Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Search Redirects & Can't Run Malewarebytes Update

Started by ChrisPittts , Aug 07 2011 09:11 AM

This topic is locked

#76
SweetTech

Posted 22 August 2011 - 03:49 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hi!

Okay. We need to run another fix with OTL in OTLPE followed by a new custom scan.

You'll want to boot up into OTLPE.

Run this fix below.

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:Files
C:\_REGISTRY_MACHINE_SYSTEM
C:\_REGISTRY_MACHINE_SAM
C:\_REGISTRY_MACHINE_SOFTWARE
C:\_REGISTRY_MACHINE_SECURITY

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

OTL Custom Scan

We need to create a new OTL Report

Double click on the icon on your desktop.
Click on the NONE button at the top.
In the custom scan box paste the following:
```
C:\Windows\ERDNT\hiv-backup\*.*
```
Push the button.
One report will open, copy and paste it in a reply here:
OTL.txt <-- Will be opened

#77
ChrisPittts

Posted 22 August 2011 - 05:38 PM

Member

Topic Starter
Member
64 posts

You have amazing patience! I'll work on this later tonight and send the logs along.

#78
SweetTech

Posted 22 August 2011 - 05:42 PM

Sir SpamAlot

Retired Staff
7,671 posts

Okay, I'll look forward to your response later this evening.

#79
ChrisPittts

Posted 22 August 2011 - 08:09 PM

Member

Topic Starter
Member
64 posts

========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\_REGISTRY_MACHINE_SYSTEM moved successfully.
C:\_REGISTRY_MACHINE_SAM moved successfully.
C:\_REGISTRY_MACHINE_SOFTWARE moved successfully.
C:\_REGISTRY_MACHINE_SECURITY moved successfully.

OTLPE by OldTimer - Version 3.1.48.0 log created on 08232011_080242

OTL logfile created on: 8/23/2011 8:04:39 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 293.00 Mb Available Physical Memory | 58.00% Memory free
455.00 Mb Paging File | 319.00 Mb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.85 Gb Total Space | 12.16 Gb Free Space | 43.66% Space Free | Partition Type: NTFS
Drive D: | 1.91 Gb Total Space | 1.87 Gb Free Space | 98.30% Space Free | Partition Type: FAT
Drive E: | 5.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (nosGetPlusHelper) getPlus®
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/04/27 18:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2005/09/30 22:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (MpKslf6b148ea)
DRV - File not found [Kernel | System] -- -- (MpKsle7e9ed98)
DRV - File not found [Kernel | System] -- -- (MpKsld2c62d31)
DRV - File not found [Kernel | System] -- -- (MpKslc83c2d22)
DRV - File not found [Kernel | System] -- -- (MpKslc3542fdf)
DRV - File not found [Kernel | System] -- -- (MpKslafb24840)
DRV - File not found [Kernel | System] -- -- (MpKsl8da7c233)
DRV - File not found [Kernel | System] -- -- (MpKsl891ce307)
DRV - File not found [Kernel | System] -- -- (MpKsl8874233f)
DRV - File not found [Kernel | System] -- -- (MpKsl85f23ca2)
DRV - File not found [Kernel | System] -- -- (MpKsl802ef946)
DRV - File not found [Kernel | System] -- -- (MpKsl6f0c5a08)
DRV - File not found [Kernel | System] -- -- (MpKsl55271886)
DRV - File not found [Kernel | System] -- -- (MpKsl54b6248d)
DRV - File not found [Kernel | System] -- -- (MpKsl4c5f7fdc)
DRV - File not found [Kernel | System] -- -- (MpKsl4bca8e73)
DRV - File not found [Kernel | System] -- -- (MpKsl48f80826)
DRV - File not found [Kernel | System] -- -- (MpKsl43a2d531)
DRV - File not found [Kernel | System] -- -- (MpKsl437a4a91)
DRV - File not found [Kernel | System] -- -- (MpKsl3e1e0fd0)
DRV - File not found [Kernel | System] -- -- (MpKsl36d05cb1)
DRV - File not found [Kernel | System] -- -- (MpKsl30841899)
DRV - File not found [Kernel | System] -- -- (MpKsl07dabd06)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/08/21 22:21:36 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{58DBAB99-6DA4-4EEF-9096-1BF45ADD9D4A}\MpKsl94d6268a.sys -- (MpKsl94d6268a)
DRV - [2011/08/14 07:09:35 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{58DBAB99-6DA4-4EEF-9096-1BF45ADD9D4A}\MpKsl13cb14b0.sys -- (MpKsl13cb14b0)
DRV - [2007/03/16 18:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/05/03 19:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 19:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 19:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 19:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Matthew_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Matthew_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Michael_Belmont_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\Michael_Belmont_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Michael_Belmont_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Michael_Belmont_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\MJ_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\MJ_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\MJ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\MJ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Mommy_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Mommy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Peter_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Peter_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.oblates....sian_quote.php"
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.no_proxies_on: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michael Belmont\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michael Belmont\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/30 14:37:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/23 14:30:42 | 000,000,000 | ---D | M]

[2010/03/19 12:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Belmont\Application Data\Mozilla\Extensions
[2011/08/14 07:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Belmont\Application Data\Mozilla\Firefox\Profiles\3vtzljp6.default\extensions
[2011/07/31 18:33:58 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Michael Belmont\Application Data\Mozilla\Firefox\Profiles\3vtzljp6.default\extensions\[email protected]
[2011/08/09 16:22:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/16 13:59:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 07:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/08/09 16:11:32 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No CLSID value found.
O3 - HKU\Matthew_ON_C\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\Matthew_ON_C\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No CLSID value found.
O3 - HKU\Matthew_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Michael_Belmont_ON_C\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\Michael_Belmont_ON_C\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\Michael_Belmont_ON_C\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No CLSID value found.
O3 - HKU\MJ_ON_C\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\MJ_ON_C\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No CLSID value found.
O3 - HKU\MJ_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Mommy_ON_C\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\Mommy_ON_C\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No CLSID value found.
O3 - HKU\Peter_ON_C\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\Peter_ON_C\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\Peter_ON_C\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - No CLSID value found.
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PrnSys Executable] C:\Program Files\Hewlett-Packard\hp print screen utility\prnsys.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueZone Session Manager.LNK ()
O4 - Startup: C:\Documents and Settings\Michael Belmont\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ()
O4 - Startup: C:\Documents and Settings\MJ\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ()
O4 - Startup: C:\Documents and Settings\Peter\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Matthew_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Matthew_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Michael_Belmont_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Michael_Belmont_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Michael_Belmont_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Michael_Belmont_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\MJ_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\MJ_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Mommy_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Mommy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Peter_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - Reg Error: Key error. File not found
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - Reg Error: Key error. File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - Reg Error: Key error. File not found
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - Reg Error: Key error. File not found
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - CLSID or File not found.
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - CLSID or File not found.
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - CLSID or File not found.
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/05 11:27:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/10 13:34:09 | 000,002,147 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O32 - AutoRun File - [2006/03/17 20:31:34 | 000,000,171 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/16 22:18:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/08/16 20:57:46 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/08/14 08:10:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/14 08:08:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/08/14 08:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/08/14 08:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/08/14 08:06:41 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011/08/14 08:06:40 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/08/14 08:06:40 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011/08/14 08:06:40 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011/08/14 08:06:39 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011/08/14 08:06:39 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011/08/14 08:06:39 | 000,000,000 | ---D | C] -- C:\9d9d958b19735ff0d70eebc46e3f
[2011/08/14 08:05:07 | 000,000,000 | ---D | C] -- C:\0ff7295ea5ebd7c650a1a0a46583f79b
[2011/08/14 08:04:56 | 000,000,000 | ---D | C] -- C:\6b890c6c3a02bd6d90432396
[2011/08/14 07:58:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael Belmont\Recent
[2011/08/11 13:42:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/11 13:41:55 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/11 13:40:30 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/09 16:30:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/09 16:27:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/09 16:27:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/09 16:27:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/09 16:27:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/09 16:27:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/09 16:27:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/09 16:27:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael Belmont\Start Menu\Programs\Administrative Tools
[2011/08/09 16:09:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/09 16:07:19 | 000,000,000 | ---D | C] -- C:\2ff5a2b8e12ee606e568002813df103b
[2011/08/09 16:03:45 | 000,000,000 | ---D | C] -- C:\32ada37ebc0a802f5407f0
[2011/08/09 16:03:35 | 000,000,000 | ---D | C] -- C:\413584e0a82357ba95a1
[2011/07/31 20:21:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Peter\Recent
[2011/07/31 19:46:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mommy\Recent
[2011/07/31 19:42:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MJ\Recent
[2011/07/31 19:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Local Settings\Application Data\WMTools Downloaded Files
[2011/07/31 19:39:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matthew\Recent
[2011/07/31 19:38:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Matthew\My Documents\My Videos
[2011/07/31 19:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Application Data\Malwarebytes
[2011/07/31 18:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Belmont\Application Data\Malwarebytes
[2011/07/31 18:44:06 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/31 18:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/31 18:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/07/31 18:44:01 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/31 18:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/31 18:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Dell Wireless
[2011/07/31 18:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Belmont\Start Menu\Programs\Dell Inc
[2011/07/31 17:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Belmont\Local Settings\Application Data\Deployment
[2011/07/31 17:38:56 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/07/31 17:37:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/07/31 17:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/28 15:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Activision Value
[2011/07/28 13:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Disney Imagineering
[2004/11/29 19:08:30 | 000,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll

========== Files - Modified Within 30 Days ==========

[2011/08/22 21:42:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/22 04:44:18 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-113007714-682003330-1006UA.job
[2011/08/21 22:23:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-113007714-682003330-1003UA.job
[2011/08/21 22:21:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/14 08:13:14 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/14 08:10:24 | 000,435,540 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/14 08:10:24 | 000,068,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/14 08:10:03 | 000,091,712 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/08/14 07:14:36 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/14 06:34:08 | 000,002,336 | ---- | M] () -- C:\Documents and Settings\Michael Belmont\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/14 06:34:06 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\Michael Belmont\Desktop\Google Chrome.lnk
[2011/08/12 22:06:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-113007714-682003330-1006Core.job
[2011/08/09 16:30:49 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/09 16:11:32 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/31 20:28:41 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
[2011/07/31 18:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/31 18:25:58 | 000,056,802 | ---- | M] () -- C:\WINDOWS\System32\DellSystem.xml
[2011/07/31 18:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Dell Wireless
[2011/07/30 02:23:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-113007714-682003330-1003Core.job
[2011/07/28 15:11:42 | 000,000,129 | ---- | M] () -- C:\WINDOWS\disney.ini
[2011/07/28 14:00:51 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/28 14:00:48 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Google Chrome.lnk
[2011/07/28 13:38:21 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/07/28 13:38:20 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/07/28 13:38:18 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/07/28 13:37:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\EReg515.dat
[2011/07/28 13:32:52 | 000,000,172 | ---- | M] () -- C:\WINDOWS\disneysy.ini
[2011/07/28 13:13:46 | 000,000,500 | ---- | M] () -- C:\WINDOWS\hegames.ini
[2011/07/28 00:34:55 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/28 00:31:18 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk

========== Files Created - No Company Name ==========

[2011/08/14 08:10:03 | 000,091,712 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/08/09 16:30:48 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/09 16:30:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/09 16:27:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/09 16:27:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/09 16:27:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/09 16:27:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/09 16:27:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/31 17:58:43 | 000,056,802 | ---- | C] () -- C:\WINDOWS\System32\DellSystem.xml
[2011/07/28 13:37:58 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/07/28 13:37:56 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/07/28 13:37:56 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/07/28 13:37:48 | 000,000,284 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2011/07/28 13:33:24 | 000,000,129 | ---- | C] () -- C:\WINDOWS\disney.ini
[2011/07/28 13:32:33 | 000,000,172 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2011/07/28 00:39:15 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/24 12:03:22 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Michael Belmont\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/20 13:09:31 | 000,000,313 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/07/16 09:06:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/22 19:43:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/21 16:07:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/04/21 16:05:12 | 000,000,500 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010/04/19 16:11:57 | 000,001,426 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2010/04/11 15:48:23 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/04/10 17:23:21 | 000,000,411 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/03/19 14:01:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/03/19 14:01:35 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/03/19 14:01:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/03/19 12:47:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/13 01:14:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/13 01:06:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/12 16:45:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/12 16:44:11 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 18:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 18:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,435,540 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,068,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/20 14:14:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2003/08/18 06:55:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2003/08/18 06:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 07:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2001/01/19 11:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE

========== LOP Check ==========

[2010/06/03 22:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Belmont\Application Data\Canon
[2010/04/19 16:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Belmont\Application Data\f-secure
[2010/04/19 16:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Belmont\Application Data\InterTrust
[2010/09/22 20:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mommy\Application Data\Canon
[2010/10/20 13:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
[2011/07/28 13:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Disney Imagineering
[2010/09/13 12:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\f-secure
[2010/04/20 09:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\fssg
[2010/12/06 22:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/14 07:14:36 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< C:\Windows\ERDNT\hiv-backup\*.* >
[2011/08/09 16:27:42 | 000,425,984 | ---- | M] () -- C:\Windows\ERDNT\hiv-backup\default
[2011/08/09 16:27:48 | 000,000,673 | ---- | M] () -- C:\Windows\ERDNT\hiv-backup\ERDNT.CON
[2005/10/20 08:02:28 | 000,163,328 | ---- | M] () -- C:\Windows\ERDNT\hiv-backup\ERDNT.EXE
[2011/08/09 16:27:48 | 000,001,257 | ---- | M] () -- C:\Windows\ERDNT\hiv-backup\ERDNT.INF
[2000/08/30 20:00:00 | 000,002,815 | ---- | M] () -- C:\Windows\ERDNT\hiv-backup\ERDNTDOS.LOC
[2000/08/30 20:00:00 | 000,003,275 | ---- | M] () -- C:\Windows\ERDNT\hiv-backup\ERDNTWIN.LOC
[2011/08/09 16:27:43 | 000,028,672 | ---- | M] () -- C:\Windows\ERDNT\hiv-backup\SAM
[2011/08/09 16:27:36 | 000,049,152 | ---- | M] () -- C:\Windows\ERDNT\hiv-backup\SECURITY
[2011/08/09 16:27:38 | 024,289,280 | ---- | M] () -- C:\Windows\ERDNT\hiv-backup\software
[2011/08/09 16:27:41 | 006,205,440 | ---- | M] () -- C:\Windows\ERDNT\hiv-backup\system
< End of report >

#80
SweetTech

Posted 23 August 2011 - 07:49 AM

Sir SpamAlot

Retired Staff
7,671 posts

Hi!

When you get a chance please run this OTL fix:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:Files
C:\Windows\System32\Config\SAM|C:\Windows\ERDNT\hiv-backup\SAM /replace
C:\Windows\System32\Config\SECURITY|C:\Windows\ERDNT\hiv-backup\SECURITY /replace
C:\Windows\System32\Config\software|C:\Windows\ERDNT\hiv-backup\software /replace
C:\Windows\System32\Config\system|C:\Windows\ERDNT\hiv-backup\system /replace
C:\Windows\System32\Config\default|C:\Windows\ERDNT\hiv-backup\default /replace

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

After running the above fix please attempt to boot into Windows and see if it will allow you to boot up properly.

#81
ChrisPittts

Posted 23 August 2011 - 09:32 PM

Member

Topic Starter
Member
64 posts

Darn - same as before. I ran the fix. It cues me to reboot,and I choose 'yes' but it doesn't reboot. The bottom of the OTL screen says 'processing complete!' but never goes into reboot mode.

I tried just turning the machine off via the start button, but no change...

#82
SweetTech

Posted 24 August 2011 - 06:45 PM

Sir SpamAlot

Retired Staff
7,671 posts

Can you try to boot up normally now, and see what exactly happens now?

#83
ChrisPittts

Posted 25 August 2011 - 01:54 AM

Member

Topic Starter
Member
64 posts

booting normally does the same thing it has been doing all along... it seems ok until it gets the the point that the profiles normally load, then it freezes...

#84
SweetTech

Posted 25 August 2011 - 02:23 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hi!

Okay, lets give this a shot, and see if you're able to boot up successfully after running it.

Open notepad by going to START > RUN and type notepad.exe in the box that appears. In the window that pops up please copy and paste the following:

@ECHO OFF
cd /d %~dp0
Ren C:\Windows\System32\Config\SYSTEM SYSTEM.002
Ren C:\Windows\System32\Config\SAM SAM.002
Ren C:\Windows\System32\Config\SECURITY SECURITY.002
Ren C:\Windows\System32\Config\SOFTWARE SOFTWARE.002
Ren C:\Windows\System32\Config\Default Default.002
Copy C:\Windows\ERDNT\hiv-backup\SAM C:\Windows\System32\Config\SAM
Copy C:\Windows\ERDNT\hiv-backup\SECURITY C:\Windows\System32\Config\SECURITY
Copy C:\Windows\ERDNT\hiv-backup\software C:\Windows\System32\Config\SOFTWARE
Copy C:\Windows\ERDNT\hiv-backup\system C:\Windows\System32\Config\SYSTEM
Copy C:\Windows\ERDNT\hiv-backup\Default C:\Windows\System32\Config\Default
Dir /a C:\Windows\System32\Config\*.* >Report.txt
Exit

In Notepad click on the "File" menu > Save As... Under "File name" type fix.bat and Change "Save as type" to All Files, save it in your USB drive, overwriting the existing one.

Posted Image

Boot the ailing computer to Reatogo and browse to the USB drive. Double click on fix.bat. It should run a fix, and upon completion it should produce a log file called Report.txt. Post its contents in your next reply.

Please do not run this fix on a working machine.

#85
ChrisPittts

Posted 25 August 2011 - 03:02 PM

Member

Topic Starter
Member
64 posts

Volume in drive C has no label.
Volume Serial Number is 1C0F-5469

Directory of C:\Windows\System32\Config

08/26/2011 05:00 AM <DIR> .
08/26/2011 05:00 AM <DIR> ..
08/14/2011 07:07 AM 524,288 AppEvent.Evt
08/09/2011 04:27 PM 425,984 Default
08/14/2011 07:07 AM 524,288 Default.002
08/24/2011 10:38 AM 1,024 default.LOG
03/12/2010 04:43 PM 94,208 default.sav
05/24/2011 11:39 AM 65,536 ODiag.evt
08/09/2011 04:18 PM 589,824 OSession.evt
08/09/2011 04:27 PM 28,672 SAM
08/14/2011 08:14 AM 28,672 SAM.001
08/14/2011 08:14 AM 28,672 SAM.002
08/24/2011 10:31 AM 8,192 SAM.LOG
03/12/2010 04:44 PM 65,536 SecEvent.Evt
08/09/2011 04:27 PM 49,152 SECURITY
08/14/2011 08:14 AM 49,152 SECURITY.001
08/14/2011 08:14 AM 49,152 SECURITY.002
08/24/2011 10:38 AM 1,024 SECURITY.LOG
08/09/2011 04:27 PM 24,289,280 SOFTWARE
08/21/2011 08:55 PM 24,903,680 SOFTWARE.001
08/23/2011 08:08 AM 24,903,680 SOFTWARE.002
08/26/2011 03:52 AM 1,024 software.LOG
03/12/2010 04:43 PM 659,456 software.sav
08/14/2011 07:07 AM 524,288 SysEvent.Evt
08/09/2011 04:27 PM 6,205,440 SYSTEM
08/18/2011 01:49 PM 7,864,320 SYSTEM.001
08/24/2011 10:31 AM 6,291,456 SYSTEM.002
08/26/2011 03:52 AM 1,024 system.LOG
03/12/2010 04:43 PM 909,312 system.sav
10/31/2010 01:40 AM <DIR> systemprofile
03/12/2010 04:43 PM 1,024 TempKey.LOG
03/12/2010 04:43 PM 262,144 userdiff
03/12/2010 04:43 PM 1,024 userdiff.LOG
30 File(s) 99,350,528 bytes
3 Dir(s) 13,089,427,456 bytes free

#86
SweetTech

Posted 25 August 2011 - 03:41 PM

Sir SpamAlot

Retired Staff
7,671 posts

Are you able to boot up normally now?

#87
ChrisPittts

Posted 25 August 2011 - 03:56 PM

Member

Topic Starter
Member
64 posts

Yes - I'm on it right now. Thank you SO MUCH!

#88
SweetTech

Posted 25 August 2011 - 04:07 PM

Sir SpamAlot

Retired Staff
7,671 posts

Great! Glad to hear that you're able to boot up normally!

I am not the only one to thank. I had some behind the scenes help from a colleague of mine named: JSntgRvr

Are you experiencing any other outstanding issues with your computer right now?

#89
ChrisPittts

Posted 25 August 2011 - 06:33 PM

Member

Topic Starter
Member
64 posts

It seems really slow - and took 3 tries to update the virus definitions, but could be due to the lack of memory that it is running!

Any idea what could have caused the problems?

#90
SweetTech

Posted 26 August 2011 - 04:51 PM

Sir SpamAlot

Retired Staff
7,671 posts

hmm... Not really sure off hand.

Let me grab new OTL logs, and see if anything sticks out in their, or in the Error log there.

Re-Running OTL

We need to create a New FULL OTL Report

Please download OTL from here if you have not done so already:
- Main Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized