Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to run TDSSkiller for Google redirect fix [Solved]

Started by FlyMN , Dec 09 2011 08:16 AM

  • This topic is locked This topic is locked

#1
FlyMN
Posted 09 December 2011 - 08:16 AM

FlyMN

    New Member

  • Member
  • Pip
  • 7 posts
I'm following through the steps in 267407-how-to-fix-google-redirects and cannot run TDSSkiller.

Here's the OTL log:

OTL logfile created on: 12/9/2011 7:48:33 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\rboelter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 28.33% Memory free
3.85 Gb Paging File | 2.28 Gb Available in Paging File | 59.18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 47.41 Gb Free Space | 42.44% Space Free | Partition Type: NTFS

Computer Name: 7NKVMF1 | User Name: rboelter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/09 07:47:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rboelter\Desktop\OTL.exe
PRC - [2011/06/17 17:10:02 | 001,664,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
PRC - [2011/06/14 16:31:43 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
PRC - [2011/04/25 02:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/04/25 02:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/08/20 16:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 16:28:34 | 000,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2008/08/20 16:27:36 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/08/20 16:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/08/20 16:09:12 | 001,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/08/20 16:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/09/14 10:53:16 | 000,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2007/09/10 09:55:04 | 000,092,160 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2007/09/07 17:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2007/05/14 14:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/05/14 14:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/04/15 21:49:16 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2007/04/15 21:49:08 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/04/15 21:49:08 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/15 21:49:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/04/10 15:46:52 | 000,709,992 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2007/02/18 23:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/02/18 23:26:32 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/01/11 20:43:46 | 002,150,400 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/12/18 15:22:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/12/15 11:41:30 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/10/27 20:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/17 09:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/02/06 23:00:20 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006/01/23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2006/01/19 10:06:18 | 000,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
PRC - [2006/01/19 10:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
PRC - [2006/01/19 10:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
PRC - [2005/11/10 13:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2001/11/27 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2011/11/18 15:35:01 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/11/18 15:34:46 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/11/18 15:30:22 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/11/18 15:30:05 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/11/18 15:27:58 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/11/18 15:27:45 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/11/18 15:26:14 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/08/20 16:10:50 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/24 22:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2007/11/08 22:49:06 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
MOD - [2007/09/10 09:53:26 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2007/07/12 21:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2007/05/31 15:50:40 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/05/14 14:24:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2006/01/19 10:06:08 | 000,122,880 | ---- | M] () -- C:\Program Files\Musicmatch\Musicmatch Jukebox\CDDVDAccess.dll
MOD - [2006/01/17 06:41:28 | 000,122,880 | ---- | M] () -- C:\Program Files\Musicmatch\Musicmatch Jukebox\mmgit.dll
MOD - [2005/07/22 21:30:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
MOD - [2004/10/14 10:18:24 | 000,040,960 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll
MOD - [2004/07/20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2001/07/31 03:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/06/17 17:10:02 | 001,664,744 | ---- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe -- (SmcService)
SRV - [2011/06/17 16:50:28 | 000,280,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe -- (SNAC)
SRV - [2011/06/14 16:31:43 | 000,137,224 | ---- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/01/08 07:13:36 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/20 16:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 16:28:34 | 000,348,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2008/08/20 16:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/08/20 16:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/09/13 14:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 17:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/08/31 17:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/05/14 14:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/18 23:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


========== Driver Services (SafeList) ==========

DRV - [2011/12/07 13:11:09 | 000,092,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2011/11/18 13:01:49 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/11/15 12:05:24 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20111208.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/15 12:05:24 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/15 12:05:24 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/15 12:05:24 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20111208.020\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/14 19:35:58 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20111124.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/26 02:03:20 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20111207.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/06/17 17:06:46 | 000,023,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys -- (SyDvCtrl)
DRV - [2011/05/27 20:07:29 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\srtsp.sys -- (SRTSP)
DRV - [2011/05/27 20:07:29 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/05/20 18:50:02 | 000,118,960 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teefer.sys -- (Teefer2)
DRV - [2011/05/17 20:32:27 | 000,756,856 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS -- (SymEFA)
DRV - [2011/05/10 20:54:58 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2011/05/02 19:18:59 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS -- (SymDS)
DRV - [2011/04/20 22:21:31 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\symtdi.sys -- (SYMTDI)
DRV - [2009/10/05 10:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2008/08/28 23:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/08/04 11:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/23 14:44:23 | 000,045,056 | ---- | M] (MARX CryptoTech LP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CBUSB.sys -- (CBUSB)
DRV - [2007/12/02 18:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 18:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 18:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/28 16:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/09/10 09:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 09:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/09/06 09:18:40 | 000,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
DRV - [2007/08/12 18:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/04/26 14:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/04/26 14:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/04/26 14:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/26 14:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2007/04/26 14:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/26 14:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/04/26 14:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2007/04/15 21:49:08 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/04/10 15:46:53 | 001,966,312 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2007/03/18 15:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/18 23:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/12/19 14:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 12:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080214
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...?channel=us-smb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080214

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080214
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...?channel=us-smb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...?channel=us-smb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nxc-imaging.com/home/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/11/28 20:48:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/12/01 07:19:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn\ [2011/12/07 13:11:37 | 000,000,000 | ---D | M]

[2009/09/14 11:48:49 | 000,028,488 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2009/09/14 11:48:49 | 000,185,232 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2009/09/14 11:49:34 | 000,099,216 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2009/09/14 11:48:48 | 000,061,840 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll

O1 HOSTS File: ([2011/12/09 06:24:11 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\rboelter\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tams.com ([myapps] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1203451665348 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nxcimaging.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E88F8AD4-067F-417E-B519-3CC1BD6D0AA8}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\gemsafe: DllName - (C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll) - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\rboelter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\rboelter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (wvauth) -C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{88c3dba7-e734-11dc-be15-001e37b0cdd3}\Shell - "" = AutoRun
O33 - MountPoints2\{88c3dba7-e734-11dc-be15-001e37b0cdd3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{88c3dba7-e734-11dc-be15-001e37b0cdd3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/09 07:47:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rboelter\Desktop\OTL.exe
[2011/12/09 07:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rboelter\Desktop\TDSSkiller
[2011/12/09 06:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rboelter\Desktop\GooredFix Backups
[2011/12/09 06:36:53 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\rboelter\Desktop\GooredFix.exe
[2011/12/09 06:24:03 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/12/09 06:22:02 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rboelter\Desktop\OTM.exe
[2011/12/09 06:21:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/09 06:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/12/09 06:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/08 21:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rboelter\Application Data\ElevatedDiagnostics
[2011/12/08 21:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/12/08 21:11:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/12/07 13:11:09 | 000,374,704 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\sysfer.dll
[2011/12/07 13:11:09 | 000,092,080 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2011/12/07 13:11:09 | 000,010,672 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\sysferThunk.dll
[2011/12/06 11:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rboelter\Application Data\ICAClient
[2011/11/28 20:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rboelter\Application Data\HP
[2011/11/28 20:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/11/28 20:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2011/11/28 20:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2011/11/28 20:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/11/28 20:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/11/28 20:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/11/28 20:46:48 | 000,372,736 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2011/11/28 20:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/11/28 20:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/28 20:38:01 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/28 20:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/23 11:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/11/22 21:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/11/22 21:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/22 21:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/22 21:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/22 21:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/22 21:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/11/22 21:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/22 21:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/11/22 18:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Wave Systems Corp
[2011/11/22 13:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rboelter\Application Data\Malwarebytes
[2011/11/22 13:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/20 22:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rboelter\My Documents\Prescott Flying Club
[2011/11/20 22:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rboelter\My Documents\Verizon
[2011/11/20 21:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rboelter\Desktop\Level 1 MR 12-07-09
[2011/11/20 21:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rboelter\My Documents\Gamma Medica
[2011/11/19 17:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rboelter\My Documents\Sony PMB
[2011/11/19 17:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rboelter\Application Data\Sony Corporation
[2011/11/19 17:44:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/11/19 17:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PMB
[2011/11/19 17:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2011/11/18 21:00:49 | 000,032,208 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WGX.SYS
[2011/11/18 15:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/11/18 13:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rboelter\Local Settings\Application Data\NTRU Cryptosystems
[2011/11/18 12:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86
[2011/11/18 12:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\SEP
[2011/11/18 12:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105
[2011/11/18 12:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\SEP\0C01029F
[2011/11/18 12:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rboelter\Local Settings\Application Data\Temp

========== Files - Modified Within 30 Days ==========

[2011/12/09 07:48:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/09 07:47:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rboelter\Desktop\OTL.exe
[2011/12/09 07:00:52 | 000,063,058 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/12/09 06:36:53 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\rboelter\Desktop\GooredFix.exe
[2011/12/09 06:31:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\rboelter\Local Settings\Application Data\WavXMapDrive.bat
[2011/12/09 06:30:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/09 06:29:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/09 06:28:57 | 2145,349,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/09 06:28:02 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/12/09 06:24:11 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/09 06:22:07 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rboelter\Desktop\OTM.exe
[2011/12/09 06:20:26 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\rboelter\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/12/09 06:20:06 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\rboelter\Desktop\NTREGOPT.lnk
[2011/12/09 06:20:05 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\rboelter\Desktop\ERUNT.lnk
[2011/12/08 21:16:55 | 000,705,320 | ---- | M] () -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86\Cat.DB
[2011/12/07 13:44:42 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\rboelter\Desktop\Hologic.lnk
[2011/12/07 13:11:09 | 000,374,704 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\sysfer.dll
[2011/12/07 13:11:09 | 000,092,080 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2011/12/07 13:11:09 | 000,010,672 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\sysferThunk.dll
[2011/12/06 11:16:20 | 000,000,453 | ---- | M] () -- C:\Documents and Settings\rboelter\Desktop\Gamma Medica.lnk
[2011/11/28 20:53:42 | 000,188,653 | ---- | M] () -- C:\WINDOWS\hpwins23.dat
[2011/11/28 20:38:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/23 16:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/23 16:41:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/21 11:49:41 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\rboelter\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/11/21 07:46:04 | 000,000,912 | ---- | M] () -- C:\Documents and Settings\rboelter\My Documents\My Sharing Folders.lnk
[2011/11/21 07:44:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2011/11/21 07:44:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2011/11/21 07:33:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2011/11/21 07:33:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2011/11/19 00:50:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2011/11/19 00:50:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2011/11/18 21:07:04 | 000,446,386 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/18 21:07:04 | 000,073,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/18 21:01:28 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/18 21:00:49 | 000,240,048 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll
[2011/11/18 21:00:49 | 000,032,208 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WGX.SYS
[2011/11/18 15:40:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2011/11/18 15:40:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2011/11/18 15:34:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/18 13:01:49 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/11/18 13:01:49 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/11/18 13:01:49 | 000,007,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/11/18 13:01:49 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/11/18 13:00:41 | 000,000,114 | ---- | M] () -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86\isolate.ini

========== Files Created - No Company Name ==========

[2011/12/09 06:20:26 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\rboelter\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/12/09 06:20:06 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\rboelter\Desktop\NTREGOPT.lnk
[2011/12/09 06:20:05 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\rboelter\Desktop\ERUNT.lnk
[2011/12/07 13:44:41 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\rboelter\Desktop\Hologic.lnk
[2011/12/06 11:16:19 | 000,000,453 | ---- | C] () -- C:\Documents and Settings\rboelter\Desktop\Gamma Medica.lnk
[2011/11/28 20:49:03 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/11/28 20:48:21 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2011/11/28 20:44:32 | 000,188,653 | ---- | C] () -- C:\WINDOWS\hpwins23.dat
[2011/11/28 20:44:32 | 000,001,501 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat
[2011/11/28 20:38:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/21 07:46:04 | 000,000,912 | ---- | C] () -- C:\Documents and Settings\rboelter\My Documents\My Sharing Folders.lnk
[2011/11/20 22:03:16 | 000,057,987 | ---- | C] () -- C:\Documents and Settings\rboelter\Desktop\manual_6_2000.pdf
[2011/11/20 22:03:12 | 014,871,348 | ---- | C] () -- C:\Documents and Settings\rboelter\Desktop\iPad_User_Guide.pdf
[2011/11/20 22:03:08 | 006,835,490 | ---- | C] () -- C:\Documents and Settings\rboelter\Desktop\DIR-655_manual_15.pdf
[2011/11/20 22:03:03 | 000,079,196 | ---- | C] () -- C:\Documents and Settings\rboelter\Desktop\2906-3015.pdf
[2011/11/19 17:44:14 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PMB.lnk
[2011/11/18 21:00:51 | 000,705,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86\Cat.DB
[2011/11/18 13:00:41 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86\isolate.ini
[2009/09/05 21:46:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/14 13:04:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/08/14 13:04:55 | 001,155,072 | ---- | C] () -- C:\WINDOWS\System32\dvtcmd.exe
[2009/08/14 13:04:55 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/08/14 13:04:55 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dvtcpp.exe
[2009/07/24 13:27:39 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/06/09 14:51:34 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/06/03 12:50:24 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\rboelter\Local Settings\Application Data\PUTTY.RND
[2009/03/12 19:01:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/01/09 08:50:11 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2009/01/07 15:15:03 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\rboelter\Application Data\xiview.ini
[2008/10/28 18:32:17 | 000,015,498 | R--- | C] () -- C:\WINDOWS\VX1000.ini
[2008/10/28 15:09:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/31 10:39:20 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\rboelter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/23 14:44:28 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CBNDLL.DLL
[2008/04/05 15:54:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/03/31 07:27:15 | 000,000,182 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/02/19 15:07:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\rboelter\Local Settings\Application Data\WavXMapDrive.bat
[2008/02/14 10:54:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/14 10:52:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/02/14 10:51:19 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/14 10:51:19 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/14 10:40:37 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/02/14 10:38:03 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/02/14 10:38:03 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/02/14 10:33:18 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2008/02/14 10:14:10 | 000,063,058 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/02/14 10:09:55 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/02/14 10:09:55 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/02/14 10:09:55 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/02/14 10:09:54 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2008/02/14 10:09:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/02/14 10:09:53 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/02/14 10:09:53 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/02/14 10:09:51 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/02/14 10:09:50 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/02/14 10:09:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/02/14 10:08:25 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/13 14:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 14:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 14:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 14:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 14:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 14:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 14:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 14:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 14:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 14:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 14:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/13 14:32:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\CacheFP.exe
[2007/09/12 15:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 15:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 15:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 15:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 15:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 15:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 15:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 15:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 15:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 15:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 09:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/15 10:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/14 11:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 08:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/09/10 13:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 13:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,446,386 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,073,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/03/11 20:44:50 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\AEC6DLL.dll
[2001/07/31 03:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1998/03/10 00:00:00 | 000,042,496 | ---- | C] () -- C:\WINDOWS\ttuninst.exe

========== LOP Check ==========

[2009/01/08 07:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/02/14 10:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2011/11/18 13:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2011/11/22 21:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/08 21:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rboelter\Application Data\ElevatedDiagnostics
[2011/12/06 13:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rboelter\Application Data\ICAClient
[2009/06/03 12:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rboelter\Application Data\JGsoft
[2008/04/18 09:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rboelter\Application Data\Musicmatch
[2009/01/10 19:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rboelter\Application Data\Toshiba
[2009/01/07 15:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rboelter\Application Data\Unfors
[2008/02/14 10:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rboelter\Application Data\Wave Systems Corp

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 12/9/2011 7:49:58 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\rboelter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 28.33% Memory free
3.85 Gb Paging File | 2.28 Gb Available in Paging File | 59.18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 47.41 Gb Free Space | 42.44% Space Free | Partition Type: NTFS

Computer Name: 7NKVMF1 | User Name: rboelter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\dynatech\dynatech.exe" = C:\dynatech\dynatech.exe:*:Enabled:Technician laptop system -- (South By Southwest)
"C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Documents and Settings\rboelter\Local Settings\Temp\7zS638A\OJ6500vE709_Basic_14\setup\hpznui01.exe" = C:\Documents and Settings\rboelter\Local Settings\Temp\7zS638A\OJ6500vE709_Basic_14\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AceExpertFTP\AceXFTP.exe" = C:\Program Files\AceExpertFTP\AceXFTP.exe:*:Disabled:FTP Expert -- (Visicom Media Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\DVT\bin\dvtgui.exe" = C:\Program Files\DVT\bin\dvtgui.exe:*:Enabled:DICOM Validation Tool -- ()
"C:\dynatech\dynatech.exe" = C:\dynatech\dynatech.exe:*:Enabled:Technician laptop system -- (South By Southwest)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\rboelter\Local Settings\Temp\7zS638A\OJ6500vE709_Basic_14\setup\hpznui01.exe" = C:\Documents and Settings\rboelter\Local Settings\Temp\7zS638A\OJ6500vE709_Basic_14\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{11968F04-71FB-4C8C-B4D8-14FA4171EE36}" = 6500_E709_Help_BasicWeb
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{4C8C6D37-CA3C-4EF6-A1E5-0D188E7B6021}" = HP Officejet 6500 E709 Series
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel® PROSet/Wireless WiFi Software
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6891C287-0A76-45B5-B2E6-D8D479FADECE}" = PixFix
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV)
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{86196C81-759C-4F74-8DFF-36F9F50FEEAC}" = 6500_E709_BasicWeb
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF042CD-A0B2-4BDD-8FA9-EEA6D749AAD5}" = Wireless AEC6 Mammo Setup
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{41F67C30-2D46-4FC9-A03B-F6B0D8F7B68A}" =
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}" = Symantec Endpoint Protection
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX)
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB)
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DF9EFDF8-0534-489B-9763-26D995E8B5CF}" = FSSS
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web)
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAD96046-769E-4A4B-949B-8D29D885EFD6}" = BPDSoftware_Ini
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"AceFTP v1" = AceFTP v1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DICOM Validation Tool" = DICOM Validation Tool
"Digital StereoLoc II Training Guide" = Digital StereoLoc II Training Guide 1.0
"EditPad Lite" = Just Great Software EditPad Lite 6.4.5
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SearchAssist" = SearchAssist
"ST6UNST #1" = XCtest
"ST6UNST #2" = SPAG
"ST6UNST #3" = DetectorTool
"ST6UNST #4" = PANATERM
"ST6UNST #5" = Windows Flash Array
"STANDARD" = Microsoft Office Standard 2007
"Tera Term Pro" = Tera Term Pro
"UnforsXiConfig_is1" = Xi View 2.0 build 7
"Windows Grep_is1" = Windows Grep 2.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMerge_is1" = WinMerge 2.10.2.0
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/9/2011 8:24:03 AM | Computer Name = 7NKVMF1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Event Info: Open Process
Action
Taken: Logged Actor Process: C:\DOCUMENTS AND SETTINGS\RBOELTER\DESKTOP\OTM.EXE
(PID 1028) Time: Friday, December 09, 2011 6:24:03 AM

Error - 12/9/2011 8:24:03 AM | Computer Name = 7NKVMF1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Event Info: Open Process
Action
Taken: Logged Actor Process: C:\DOCUMENTS AND SETTINGS\RBOELTER\DESKTOP\OTM.EXE
(PID 1028) Time: Friday, December 09, 2011 6:24:03 AM

Error - 12/9/2011 8:24:03 AM | Computer Name = 7NKVMF1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe Event Info: Open Process Action
Taken: Logged Actor Process: C:\DOCUMENTS AND SETTINGS\RBOELTER\DESKTOP\OTM.EXE
(PID 1028) Time: Friday, December 09, 2011 6:24:03 AM

Error - 12/9/2011 8:24:03 AM | Computer Name = 7NKVMF1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\12.1.671.4971.105\Bin\SavUI.exe Event Info: Open Process Action
Taken: Logged Actor Process: C:\DOCUMENTS AND SETTINGS\RBOELTER\DESKTOP\OTM.EXE
(PID 1028) Time: Friday, December 09, 2011 6:24:03 AM

Error - 12/9/2011 8:29:27 AM | Computer Name = 7NKVMF1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 12/9/2011 8:29:28 AM | Computer Name = 7NKVMF1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 12/9/2011 8:29:35 AM | Computer Name = 7NKVMF1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 12/9/2011 8:37:38 AM | Computer Name = 7NKVMF1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe Event Info: Open Process Action
Taken: Logged Actor Process: C:\DOCUMENTS AND SETTINGS\RBOELTER\DESKTOP\GOOREDFIX.EXE
(PID 1624) Time: Friday, December 09, 2011 6:37:38 AM

Error - 12/9/2011 8:37:38 AM | Computer Name = 7NKVMF1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Event Info: Open Process
Action
Taken: Logged Actor Process: C:\DOCUMENTS AND SETTINGS\RBOELTER\DESKTOP\GOOREDFIX.EXE
(PID 1624) Time: Friday, December 09, 2011 6:37:38 AM

Error - 12/9/2011 8:37:38 AM | Computer Name = 7NKVMF1 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Event Info: Open Process
Action
Taken: Logged Actor Process: C:\DOCUMENTS AND SETTINGS\RBOELTER\DESKTOP\GOOREDFIX.EXE
(PID 1624) Time: Friday, December 09, 2011 6:37:38 AM

[ System Events ]
Error - 12/9/2011 8:29:29 AM | Computer Name = 7NKVMF1 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 12/9/2011 8:29:33 AM | Computer Name = 7NKVMF1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 12/9/2011 8:29:33 AM | Computer Name = 7NKVMF1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 12/9/2011 8:29:39 AM | Computer Name = 7NKVMF1 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 12/9/2011 8:29:39 AM | Computer Name = 7NKVMF1 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 12/9/2011 8:29:39 AM | Computer Name = 7NKVMF1 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 12/9/2011 8:29:40 AM | Computer Name = 7NKVMF1 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 12/9/2011 8:29:47 AM | Computer Name = 7NKVMF1 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 12/9/2011 8:44:40 AM | Computer Name = 7NKVMF1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 12/9/2011 9:15:10 AM | Computer Name = 7NKVMF1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 60 minutes. NtpClient has no source of accurate
time.


< End of report >


Thanks in advance!

Edited by FlyMN, 09 December 2011 - 08:31 AM.

  • 0

Advertisements

#2
Essexboy
Posted 09 December 2011 - 02:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can resolve this

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

FINALLY

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
  • 0

#3
FlyMN
Posted 09 December 2011 - 04:27 PM

FlyMN

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for the help.

I was unable to run aswMBR either. I did run MBRcheck and it found a problem. Also attached a screenshot of Disk Mgmnt.


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0044814c

Kernel Drivers (total 164):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xB9F05000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9EED000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9ECD000 fltmgr.sys
0xB9E76000 SYMDS.SYS
0xB9E64000 sr.sys
0xB9DA5000 SYMEFA.SYS
0xB9D8F000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9D78000 KSecDD.sys
0xB9CEB000 Ntfs.sys
0xB9CBE000 NDIS.sys
0xBA108000 PBADRV.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9CA4000 Mup.sys
0xBA158000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA198000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB95B8000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB95A4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA430000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9580000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9558000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB91E1000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xB91B6000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB9192000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA440000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA448000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9C78000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA604000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA1D8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB916F000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA450000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB9C70000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9C6C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA1F8000 \SystemRoot\System32\Drivers\tosrfcom.sys
0xBA728000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA208000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9C68000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9158000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA218000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA228000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA458000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB90A7000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA238000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA460000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA468000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB904F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA248000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB9033000 \SystemRoot\system32\DRIVERS\teefer.sys
0xBA606000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8FD5000 \SystemRoot\system32\DRIVERS\update.sys
0xB9C33000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA470000 \SystemRoot\system32\DRIVERS\WaveFDE.sys
0xBA258000 \SystemRoot\system32\DRIVERS\tosporte.sys
0xBA268000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA298000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA60A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB7E6A000 \SystemRoot\system32\drivers\sthda.sys
0xB7E46000 \SystemRoot\system32\drivers\portcls.sys
0xBA2C8000 \SystemRoot\system32\drivers\drmk.sys
0xB7E2E000 \SystemRoot\system32\drivers\dxec01.sys
0xB7DFA000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xB7D08000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB7C55000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA478000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA588000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB7AC7000 \SystemRoot\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS
0xB7AA4000 \SystemRoot\system32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS
0xB9138000 \SystemRoot\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS
0xB7A7E000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB90F8000 \SystemRoot\system32\DRIVERS\tosrfusb.sys
0xB78DC000 \??\C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20111208.020\NAVEX15.SYS
0xB78C8000 \??\C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20111208.020\NAVENG.SYS
0xB78AC000 \SystemRoot\system32\DRIVERS\tosrfbd.sys
0xBA614000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6CD000 \SystemRoot\System32\Drivers\Null.SYS
0xBA616000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA488000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xBA490000 \SystemRoot\System32\drivers\vga.sys
0xBA618000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA61A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA498000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA4A0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB908F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB7851000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB77F8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB779F000 \SystemRoot\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMTDI.SYS
0xBA278000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB771C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB76FA000 \SystemRoot\System32\drivers\afd.sys
0xB7C45000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB76DE000 \SystemRoot\system32\Drivers\SysPlant.sys
0xB76B3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB761B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB7C35000 \SystemRoot\System32\Drivers\Fips.SYS
0xB75F5000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB7C15000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB75BB000 \SystemRoot\system32\DRIVERS\Tosrfhid.sys
0xB7BF5000 \SystemRoot\System32\Drivers\tosrfbnp.sys
0xB755D000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xBA340000 \SystemRoot\system32\DRIVERS\tosrfnds.sys
0xB753F000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB7503000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
0xB7437000 \??\C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20111124.011\BHDrvx86.sys
0xB7894000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xBA168000 \SystemRoot\System32\Drivers\tcusb.sys
0xB9148000 \SystemRoot\System32\Drivers\oz776.sys
0xB76AB000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0xB733D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB6E61000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA668000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB7517000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA370000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6E8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xB499C000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
0xB72ED000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA703000 \SystemRoot\System32\DLA\DLADResM.SYS
0xB495C000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xBA410000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA5BC000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA418000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xBA420000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB4946000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB492F000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB49C4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB4998000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xBF549000 \SystemRoot\System32\ATMFD.DLL
0xB3EB1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA65E000 \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
0xB3EDE000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB3CA1000 \SystemRoot\system32\DRIVERS\srv.sys
0xB39BC000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3B41000 \SystemRoot\system32\drivers\sysaudio.sys
0xB324D000 \SystemRoot\System32\Drivers\HTTP.sys
0xB2BCD000 \??\C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20111207.001\IDSxpx86.sys
0xB08C1000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 93):
0 System Idle Process
4 System
1764 C:\WINDOWS\system32\smss.exe
1816 csrss.exe
1848 C:\WINDOWS\system32\winlogon.exe
1892 C:\WINDOWS\system32\services.exe
1904 C:\WINDOWS\system32\lsass.exe
228 C:\WINDOWS\system32\svchost.exe
284 svchost.exe
336 C:\WINDOWS\system32\svchost.exe
560 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
756 svchost.exe
840 svchost.exe
1148 C:\WINDOWS\system32\spoolsv.exe
1188 scardsvr.exe
1472 svchost.exe
1532 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1676 C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
1724 C:\Program Files\Bonjour\mDNSResponder.exe
1756 svchost.exe
752 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1040 C:\WINDOWS\system32\svchost.exe
848 C:\WINDOWS\system32\svchost.exe
1736 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
1800 C:\WINDOWS\system32\nvsvc32.exe
1868 C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
608 C:\WINDOWS\system32\svchost.exe
1672 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
1244 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1380 C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
2064 C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
3764 C:\WINDOWS\system32\svchost.exe
3820 tcsd_win32.exe
3856 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
3896 C:\WINDOWS\system32\dllhost.exe
4036 C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
4092 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2212 wmiprvse.exe
2332 C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
2364 wmiprvse.exe
2396 wmiprvse.exe
2724 C:\WINDOWS\system32\dllhost.exe
2936 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3152 msdtc.exe
3600 alg.exe
2648 C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
1552 C:\WINDOWS\system32\svchost.exe
3340 unsecapp.exe
884 C:\WINDOWS\explorer.exe
4116 C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SavUI.exe
4360 C:\WINDOWS\system32\wuauclt.exe
5084 C:\Program Files\Apoint\Apoint.exe
5256 C:\Program Files\Apoint\ApMsgFwd.exe
5288 C:\Program Files\Apoint\hidfind.exe
5296 C:\Program Files\Apoint\ApntEx.exe
4544 C:\WINDOWS\system32\rundll32.exe
4552 C:\WINDOWS\system32\rundll32.exe
4560 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
4696 C:\Program Files\Dell\QuickSet\quickset.exe
4712 C:\WINDOWS\stsystra.exe
4884 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
5140 C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
5268 C:\WINDOWS\system32\KADxMain.exe
5416 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
5576 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
5632 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
5728 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
5736 C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
2144 C:\WINDOWS\vVX1000.exe
5968 C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
4180 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
908 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
4172 C:\WINDOWS\system32\rundll32.exe
4304 C:\WINDOWS\system32\wbem\unsecapp.exe
4328 C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
5568 C:\Program Files\iTunes\iTunesHelper.exe
4464 C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
4836 C:\Program Files\Citrix\ICA Client\concentr.exe
5008 C:\WINDOWS\system32\ctfmon.exe
328 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3520 C:\Program Files\iPod\bin\iPodService.exe
5480 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
5520 C:\Program Files\Digital Line Detect\DLG.exe
5556 C:\Program Files\WinZip\WZQKPICK.EXE
5680 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
2604 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
2572 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
3640 C:\Program Files\Citrix\ICA Client\wfcrun32.exe
5844 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
5228 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
4448 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
5908 C:\Program Files\Internet Explorer\iexplore.exe
5116 C:\Documents and Settings\rboelter\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05649600 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHY2120BH, Rev: 0085000B

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

DiskMgmt.JPG
  • 0

#4
Essexboy
Posted 09 December 2011 - 04:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This is the new version which is why TDSSKiller cannot see it and aswMBR will not run

I need you to download: gparted-live-0.10.0-3.iso (115.1 MB)
Windows XP Recovery Console rc.iso

Create a bootable CD, 1 for Gparted and 1 for the Windows XP Recovery Console, from the ISO images. You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.

Posted Image
You should be here...
Press ENTER

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Posted Image
Choose your language and press ENTER. English is default [33]

Posted Image
Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen below
Posted Image
According to your logs, the partition that you want to delete is 10MB
Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:
Posted Image

Now you should be here:
Posted Image

Posted Image
Is "boot" next to your OS drive?

If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:
Posted Image

Now double-click the Posted Image button.

You should receive a small pop up like this:
Posted Image
Choose reboot and then press OK.

Now reboot from the Windows XP Recovery Console CD and execute the following commands:

  • fixmbr \Device\HardDisk0
  • fixboot c:
  • exit

Once back in Windows.

Download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Attach that file.

  • 0

#5
FlyMN
Posted 10 December 2011 - 12:26 PM

FlyMN

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OK, I ran Gparted successfully and removed the 10Mb partition. When I ran the rc.iso disk, it seemed to load ok, but when 'starting windows', I got the blue screen. The bottom line stated 'pci.sys'. I tried burning a 2nd CD with the same results.
  • 0

#6
Essexboy
Posted 10 December 2011 - 01:00 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you start the computer
Press and hold F8 as it boots
On the menu select repair my computer
Select startup repair

let it do its thing and reboot

Let me know how that goes
  • 0

#7
FlyMN
Posted 10 December 2011 - 05:25 PM

FlyMN

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I don't have a 'Repair my computer' selection when using F8 during boot. I have 3 Safe modes, Enable boot logging, Enable VGA, Last known, DirectoryServices, Debugging mode, Disable auto restart, Start normally, reboot, and Return to OS choices.

Just a novice here...

Edited by FlyMN, 10 December 2011 - 06:53 PM.

  • 0

#8
Essexboy
Posted 11 December 2011 - 06:26 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you boot from the recovery console cd please do the following :

press R to enter the recovery console.

After getting to the Microsoft Windows recovery console you will need to select the Windows installation you wish to log onto. Therefore press 1 if you wish to edit the primary Windows installation.

After selecting the installation you will be prompted for the administrator password, enter the password exactly as you would in Windows. If you do not have a password just press return

At the c prompt that appears type the following

fixmbr \Device\HardDisk0

fixboot c:

exit
  • 0

#9
FlyMN
Posted 11 December 2011 - 02:38 PM

FlyMN

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok, after running the commands in the Recovery Console, it looks like the MBRCheck is clean.

Attached Files


  • 0

#10
Essexboy
Posted 11 December 2011 - 03:03 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now retry TDSSKiller please and let me know what problems you are experiencing
  • 0

#11
FlyMN
Posted 12 December 2011 - 07:47 PM

FlyMN

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
TDSSkiller did not find anything and this redirect problem seems to be gone. Thanks so much for your help.
  • 0

#12
Essexboy
Posted 13 December 2011 - 12:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK a final sweep for orphans before I send you on your way

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#13
FlyMN
Posted 14 December 2011 - 05:27 PM

FlyMN

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here's the log. Thanks again for all your help. I've learned more about all this than I really wanted too!


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8372

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/14/2011 5:11:54 PM
mbam-log-2011-12-14 (17-11-53).txt

Scan type: Quick scan
Objects scanned: 219942
Time elapsed: 7 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#14
Essexboy
Posted 15 December 2011 - 12:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#15
Essexboy
Posted 17 December 2011 - 05:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP