Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected w/ WIN32/Olmarik.TDL4 trojan [Closed]


  • This topic is locked This topic is locked

#1
fmarlo

fmarlo

    New Member

  • Member
  • Pip
  • 2 posts
I have been infected with the WIN32/olmarik.TDL4 trojan found by ESET NOD32 version 5.0.95.0. However, it is stating that it is in the "Operating memory and unable to clean". Also, I keep receiving an error message "Windows - Delayed Write Failed" and it gives me some message stating "it is unable to complete task found in IE.5." In addition, I am unable to run MS updates and this trojan will not allow me to turn on my Automatic Updates in the Security System and I am fearful to open Internet Explorer for fear it will cause further damage and instability.

I have pasted the OTL text below: Thank you for any assistance in advance!

OTL logfile created on: 12/19/2011 1:35:38 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Nikki Salazar\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.15 Mb Total Physical Memory | 189.42 Mb Available Physical Memory | 26.98% Memory free
1.68 Gb Paging File | 1.08 Gb Available in Paging File | 64.50% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 8.36 Gb Free Space | 22.45% Space Free | Partition Type: NTFS

Computer Name: FREDDIE | User Name: Nikki Salazar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/19 13:33:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nikki Salazar\Desktop\OTL.exe
PRC - [2011/12/15 16:48:16 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RSD\RsMgrSvc.exe
PRC - [2011/12/15 16:47:59 | 000,123,856 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RSD\popwndexe.exe
PRC - [2011/11/09 18:10:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 16:07:04 | 000,537,480 | -H-- | M] ( ) -- C:\WINDOWS\system32\dlcxcoms.exe
PRC - [2005/07/12 18:14:42 | 000,040,960 | -H-- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/07/08 02:13:14 | 000,036,864 | -H-- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/08/28 01:33:00 | 000,110,592 | -H-- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/07 08:01:01 | 008,527,008 | -H-- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/09 18:10:28 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | -H-- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2006/10/20 00:33:28 | 000,117,760 | -H-- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcxdrpp.dll
MOD - [2005/07/12 18:14:42 | 000,040,960 | -H-- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2005/07/08 02:13:14 | 000,036,864 | -H-- | M] () -- C:\WINDOWS\system32\acs.exe
MOD - [2002/05/03 16:40:32 | 000,094,274 | -H-- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/12/15 16:48:16 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files\Rising\RSD\RsMgrSvc.exe -- (RsMgrSvc)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2006/11/03 16:07:04 | 000,537,480 | -H-- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dlcxcoms.exe -- (dlcx_device)
SRV - [2006/02/03 13:21:56 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) [Disabled | Stopped] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)
SRV - [2005/07/12 18:14:42 | 000,040,960 | -H-- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/07/08 02:13:14 | 000,036,864 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/08/28 01:33:00 | 000,110,592 | -H-- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2011/12/15 16:48:05 | 000,017,336 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\protreg.sys -- (rsdsys)
DRV - [2011/08/09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/12/02 11:20:54 | 000,122,504 | -H-- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2005/06/29 00:01:58 | 001,241,088 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/17 16:17:48 | 000,352,000 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/06/17 16:17:00 | 000,038,144 | -H-- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/10 22:42:00 | 000,005,504 | -H-- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/06/02 04:33:00 | 000,102,384 | -H-- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/05/25 03:39:44 | 000,465,952 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/05/09 16:17:06 | 000,031,360 | -H-- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/05/05 15:27:38 | 000,007,936 | -H-- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2005/04/15 19:23:12 | 000,011,904 | -H-- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2005/04/01 17:59:14 | 000,065,152 | -H-- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2005/04/01 17:59:14 | 000,065,152 | -H-- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2005/03/31 18:08:02 | 000,211,200 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/31 17:08:46 | 001,034,240 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/31 17:08:00 | 000,714,880 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/02 17:36:08 | 000,070,912 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 16:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/19 16:45:48 | 000,021,248 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/11 09:53:22 | 000,006,867 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mortgagenewsdaily.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 4A 7C B7 53 DB CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 18:10:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/20 16:59:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/12/18 17:08:30 | 000,000,000 | ---D | M]

[2008/10/22 15:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nikki Salazar\Application Data\Mozilla\Extensions
[2011/12/18 23:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nikki Salazar\Application Data\Mozilla\Firefox\Profiles\6620726x.default\extensions
[2010/04/29 12:32:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nikki Salazar\Application Data\Mozilla\Firefox\Profiles\6620726x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/21 09:58:41 | 000,000,000 | ---D | M] (ProfileSong Community Toolbar) -- C:\Documents and Settings\Nikki Salazar\Application Data\Mozilla\Firefox\Profiles\6620726x.default\extensions\{981e53ba-6df4-4d99-8c33-6c398f5c139e}
[2011/12/18 23:34:58 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Nikki Salazar\Application Data\Mozilla\Firefox\Profiles\6620726x.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/05/09 08:05:28 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Nikki Salazar\Application Data\Mozilla\Firefox\Profiles\6620726x.default\extensions\[email protected]
[2011/11/09 18:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/09 18:10:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/10/27 18:39:32 | 000,028,488 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2009/10/27 18:39:32 | 000,185,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2009/10/27 18:39:50 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2009/10/27 18:39:31 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/16 13:21:11 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/09/15 08:41:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/09/21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011/11/09 18:10:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/12/18 22:55:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =
O15 - HKCU\..Trusted Domains: lendersoffice.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2571F470-3C6F-4C6F-A8BF-374F885441AA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{696ECC47-E7E3-4007-A018-CDB097C8D036}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\efcCuUMF: DllName - (efcCuUMF.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Nikki Salazar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nikki Salazar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {3095D50F-F1BA-4BBC-A54D-819EEB7E0898} - No CLSID value found.
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\iiffGYOg) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/09 15:19:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{313028b8-dc51-11de-a189-00c09ffca3d9}\Shell\AutoRun\command - "" = E:\RDEapp.exe
O33 - MountPoints2\{4d4b2647-938f-11df-a1dd-00c09ffca3d9}\Shell\AutoRun\command - "" = E:\rcaeasyrip_setup.exe
O33 - MountPoints2\{4d4b2647-938f-11df-a1dd-00c09ffca3d9}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe
O33 - MountPoints2\{4d4b2647-938f-11df-a1dd-00c09ffca3d9}\Shell\usermanualEnglish\command - "" = E:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{4d4b2647-938f-11df-a1dd-00c09ffca3d9}\Shell\usermanualFrench\command - "" = E:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{4d4b2647-938f-11df-a1dd-00c09ffca3d9}\Shell\usermanualSpanish\command - "" = E:\rcaeasyrip_setup.exe /pdf_Spanish
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/19 13:33:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nikki Salazar\Desktop\OTL.exe
[2011/12/19 11:22:25 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nikki Salazar\Desktop\TFC.exe
[2011/12/19 11:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikki Salazar\Desktop\Autoruns
[2011/12/19 09:57:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nikki Salazar\Recent
[2011/12/19 09:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit PhantomPDF
[2011/12/19 01:06:09 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/18 17:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/12/18 17:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/18 17:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/12/15 21:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikki Salazar\Desktop\LB_RateWatch
[2011/12/15 21:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikki Salazar\Desktop\Realtor Email List
[2011/12/15 17:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/15 16:48:45 | 000,017,336 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\drivers\protreg.sys
[2011/12/15 16:33:50 | 000,000,000 | R--D | C] -- C:\RavBin
[2011/12/15 16:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikki Salazar\Desktop\Make Office 2003 genuine
[2011/12/15 16:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\Rising
[2011/12/15 16:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rising
[2011/12/15 16:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2011/12/15 16:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/12/15 14:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikki Salazar\Application Data\Ashampoo
[2011/12/15 14:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikki Salazar\Local Settings\Application Data\ashampoo
[2011/12/15 14:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2011/12/15 14:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ashampoo
[2011/12/15 14:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2011/12/15 07:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikki Salazar\Start Menu\Programs\Everything
[2011/12/15 07:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Everything
[2011/12/14 10:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/14 10:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/13 11:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikki Salazar\Start Menu\Programs\System Fix
[2011/12/13 09:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikki Salazar\Application Data\Dropbox
[2011/12/09 12:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{DE1312BC-D3DD-47DD-8064-E0C466F63259}
[2011/12/09 12:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\BrowserXT
[2011/12/09 12:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BrowserXT
[2011/12/06 16:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikki Salazar\My Documents\BrowserXT
[2011/12/06 16:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikki Salazar\Local Settings\Application Data\PackageAware
[2011/12/06 13:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Apps Migration
[2011/12/06 13:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Apps Sync 2.0
[2011/12/01 23:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/12/01 23:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2006/11/03 16:07:06 | 000,385,928 | -H-- | C] ( ) -- C:\WINDOWS\System32\dlcxih.exe
[2006/11/03 16:07:04 | 000,537,480 | -H-- | C] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe
[2006/11/03 16:07:02 | 000,381,832 | -H-- | C] ( ) -- C:\WINDOWS\System32\dlcxcfg.exe
[2006/10/11 17:01:40 | 000,643,072 | -H-- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/10/11 16:59:56 | 001,224,704 | -H-- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/10/11 16:54:10 | 000,421,888 | -H-- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/10/11 16:52:34 | 000,585,728 | -H-- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2006/10/11 16:51:16 | 000,397,312 | -H-- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2006/10/11 16:48:58 | 000,094,208 | -H-- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2006/10/11 16:48:14 | 000,684,032 | -H-- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/10/11 16:47:42 | 000,163,840 | -H-- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/10/11 16:41:42 | 000,413,696 | -H-- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2006/10/11 16:41:04 | 000,991,232 | -H-- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/10/11 16:37:14 | 000,696,320 | -H-- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/12/19 13:41:25 | 000,410,489 | ---- | M] () -- C:\Documents and Settings\Nikki Salazar\Desktop\The High Octane Loan Originator PDF FILE.pdf
[2011/12/19 13:38:29 | 001,466,443 | ---- | M] () -- C:\Documents and Settings\Nikki Salazar\Desktop\Vargas RESPA.pdf
[2011/12/19 13:33:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nikki Salazar\Desktop\OTL.exe
[2011/12/19 13:07:02 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/19 12:29:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/19 11:42:40 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/19 11:42:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/19 11:38:50 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/12/19 11:22:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nikki Salazar\Desktop\TFC.exe
[2011/12/19 10:57:30 | 000,532,781 | ---- | M] () -- C:\Documents and Settings\Nikki Salazar\Desktop\Autoruns.zip
[2011/12/19 01:06:09 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/18 22:55:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/18 22:29:36 | 000,001,640 | ---- | M] () -- C:\Documents and Settings\Nikki Salazar\Desktop\Update Checker.lnk
[2011/12/18 16:17:24 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EA8462DB-9D37-4E21-A034-17889DEF7007}.job
[2011/12/18 12:42:54 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\Nikki Salazar\Local Settings\Application Data\d3d9caps.dat
[2011/12/16 17:46:19 | 000,000,012 | -H-- | M] () -- C:\WINDOWS\dirsaver.ini
[2011/12/16 14:17:50 | 000,011,282 | -HS- | M] () -- C:\Documents and Settings\Nikki Salazar\Local Settings\Application Data\sjegwl8v2oey3cyt0jdx3u553r6q
[2011/12/16 14:17:50 | 000,011,282 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\sjegwl8v2oey3cyt0jdx3u553r6q
[2011/12/16 14:09:51 | 000,386,560 | ---- | M] () -- C:\Documents and Settings\Nikki Salazar\My Documents\4o8Kw73xM.exe
[2011/12/16 13:48:49 | 000,331,480 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 16:48:05 | 000,017,336 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\drivers\protreg.sys
[2011/12/15 16:37:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\RsUser.db
[2011/12/15 16:37:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\RsMon.db
[2011/12/15 16:30:16 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Nikki Salazar\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/12/15 16:28:52 | 000,000,376 | -H-- | M] () -- C:\WINDOWS\ODBC.INI
[2011/12/15 16:09:30 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Nikki Salazar\Desktop\Microsoft Outlook.lnk
[2011/12/15 14:57:52 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Nikki Salazar\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 6 FREE.lnk
[2011/12/15 14:57:52 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio.lnk
[2011/12/14 10:47:50 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 11:39:08 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~pQmU9UVWxBzRf2
[2011/12/13 11:39:08 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~pQmU9UVWxBzRf2r
[2011/12/13 11:38:57 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\pQmU9UVWxBzRf2
[2011/12/13 09:41:20 | 004,775,421 | ---- | M] () -- C:\Documents and Settings\Nikki Salazar\Desktop\Strategic Letters.zip
[2011/12/13 09:11:53 | 000,614,867 | ---- | M] () -- C:\Documents and Settings\Nikki Salazar\Desktop\Private+Label+Ordering+Guide.pdf
[2011/11/29 20:17:01 | 000,000,521 | ---- | M] () -- C:\Documents and Settings\Nikki Salazar\Desktop\Perfect Loan Process.lnk
[2011/11/29 18:21:42 | 000,000,361 | ---- | M] () -- C:\Documents and Settings\Nikki Salazar\My Documents\My Documents.lnk
[2011/11/29 16:21:44 | 000,001,807 | -H-- | M] () -- C:\WINDOWS\winpoint.ini
[2011/11/23 07:44:00 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/21 14:16:12 | 000,035,296 | ---- | M] () -- C:\Documents and Settings\Nikki Salazar\Desktop\AllRegs FHA Handbook.pdf
[2011/11/21 09:48:54 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2011/12/19 13:41:23 | 000,410,489 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Desktop\The High Octane Loan Originator PDF FILE.pdf
[2011/12/19 13:38:24 | 001,466,443 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Desktop\Vargas RESPA.pdf
[2011/12/19 10:57:17 | 000,532,781 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Desktop\Autoruns.zip
[2011/12/18 22:29:35 | 000,001,640 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Desktop\Update Checker.lnk
[2011/12/18 12:42:54 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Local Settings\Application Data\d3d9caps.dat
[2011/12/16 14:09:51 | 000,386,560 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\My Documents\4o8Kw73xM.exe
[2011/12/16 14:09:25 | 000,011,282 | -HS- | C] () -- C:\Documents and Settings\Nikki Salazar\Local Settings\Application Data\sjegwl8v2oey3cyt0jdx3u553r6q
[2011/12/16 14:09:25 | 000,011,282 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\sjegwl8v2oey3cyt0jdx3u553r6q
[2011/12/15 16:37:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\RsUser.db
[2011/12/15 16:37:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\RsMon.db
[2011/12/15 16:30:16 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/12/15 14:57:52 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 6 FREE.lnk
[2011/12/15 14:57:52 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio.lnk
[2011/12/14 10:47:50 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 11:39:08 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~pQmU9UVWxBzRf2r
[2011/12/13 11:39:06 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~pQmU9UVWxBzRf2
[2011/12/13 11:38:56 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pQmU9UVWxBzRf2
[2011/12/13 09:41:12 | 004,775,421 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Desktop\Strategic Letters.zip
[2011/12/13 09:11:46 | 000,614,867 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Desktop\Private+Label+Ordering+Guide.pdf
[2011/11/29 18:21:42 | 000,000,361 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\My Documents\My Documents.lnk
[2011/11/21 14:16:12 | 000,035,296 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Desktop\AllRegs FHA Handbook.pdf
[2011/11/18 13:09:28 | 000,202,926 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Local Settings\Application Data\census.cache
[2011/11/18 13:08:54 | 000,180,135 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Local Settings\Application Data\ars.cache
[2011/11/18 12:33:07 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Local Settings\Application Data\housecall.guid.cache
[2011/09/13 21:22:24 | 000,081,984 | -H-- | C] () -- C:\WINDOWS\System32\bdod.bin
[2011/07/07 12:37:25 | 000,176,235 | -H-- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/06/28 16:18:17 | 000,000,065 | -H-- | C] () -- C:\WINDOWS\System32\bd7040.dat
[2011/06/28 16:17:18 | 000,000,114 | -H-- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/06/28 14:30:29 | 000,086,384 | -H-- | C] () -- C:\WINDOWS\hpqins01.dat
[2011/03/28 11:16:59 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/01/06 10:19:06 | 000,000,067 | -H-- | C] () -- C:\WINDOWS\swupdate.INI
[2010/06/10 13:30:02 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Application Data\com.zoosk.Desktop_state.xml
[2010/02/02 12:00:09 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/31 19:42:04 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/01/31 19:40:16 | 000,098,136 | -H-- | C] () -- C:\WINDOWS\gzip.exe
[2010/01/20 21:55:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Local Settings\Application Data\prvlcl.dat
[2009/11/13 17:25:28 | 000,010,875 | -H-- | C] () -- C:\WINDOWS\ESOA.INI
[2009/11/13 17:25:28 | 000,000,053 | -H-- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2009/06/10 14:01:35 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\atid.ini
[2009/05/27 16:57:29 | 000,001,807 | -H-- | C] () -- C:\WINDOWS\winpoint.ini
[2008/09/29 20:48:07 | 000,049,056 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/07/23 10:50:52 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/10 20:05:54 | 000,000,206 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/16 22:32:21 | 000,001,944 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/25 15:44:48 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/10 14:59:11 | 000,000,115 | -H-- | C] () -- C:\WINDOWS\PNTINFO.INI
[2008/02/09 13:06:17 | 000,102,364 | -H-- | C] () -- C:\WINDOWS\hpqins13.dat
[2008/01/21 13:54:55 | 000,110,030 | -H-- | C] () -- C:\WINDOWS\hpoins08.dat
[2007/12/07 10:33:36 | 000,571,320 | -H-- | C] () -- C:\WINDOWS\HPISExe.dat
[2007/12/07 10:31:02 | 000,099,712 | -H-- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/10/31 14:40:29 | 000,000,248 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Application Data\wklnhst.dat
[2007/10/27 15:52:21 | 000,001,427 | -H-- | C] () -- C:\WINDOWS\disney.ini
[2007/10/18 15:00:30 | 000,134,554 | -H-- | C] () -- C:\WINDOWS\hpwins10.dat.temp
[2007/10/18 15:00:30 | 000,001,042 | -H-- | C] () -- C:\WINDOWS\hpwmdl10.dat.temp
[2007/10/18 14:52:29 | 000,135,115 | -H-- | C] () -- C:\WINDOWS\hpwins10.dat
[2007/08/02 13:43:11 | 000,000,375 | -H-- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/07/24 13:38:32 | 000,049,152 | RH-- | C] () -- C:\WINDOWS\System32\hpbprnfx.exe
[2007/07/24 13:37:47 | 000,001,005 | -H-- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/07/24 13:36:04 | 000,006,341 | -H-- | C] () -- C:\WINDOWS\hplj3380.ini
[2007/07/13 20:59:35 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\iplayer.INI
[2007/06/25 09:48:20 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2007/04/09 16:21:35 | 000,000,058 | -H-- | C] () -- C:\WINDOWS\sview.ini
[2007/04/09 16:21:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\srfvdo.dat
[2007/03/08 04:43:03 | 000,010,335 | -H-- | C] () -- C:\WINDOWS\hpwscr10.dat
[2007/02/27 20:19:55 | 000,001,042 | -H-- | C] () -- C:\WINDOWS\hpwmdl10.dat
[2006/10/28 09:31:44 | 000,344,064 | -H-- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2006/10/20 19:07:32 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2006/10/20 19:06:44 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2006/10/20 19:03:28 | 000,139,264 | -H-- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2006/10/20 18:57:40 | 000,176,128 | -H-- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2006/10/20 18:56:52 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2006/10/20 18:55:28 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2006/10/20 18:54:42 | 000,176,128 | -H-- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2006/10/20 18:48:38 | 000,454,656 | -H-- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2006/10/20 18:46:42 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/09/22 06:42:38 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2006/09/06 05:13:14 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2006/08/08 14:58:04 | 000,692,224 | -H-- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2006/05/14 17:40:44 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\prl.dmp
[2006/04/24 14:09:58 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2006/03/19 18:03:04 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2006/02/19 13:16:36 | 000,000,047 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/24 10:33:16 | 000,221,184 | -H-- | C] () -- C:\WINDOWS\System32\ExpLoansFromGenesis.dll
[2006/01/19 16:59:10 | 000,000,058 | -H-- | C] () -- C:\WINDOWS\mchguid.ini
[2006/01/17 11:00:45 | 000,000,042 | -H-- | C] () -- C:\WINDOWS\POINTHelp.INI
[2005/12/23 14:54:58 | 000,221,184 | RH-- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2005/12/23 14:54:58 | 000,000,412 | RH-- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dat
[2005/12/23 13:48:32 | 000,000,030 | -H-- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2005/12/23 13:48:31 | 000,000,509 | -H-- | C] () -- C:\WINDOWS\Brwmark.ini
[2005/12/23 13:48:31 | 000,000,059 | -H-- | C] () -- C:\WINDOWS\brmx2001.ini
[2005/12/23 13:48:31 | 000,000,040 | -H-- | C] () -- C:\WINDOWS\opt_1440.ini
[2005/12/23 13:48:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Brohl144.ini
[2005/12/23 13:47:31 | 000,000,296 | -H-- | C] () -- C:\WINDOWS\BRDIAG.INI
[2005/12/23 13:47:31 | 000,000,012 | -H-- | C] () -- C:\WINDOWS\brpp2ka.ini
[2005/12/23 13:47:31 | 000,000,012 | -H-- | C] () -- C:\WINDOWS\Brownie.ini
[2005/12/23 13:47:31 | 000,000,011 | -H-- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2005/12/23 11:46:02 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Nikki Salazar\Local Settings\Application Data\fusioncache.dat
[2005/12/23 11:45:52 | 000,184,320 | -H-- | C] () -- C:\WINDOWS\System32\EmbeddedDX.dll
[2005/12/23 09:41:37 | 000,266,240 | -H-- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2005/12/23 09:41:34 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\acs.exe
[2005/12/23 09:41:29 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2005/12/23 09:41:12 | 000,270,336 | -H-- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2005/12/23 09:41:12 | 000,163,840 | -H-- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2005/08/09 17:59:11 | 000,011,122 | -H-- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2005/08/09 17:59:11 | 000,002,036 | -H-- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2005/08/09 17:36:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/08/09 17:00:57 | 000,000,012 | -H-- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/08/09 16:45:20 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2005/08/09 16:39:18 | 000,000,217 | -H-- | C] () -- C:\WINDOWS\Quicken.ini
[2005/08/09 16:37:42 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/09 16:37:42 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/09 16:37:42 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/09 16:37:42 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/09 16:37:42 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/09 16:37:42 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/09 16:36:54 | 000,000,277 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/09 16:32:32 | 000,128,113 | -H-- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/08/09 16:32:32 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/08/09 16:32:32 | 000,009,362 | -H-- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/08/09 16:32:32 | 000,007,671 | -H-- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/08/09 16:00:49 | 000,090,112 | -H-- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/08/09 16:00:49 | 000,006,867 | -H-- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/09 15:26:03 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/09 15:21:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/09 15:16:35 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/09 15:15:18 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/09 14:41:18 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/09 14:38:23 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/09 14:38:18 | 000,448,440 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/09 14:38:18 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/09 14:38:18 | 000,075,018 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/09 14:38:18 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/09 14:38:16 | 000,004,688 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/09 14:38:14 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/09 14:38:12 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/09 14:38:04 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/09 14:38:04 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/09 14:37:49 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/09 14:37:40 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/09 08:10:36 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/09 08:09:39 | 000,331,480 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/10 17:59:16 | 000,095,617 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/05/19 09:38:27 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/11 22:08:00 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2003/11/12 09:16:58 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\GNetParserX.dll
[2003/09/26 06:42:46 | 000,002,421 | -H-- | C] () -- C:\WINDOWS\System32\scrubber.ini
[2003/01/07 16:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/03 16:40:32 | 000,094,274 | -H-- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002/05/03 16:40:32 | 000,094,274 | -H-- | C] () -- C:\WINDOWS\System32\HPBHEALR(3).DLL
[2001/07/06 16:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/03/28 11:37:14 | 000,000,033 | -H-- | C] () -- C:\WINDOWS\System32\hppcap.ini
[2000/02/17 13:57:02 | 000,225,280 | -H-- | C] () -- C:\WINDOWS\System32\GN32.DLL
[1999/10/13 17:59:48 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\gns2kzip.dll

========== LOP Check ==========

[2009/06/10 14:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/10/31 13:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/03 17:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/12/15 14:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2011/09/03 10:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/03/27 14:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CounterPath
[2007/11/24 12:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney Interactive
[2011/12/18 17:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2006/01/23 14:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/12/18 16:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/15 16:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rising
[2008/09/12 23:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/12/16 12:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/30 08:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/12/01 00:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/03/10 08:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/01 00:33:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/06/04 17:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/19 12:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/12 13:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/31 13:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2011/12/09 12:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{DE1312BC-D3DD-47DD-8064-E0C466F63259}
[2011/12/15 14:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\Ashampoo
[2011/10/06 09:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\Auslogics
[2011/03/15 11:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\Calyx Software
[2008/12/31 10:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/15 20:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011/12/13 11:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\Dropbox
[2011/01/02 13:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\ePASS
[2011/12/19 09:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\Foxit Software
[2006/01/23 14:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\HotSync
[2005/08/09 16:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\InterTrust
[2006/03/21 22:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\InterVideo
[2011/07/06 16:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\IObit
[2009/04/13 10:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\KompoZer
[2006/01/23 14:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\Leadertech
[2008/07/06 10:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\Lexmark Productivity Studio
[2011/12/15 07:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\MP3Rocket
[2011/09/13 22:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\MyScribe
[2006/01/25 22:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\PDS
[2011/10/26 07:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\PrimoPDF
[2009/11/05 21:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\RateWatch.8120D7806F19A08520F163B2D95EA0AD9E0C0659.1
[2011/07/08 11:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\Smart PDF Tools Pro
[2008/09/21 01:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\Sony
[2007/10/31 14:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\Template
[2011/08/11 19:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\Toktumi
[2006/01/08 21:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\toshiba
[2011/03/30 08:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\Trusteer
[2010/12/01 00:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\TuneUp Software
[2009/10/27 18:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\webex
[2008/01/31 13:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikki Salazar\Application Data\X5400 Series
[2011/12/18 16:17:24 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EA8462DB-9D37-4E21-A034-17889DEF7007}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\rundll32.exe:SummaryInformation
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C41CE1F6
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA029835

< End of report >
  • 0

Advertisements


#2
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, fmarlo! :wave:
Sorry for the delay.

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for fmarlo only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Whilst I am reviewing your log, please perform the following steps:


Step 1

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image

On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image

Step 2

Do the following:
Start -> Run.
type diskmgmt.msc.
Click "OK".

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screenshot of the Disk Management Window and attach the screen shot to your reply.


Things I want to see in your next reply

  • aswMBR.txt
  • A screenshot of the Disk Management Window

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP