYSINN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/10/2011 3:11:21 PM | Computer Name = BAYSINN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 7/10/2011 3:12:03 PM | Computer Name = BAYSINN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm pavboot

Error - 7/10/2011 3:14:42 PM | Computer Name = BAYSINN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/10/2011 3:16:06 PM | Computer Name = BAYSINN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/10/2011 3:16:23 PM | Computer Name = BAYSINN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 7/10/2011 3:17:22 PM | Computer Name = BAYSINN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm pavboot

Error - 7/10/2011 3:39:31 PM | Computer Name = BAYSINN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay

Could you run a fresh OTL log for me please - there will only be one text file this time

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Pete677

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Thanks for helping Essexboy!
I ran the OTL again with what you said but only the OTL.txt file came up and not the Extras.txt so below is the OTL, next reply will be the aswMBR
---------------------------------------------------------------------------------------------------------------
OTL logfile created on: 7/15/2011 3:28:16 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner.BAYSINN\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.58 Mb Total Physical Memory | 466.84 Mb Available Physical Memory | 52.24% Memory free
2.11 Gb Paging File | 1.74 Gb Available in Paging File | 82.21% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.75 Gb Total Space | 102.42 Gb Free Space | 71.25% Space Free | Partition Type: NTFS
Drive D: | 37.27 Gb Total Space | 37.20 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive E: | 5.28 Gb Total Space | 5.28 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: BAYSINN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/10 15:42:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.BAYSINN\Desktop\OTL.exe
PRC - [2011/05/26 16:47:16 | 000,826,896 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\TightVNC\tvnserver.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/31 12:50:21 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/12/09 20:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [1999/03/21 20:00:00 | 000,057,393 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/10 15:42:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.BAYSINN\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/26 16:47:16 | 000,826,896 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/07/31 12:50:21 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/01/14 16:03:26 | 000,050,176 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008/12/24 05:40:12 | 000,080,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008/12/16 06:10:34 | 000,070,016 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NmSerial.sys -- (nmserial)
DRV - [2008/04/13 13:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2006/07/31 13:05:14 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/04/06 16:20:44 | 004,258,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/18 20:41:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/15 23:48:08 | 001,477,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/17 11:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 11:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 11:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/10 19:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 19:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/05 02:25:02 | 000,023,296 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\u2s2kxp.sys -- (U2SP) USB to Serial Converter Driver(Philips)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baysinn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()



O1 HOSTS File: ([2011/07/10 13:59:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\Owner.BAYSINN\Start Menu\Programs\Startup\Launch Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner.BAYSINN\Start Menu\Programs\Startup\Launch TightVNC Server.lnk = C:\Program Files\TightVNC\WinVNC.exe (Constantin Kaplinsky)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} http://24.56.66.133/dvrweb.cab (DHSurveillanceCtrl Control)
O16 - DPF: {5A99FD4F-BE4A-4FBF-8ABF-FEE1793EF79C} http://72.17.185.242/WebLoaderPro.cab (ActiveFormX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1199279495976 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...ows-i586-jc.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} http://pcpitstop.com...irus/PitPav.cab (AV Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.BAYSINN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.BAYSINN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/07 07:37:45 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{4f1c5482-fc21-11df-b029-001676d4f682}\Shell - "" = AutoRun
O33 - MountPoints2\{4f1c5482-fc21-11df-b029-001676d4f682}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f1c5482-fc21-11df-b029-001676d4f682}\Shell\AutoRun\command - "" = K:\setup.exe -a
O33 - MountPoints2\{ba67c87e-d358-11dc-add0-001676d4f682}\Shell - "" = AutoRun
O33 - MountPoints2\{ba67c87e-d358-11dc-add0-001676d4f682}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ba67c87e-d358-11dc-add0-001676d4f682}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/13 11:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2011/07/13 11:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SQL Server 2005
[2011/07/13 11:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/07/13 11:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/07/13 11:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BAYSINN\Desktop\6.0 database
[2011/07/13 11:37:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\FlexCell.3015
[2011/07/13 11:37:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ComponentFactory.Krypton.432
[2011/07/13 11:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ASI FrontDesk 6.0.0
[2011/07/13 11:36:03 | 028,173,480 | ---- | C] (Anand Systems Inc ) -- C:\Documents and Settings\Owner.BAYSINN\Desktop\asifd_6.0.18.040.exe
[2011/07/11 18:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BAYSINN\Desktop\BaysInnDB
[2011/07/10 15:42:25 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.BAYSINN\Desktop\OTL.exe
[2011/07/10 14:11:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/10 14:05:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/10 13:50:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/06/30 14:40:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.BAYSINN\Recent
[2011/06/30 14:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2011/06/30 14:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2011/06/30 12:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Puran Defrag
[2011/06/30 12:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/06/29 10:33:46 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/06/29 09:57:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/06/17 10:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BAYSINN\Application Data\Lekyej
[2011/06/17 10:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.BAYSINN\Application Data\Kuasi
[2001/04/02 13:07:00 | 000,032,768 | ---- | C] (  ) -- C:\WINDOWS\System32\ASIDLL.dll

========== Files - Modified Within 30 Days ==========

[2011/07/15 15:17:10 | 032,309,248 | ---- | M] () -- C:\Documents and Settings\Owner.BAYSINN\My Documents\outlook.pst
[2011/07/15 15:16:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/15 15:14:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/13 11:42:42 | 000,545,338 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/13 11:42:42 | 000,112,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/13 11:37:47 | 000,001,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ASI FrontDesk 6.0.0 Startup Guide.lnk
[2011/07/13 11:37:47 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Anand Systems Inc Home Page.lnk
[2011/07/13 11:37:47 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ASI FrontDesk Configuration 6.0.0.lnk
[2011/07/13 11:37:47 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ASI FrontDesk 6.0.0.lnk
[2011/07/13 11:36:17 | 028,173,480 | ---- | M] (Anand Systems Inc ) -- C:\Documents and Settings\Owner.BAYSINN\Desktop\asifd_6.0.18.040.exe
[2011/07/11 18:37:39 | 016,933,962 | ---- | M] () -- C:\Documents and Settings\Owner.BAYSINN\Desktop\BaysInnDB.rar
[2011/07/11 13:06:18 | 000,002,313 | ---- | M] () -- C:\Documents and Settings\Owner.BAYSINN\Application Data\Microsoft\Internet Explorer\Quick Launch\Bays Inn Check Inn.lnk
[2011/07/11 12:27:07 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Owner.BAYSINN\Desktop\ASI FrontDesk Configuration.lnk
[2011/07/11 12:02:49 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ASI FrontDesk.lnk
[2011/07/10 15:42:30 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.BAYSINN\Desktop\OTL.exe
[2011/07/10 14:10:13 | 000,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/10 13:59:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/10 13:51:12 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/10 13:51:12 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/29 12:50:49 | 000,011,264 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2011/06/29 12:50:49 | 000,002,388 | ---- | M] () -- C:\WINDOWS\DCEBOOT.CFG

========== Files Created - No Company Name ==========

[2011/07/13 11:37:47 | 000,001,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ASI FrontDesk 6.0.0 Startup Guide.lnk
[2011/07/13 11:37:47 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Anand Systems Inc Home Page.lnk
[2011/07/13 11:37:47 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ASI FrontDesk Configuration 6.0.0.lnk
[2011/07/13 11:37:47 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ASI FrontDesk 6.0.0.lnk
[2011/07/13 11:37:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLIMCDTC.dll
[2011/07/11 18:36:25 | 016,933,962 | ---- | C] () -- C:\Documents and Settings\Owner.BAYSINN\Desktop\BaysInnDB.rar
[2011/06/29 12:50:12 | 000,002,388 | ---- | C] () -- C:\WINDOWS\DCEBOOT.CFG
[2011/04/15 22:52:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/01 12:20:09 | 000,011,264 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2009/12/15 08:50:37 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner.BAYSINN\Local Settings\Application Data\housecall.guid.cache
[2009/10/27 16:19:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NetViewer16ch_iplog.ini
[2009/09/11 13:45:27 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP21.INI
[2009/09/07 17:52:03 | 000,054,908 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fx2Cam.bin
[2009/06/12 15:52:29 | 000,331,264 | ---- | C] () -- C:\WINDOWS\System32\SS8NRWIA.dll
[2009/06/12 15:52:29 | 000,331,264 | ---- | C] () -- C:\WINDOWS\System32\SS8DXWIA.DLL
[2009/06/12 15:52:29 | 000,331,264 | ---- | C] () -- C:\WINDOWS\System32\SS8DNWIA.DLL
[2009/06/12 15:52:28 | 000,331,264 | ---- | C] () -- C:\WINDOWS\System32\CSS8RWIA.dll
[2008/02/21 13:43:48 | 000,000,359 | ---- | C] () -- C:\WINDOWS\NetViewer16ch.INI
[2007/09/12 10:19:56 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/04/20 10:18:47 | 000,000,248 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2007/03/08 02:46:27 | 000,000,266 | ---- | C] () -- C:\Documents and Settings\Owner.BAYSINN\Application Data\wklnhst.dat
[2007/01/22 04:50:39 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Owner.BAYSINN\Local Settings\Application Data\fusioncache.dat
[2007/01/12 10:54:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/07 12:55:13 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Owner.BAYSINN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/27 19:04:55 | 000,000,033 | ---- | C] () -- C:\WINDOWS\SLib.INI
[2006/11/27 19:01:05 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP12.INI
[2006/07/31 13:04:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/31 13:02:45 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/07/31 13:02:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/07/31 13:02:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/07/31 12:59:11 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006/07/31 12:55:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/31 12:29:08 | 000,112,421 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/06/21 04:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 04:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/17 04:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 04:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 04:24:58 | 000,001,386 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 04:24:57 | 000,000,469 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 04:23:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/06/17 04:23:22 | 000,545,338 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/17 04:23:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/06/17 04:23:22 | 000,112,646 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/17 04:23:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/06/17 04:23:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/06/17 04:23:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/06/17 04:23:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/17 04:23:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/06/17 04:23:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/06/17 04:23:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/06/17 04:23:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/06/16 21:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 21:30:47 | 000,161,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 23:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2002/03/14 12:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[1999/03/21 20:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2011/07/13 11:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASI
[2007/03/19 10:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/06/12 17:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Card Scanning Solutions
[2009/06/12 15:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CSActApp
[2006/12/08 13:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.2 Setup
[2011/03/24 14:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2007/01/12 10:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/09/11 13:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/02/15 15:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2006/07/31 13:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/01/12 10:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/09/26 23:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BAYSINN\Application Data\Canon
[2006/12/08 13:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BAYSINN\Application Data\eFax Messenger
[2011/06/29 10:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BAYSINN\Application Data\Kuasi
[2011/06/28 12:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BAYSINN\Application Data\Lekyej
[2006/07/31 13:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BAYSINN\Application Data\SampleView
[2007/03/08 02:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.BAYSINN\Application Data\Template

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

< End of report >
  • 0

#4
Pete677

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Here is the aswMBR.txt:

aswMBR version 0.9.7.750 Copyright© 2011 AVAST Software
Run date: 2011-07-15 15:37:00
-----------------------------
15:37:00.767 OS Version: Windows 5.1.2600 Service Pack 3
15:37:00.767 Number of processors: 2 586 0x409
15:37:00.767 ComputerName: BAYSINN UserName: Owner
15:37:01.314 Initialize success
15:37:31.096 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-17
15:37:31.096 Disk 0 Vendor: ST3160212A 3.AAE Size: 152627MB BusType: 3
15:37:31.111 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T1L0-1f
15:37:31.111 Disk 1 Vendor: WDC_WD400EB-11CPF0 06.04G06 Size: 38166MB BusType: 3
15:37:33.127 Disk 0 MBR read successfully
15:37:33.127 Disk 0 MBR scan
15:37:33.127 Disk 0 unknown MBR code
15:37:35.127 Disk 0 scanning sectors +312576705
15:37:35.205 Disk 0 scanning C:\WINDOWS\system32\drivers
15:37:58.299 Service scanning
15:37:59.237 Disk 0 trace - called modules:
15:37:59.253 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:37:59.253 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85567ab8]
15:37:59.253 3 CLASSPNP.SYS[f75e2fd7] -> nt!IofCallDriver -> \Device\00000093[0x8557f2e0]
15:37:59.268 5 ACPI.sys[f73d9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-17[0x855c7d98]
15:37:59.268 Scan finished successfully
15:40:14.600 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.BAYSINN\Desktop\MBR.dat"
15:40:14.600 The log file has been saved successfully to "C:\Documents and Settings\Owner.BAYSINN\Desktop\aswMBR.txt"
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What are your current problems please - is there any change

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#6
Pete677

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Here ya go :)

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 179):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7A02000 \WINDOWS\system32\KDCOM.DLL
0xF7912000 \WINDOWS\system32\BOOTVID.dll
0xF73D3000 ACPI.sys
0xF7A04000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF73C2000 pci.sys
0xF7502000 isapnp.sys
0xF7512000 ohci1394.sys
0xF7522000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7916000 compbatt.sys
0xF791A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7ACA000 pciide.sys
0xF7782000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A06000 aliide.sys
0xF7A08000 intelide.sys
0xF7A0A000 toside.sys
0xF7A0C000 viaide.sys
0xF7A0E000 cmdide.sys
0xF73A4000 pcmcia.sys
0xF7532000 MountMgr.sys
0xF7385000 ftdisk.sys
0xF7A10000 dmload.sys
0xF735F000 dmio.sys
0xF791E000 ACPIEC.sys
0xF7ACB000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF778A000 PartMgr.sys
0xF7792000 pavboot.sys
0xF7542000 VolSnap.sys
0xF7922000 cpqarray.sys
0xF7347000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF732F000 atapi.sys
0xF7926000 aha154x.sys
0xF779A000 sparrow.sys
0xF792A000 symc810.sys
0xF7552000 aic78xx.sys
0xF792E000 dac960nt.sys
0xF7562000 ql10wnt.sys
0xF7932000 amsint.sys
0xF77A2000 asc.sys
0xF7936000 asc3550.sys
0xF77AA000 mraid35x.sys
0xF77B2000 i2omp.sys
0xF793A000 ini910u.sys
0xF7572000 ql1240.sys
0xF7582000 aic78u2.sys
0xF77BA000 symc8xx.sys
0xF77C2000 sym_hi.sys
0xF77CA000 sym_u3.sys
0xF77D2000 ABP480N5.SYS
0xF77DA000 asc3350p.sys
0xF7A12000 cd20xrnt.sys
0xF7592000 ultra.sys
0xF7316000 adpu160m.sys
0xF77E2000 dpti2o.sys
0xF75A2000 ql1080.sys
0xF75B2000 ql1280.sys
0xF75C2000 ql12160.sys
0xF77EA000 perc2.sys
0xF7A14000 perc2hib.sys
0xF77F2000 hpn.sys
0xF793E000 cbidf2k.sys
0xF72EA000 dac2w2k.sys
0xF75D2000 disk.sys
0xF75E2000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72CA000 fltmgr.sys
0xF77FA000 PxHelp20.sys
0xF72B3000 KSecDD.sys
0xF7226000 Ntfs.sys
0xF71F9000 NDIS.sys
0xF75F2000 sisagp.sys
0xF7602000 viaagp.sys
0xF71DF000 Mup.sys
0xF7612000 alim1541.sys
0xF7622000 amdagp.sys
0xF7632000 agp440.sys
0xF7642000 agpCPQ.sys
0xF715F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF69DB000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF69C7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78DA000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF69A3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78E2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF714F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF713F000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7662000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7672000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6980000 \SystemRoot\system32\DRIVERS\ks.sys
0xF78EA000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF6958000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7682000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78F2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF78FA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6944000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7692000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7103000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6930000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF76A2000 \SystemRoot\system32\DRIVERS\mf.sys
0xF68F9000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF67FC000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xF674F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7902000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7B72000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76B2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF70FF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6698000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76C2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76D2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF790A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6687000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76E2000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF780A000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7842000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6607000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76F2000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A42000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF65A9000 \SystemRoot\system32\DRIVERS\update.sys
0xF70D2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7712000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7742000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A44000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xEE54D000 \SystemRoot\system32\DRIVERS\NmPar.sys
0xEE53B000 \SystemRoot\system32\DRIVERS\nmserial.sys
0xEE065000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xEE041000 \SystemRoot\system32\drivers\portcls.sys
0xF7762000 \SystemRoot\system32\drivers\drmk.sys
0xF785A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF79CE000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7A52000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C00000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A54000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7872000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF787A000 \SystemRoot\System32\drivers\vga.sys
0xF7A56000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A58000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7882000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF788A000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF79D6000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEDFE6000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEDF8D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEDF65000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEDF43000 \SystemRoot\System32\drivers\afd.sys
0xF7772000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDF18000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDEA8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF71CF000 \SystemRoot\System32\Drivers\Fips.SYS
0xEDE82000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF71BF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF79EE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF71AF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF65A5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xEDE36000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEDE1E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A74000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEE03D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78B2000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BAC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF093000 \SystemRoot\System32\atikvmag.dll
0xBF0C9000 \SystemRoot\System32\ati3duag.dll
0xBF345000 \SystemRoot\System32\ativvaxx.dll
0xBF418000 \SystemRoot\System32\ATMFD.DLL
0xEBCFE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEB981000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEB8A4000 \SystemRoot\system32\drivers\wdmaud.sys
0xEE4AB000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7A66000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF7A68000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xEB633000 \SystemRoot\System32\Drivers\HTTP.sys
0xEB852000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEB5B3000 \SystemRoot\system32\DRIVERS\srv.sys
0xEB56B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF6CAF000 \SystemRoot\system32\DRIVERS\sr.sys
0xF6D2C000 \??\C:\DOCUME~1\OWNER~1.BAY\LOCALS~1\Temp\aswMBR.sys
0xF6CD1000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
472 C:\WINDOWS\system32\smss.exe
536 csrss.exe
564 C:\WINDOWS\system32\winlogon.exe
608 C:\WINDOWS\system32\services.exe
620 C:\WINDOWS\system32\lsass.exe
788 C:\WINDOWS\system32\ati2evxx.exe
804 C:\WINDOWS\system32\svchost.exe
864 svchost.exe
904 C:\WINDOWS\system32\svchost.exe
968 svchost.exe
1004 svchost.exe
1204 C:\WINDOWS\system32\spoolsv.exe
1296 svchost.exe
1372 C:\WINDOWS\system32\ati2evxx.exe
1552 C:\WINDOWS\explorer.exe
1600 C:\WINDOWS\ehome\ehSched.exe
1676 sqlservr.exe
1852 C:\WINDOWS\ehome\ehtray.exe
1860 C:\Program Files\Digital Media Reader\readericon45G.exe
1880 C:\WINDOWS\RTHDCPL.exe
1948 C:\Program Files\TightVNC\tvnserver.exe
1956 C:\WINDOWS\system32\ctfmon.exe
1968 C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
1988 C:\Program Files\Microsoft SQL Server\MSSQL$ASIFD\Binn\sqlservr.exe
200 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
280 sqlbrowser.exe
296 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
400 svchost.exe
428 C:\WINDOWS\system32\svchost.exe
424 C:\Program Files\TightVNC\tvnserver.exe
924 mcrdsvc.exe
2440 alg.exe
2696 C:\WINDOWS\system32\dllhost.exe
2820 C:\WINDOWS\ehome\ehmsas.exe
3060 C:\WINDOWS\system32\wuauclt.exe
3384 C:\Program Files\Internet Explorer\iexplore.exe
3424 C:\Program Files\Internet Explorer\iexplore.exe
2564 C:\Program Files\Internet Explorer\iexplore.exe
772 C:\Documents and Settings\Owner.BAYSINN\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`52c5e600 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST3160212A, Rev: 3.AAE
PhysicalDrive1 Model Number: WDCWD400EB-11CPF0, Rev: 06.04G06

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Gateway MBR code detected
SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD
37 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: 8637A6CD1F8DC55758E12C0B860CDE1133CA5719


Done!
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thats good as well, the MBR checks out nicely :)

Any problems with the system ?
  • 0

#8
Pete677

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
It was shutting off by itself at times so read a few things about here thinking it could be a virus.
If all tests indicate it to be none, then maybe its a hardware cause.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets have a quick hardware check

Download Speedfan (The download link is to the right), and install it. Once it's installed, run the program and post here the information it shows.
The information I want you to post is the stuff that is circled in the example picture I have attached.
To make sure we are getting all the correct information it would help us if you were to attach a screenshot like the one below of your Speedfan results.

To do a screenshot please have click on your Print Screen on your keyboard.
  • It is normally the key above your number pad between the F12 key and the Scroll Lock key
  • Now go to Start and then to All Programs
  • Scroll to Accessories and then click on Paint
  • In the Empty White Area click and hold the CTRL key and then click the V
  • Go to the File option at the top and click on Save as
  • Save as file type JPEG and save it to your Desktop
  • Attach it to your next reply

Posted Image
  • 0

#10
Pete677

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
File attached, thanks!speedfan.JPG
  • 0

Advertisements


#11
Pete677

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Here is an updated one that shows a bit of heat? speedfan1.JPG
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How long after the first screenshot was the second taken ? As it may well indicate a heating problem
  • 0

#13
Pete677

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
It was about an hour difference, pretty much when the time was posted.
Here is a current one now alsospeedfan2.JPG
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There is a heat increase which over a few hours could cause a shutdown

Could you check that all vents are clear and the fan is turning
  • 0

#15
Pete677

Pete677

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Fan is running on the back and also by CPU.
I did vaccuum the inside for all dust including the vents and it did shutoff after all this which was about 10 days ago.
The only programs open currently is Microsoft Outlook email and Internet Explorer so I think when minimum activity is taking place then it doesnt shut off.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP