Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

TR/ATRAPS. Gen2 Virus [Solved]

Started by Steviep , Dec 30 2011 01:51 PM

Page 4 of 7
2
3
4
5
6

This topic is locked

#46
Steviep

Posted 01 January 2012 - 05:52 PM

Member

Topic Starter
Member
338 posts

Hi otl doesn't seem to be doing anything, has been sitting for 15mins with the message killing processes do not interrupt but no progress ?

#47
Steviep

Posted 01 January 2012 - 06:43 PM

Member

Topic Starter
Member
338 posts

Shut it down and tried again, dont quite understand"After the reboot if DHCP is still not running then select the restore point that OTL is about to make and restore to that. The hope being that as the restore point was set with the service running that it will revert to that " s I wasnt given the option to restore?

OTL logfile created on: 02/01/2012 00:38:11 - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Gillian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.45 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 82.16% Memory free
5.29 Gb Paging File | 4.79 Gb Available in Paging File | 90.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.84 Gb Total Space | 124.86 Gb Free Space | 53.62% Space Free | Partition Type: NTFS

Computer Name: E6400 | User Name: Gillian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 18:35:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gillian\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/10/11 14:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 14:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/12/11 15:52:52 | 000,445,552 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
PRC - [2009/02/23 11:08:10 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/16 15:41:44 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/04/13 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/11 14:00:22 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/02/02 21:47:42 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2010/02/02 21:45:58 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2009/12/11 15:52:56 | 000,346,224 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\madExcept_.bpl
MOD - [2009/12/11 15:52:56 | 000,180,848 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\madBasic_.bpl
MOD - [2009/12/11 15:52:56 | 000,048,240 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\madDisAsm_.bpl
MOD - [2009/12/11 15:52:52 | 000,253,552 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics Disk Defrag\ausshellext.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/01/09 13:46:25 | 001,122,304 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/08/14 00:25:24 | 000,367,088 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11)
SRV - [2008/08/14 00:25:20 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11)
SRV - [2008/08/14 00:24:06 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11)
SRV - [2008/08/14 00:24:02 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11)

========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/08 15:18:09 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 14:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/03/23 16:00:10 | 000,241,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2011/02/16 15:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/02 21:47:32 | 002,696,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/02/23 11:08:10 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/12/16 15:41:44 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/09/22 13:40:46 | 000,109,568 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/11 10:53:22 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/03/06 18:42:14 | 000,530,944 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/04/26 04:42:16 | 000,045,696 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: [email protected]:6.4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/25 20:59:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/28 08:41:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/27 17:41:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/25 20:59:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Gillian\Application Data\IDM\idmmzcc3

[2010/01/18 21:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gillian\Application Data\Mozilla\Extensions
[2011/12/31 12:33:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gillian\Application Data\Mozilla\Firefox\Profiles\4nu0v8wb.default\extensions
[2011/10/27 17:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/27 17:41:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\GILLIAN\APPLICATION DATA\IDM\IDMMZCC3
[2011/10/27 17:41:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/19 21:09:25 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/12/22 03:30:24 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/12/22 03:30:24 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/12/22 03:30:24 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/12/22 03:30:24 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/01/02 00:25:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B735B98-8010-11D5-AD0B-00500463D885} http://www.partsaren...ns/IMIESRCH.cab (SearchCD Control)
O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} http://www.kaspersky...censefinder.cab (Kaspersky License Finder)
O16 - DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} http://www.partsaren...ins/GFXVIEW.cab (GrafixViewControl)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1263935527859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://cards.hallmar...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BDDADA8-A4CB-4B1E-8758-F57923403A51}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gillian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gillian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/18 20:56:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/02 00:25:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/01 20:08:17 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Gillian\Desktop\aswMBR.exe
[2011/12/31 19:13:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/31 18:48:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/31 18:46:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/31 18:46:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/31 18:46:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/31 18:46:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/31 18:46:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/31 18:45:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/31 18:44:32 | 004,358,797 | R--- | C] (Swearware) -- C:\Documents and Settings\Gillian\Desktop\ComboFix.exe
[2011/12/31 12:33:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/30 18:39:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gillian\Desktop\OTL.exe
[2011/12/30 17:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Desktop\broadcom_v5.100.57.8
[2011/12/26 19:15:42 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gillian\Desktop\tdsskiller.exe
[2011/12/23 21:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Local Settings\Application Data\PCHealth
[2011/12/23 17:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/23 16:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/12/17 13:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gillian\Desktop\photo frame
[2011/12/07 16:55:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gillian\Recent
[1 C:\Documents and Settings\Gillian\Desktop\*.tmp files -> C:\Documents and Settings\Gillian\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/02 00:33:31 | 000,553,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/02 00:33:31 | 000,134,710 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/02 00:29:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/02 00:28:48 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/02 00:28:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2012/01/02 00:28:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/02 00:25:46 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/02 00:18:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/01 20:09:08 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\MBR.dat
[2012/01/01 20:08:17 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Gillian\Desktop\aswMBR.exe
[2012/01/01 16:18:54 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\MyNICDetails.bat
[2012/01/01 16:17:04 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C41D49E3-3065-492C-8C9A-34C847A14A5B}.job
[2011/12/31 23:35:44 | 000,022,228 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\dhcp.reg
[2011/12/31 18:48:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/31 18:44:57 | 004,358,797 | R--- | M] (Swearware) -- C:\Documents and Settings\Gillian\Desktop\ComboFix.exe
[2011/12/30 23:09:28 | 000,002,651 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\NetBT.zip
[2011/12/30 22:38:32 | 000,022,392 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\NetBT.reg
[2011/12/30 18:35:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gillian\Desktop\OTL.exe
[2011/12/27 18:49:38 | 083,010,992 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\R260737.exe
[2011/12/26 20:09:04 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-IULS0.exe
[2011/12/26 20:09:04 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-IULS0.msg
[2011/12/26 20:09:04 | 000,000,341 | ---- | M] () -- C:\WINDOWS\is-IULS0.lst
[2011/12/26 19:57:50 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-R5FB6.exe
[2011/12/26 19:57:50 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-R5FB6.msg
[2011/12/26 19:57:50 | 000,000,341 | ---- | M] () -- C:\WINDOWS\is-R5FB6.lst
[2011/12/26 17:31:16 | 000,331,075 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\FSS.exe
[2011/12/26 17:30:50 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gillian\Desktop\tdsskiller.exe
[2011/12/26 14:28:13 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\Gillian\Desktop\Avira Free Antivirus Profile Complete system scan.LNK
[2011/12/21 00:17:52 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\Gillian\default.pls
[2011/12/20 23:38:33 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/18 00:17:43 | 000,157,184 | ---- | M] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 18:19:38 | 000,416,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 15:10:56 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/08 15:18:09 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[1 C:\Documents and Settings\Gillian\Desktop\*.tmp files -> C:\Documents and Settings\Gillian\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/01 20:09:08 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\MBR.dat
[2012/01/01 16:18:53 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\MyNICDetails.bat
[2011/12/31 23:36:13 | 000,022,228 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\dhcp.reg
[2011/12/31 18:48:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/31 18:48:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/31 18:46:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/31 18:46:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/31 18:46:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/31 18:46:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/31 18:46:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/30 23:13:56 | 000,022,392 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\NetBT.reg
[2011/12/30 23:13:16 | 000,002,651 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\NetBT.zip
[2011/12/30 18:05:01 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/12/27 19:09:33 | 083,010,992 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\R260737.exe
[2011/12/26 20:09:04 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-IULS0.exe
[2011/12/26 20:09:04 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-IULS0.msg
[2011/12/26 20:09:04 | 000,000,341 | ---- | C] () -- C:\WINDOWS\is-IULS0.lst
[2011/12/26 19:57:50 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-R5FB6.exe
[2011/12/26 19:57:50 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-R5FB6.msg
[2011/12/26 19:57:50 | 000,000,341 | ---- | C] () -- C:\WINDOWS\is-R5FB6.lst
[2011/12/26 19:20:54 | 000,331,075 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\FSS.exe
[2011/12/26 14:28:13 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\Gillian\Desktop\Avira Free Antivirus Profile Complete system scan.LNK
[2011/12/14 15:06:46 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/30 00:37:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/03 15:51:54 | 000,000,072 | ---- | C] () -- C:\WINDOWS\CmdPrint.INI
[2011/02/12 12:27:27 | 000,031,620 | ---- | C] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\rx_audio.Cache
[2011/02/12 12:27:27 | 000,001,080 | ---- | C] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\rx_image32.Cache
[2011/01/25 17:03:37 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2011/01/16 15:44:34 | 000,303,104 | ---- | C] () -- C:\WINDOWS\emunist.exe
[2011/01/16 15:44:34 | 000,001,588 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2011/01/16 15:44:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/01/07 19:11:40 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/01/07 19:11:19 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/01/07 19:11:15 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011/01/07 19:11:15 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/07 19:11:15 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/07 19:11:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/12 20:54:26 | 000,086,496 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/14 19:08:49 | 001,401,224 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/25 20:58:40 | 000,023,112 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/02/24 19:50:20 | 000,164,002 | ---- | C] () -- C:\WINDOWS\hpoins36.dat
[2010/02/24 19:50:20 | 000,000,652 | ---- | C] () -- C:\WINDOWS\hpomdl36.dat
[2010/02/11 21:28:08 | 000,037,897 | ---- | C] () -- C:\Documents and Settings\Gillian\Application Data\Comma Separated Values (Windows).ADR
[2010/01/29 19:45:31 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/01/29 19:45:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gillian\Application Data\$_hpcst$.hpc
[2010/01/22 20:33:22 | 000,157,184 | ---- | C] () -- C:\Documents and Settings\Gillian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 20:33:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/19 20:28:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/18 22:29:41 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/01/18 22:29:40 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/01/18 21:13:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/18 21:06:19 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/01/18 21:06:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/01/18 20:58:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/18 20:53:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/18 20:49:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/18 20:48:53 | 000,416,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/10/14 14:05:42 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCIta.dll
[2008/10/14 14:05:08 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCFra.dll
[2008/10/14 14:04:36 | 000,014,800 | ---- | C] () -- C:\WINDOWS\System32\IMSRCEsp.dll
[2008/10/14 14:04:02 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMSRCEng.dll
[2008/10/14 14:03:34 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMSRCDeu.dll
[2008/10/14 13:55:20 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXIta.dll
[2008/10/14 13:54:52 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXFra.dll
[2008/10/14 13:54:22 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXEsp.dll
[2008/10/14 13:53:48 | 000,013,776 | ---- | C] () -- C:\WINDOWS\System32\IMGFXEng.dll
[2008/10/14 13:53:18 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\IMGFXDeu.dll
[2008/08/01 09:16:24 | 000,063,984 | ---- | C] () -- C:\WINDOWS\DVDRGN.EXE
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/13 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 23:00:00 | 000,553,082 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/13 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 23:00:00 | 000,134,710 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/13 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/06/18 15:00:52 | 000,070,018 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2005/04/15 03:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 03:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll

========== LOP Check ==========

[2011/10/15 22:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/05/05 13:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2010/01/29 20:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/07 18:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/08/07 18:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2010/08/07 18:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
[2010/12/27 23:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Recisio
[2011/10/15 23:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/08/07 18:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 14
[2011/10/15 22:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/01/16 16:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/08/23 17:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/02/25 20:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/05/07 21:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/22 19:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/19 21:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Auslogics
[2011/05/28 18:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/02/25 20:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\CopyTransPhoto
[2011/06/23 19:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\DMCache
[2011/08/06 17:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\ElevatedDiagnostics
[2010/01/19 21:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Foxit
[2010/01/29 20:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\PC Suite
[2010/08/07 19:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\proDAD
[2011/02/25 20:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Ringtone
[2010/01/29 19:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Samsung
[2011/10/15 23:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Ulead Systems
[2011/09/04 18:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\uTorrent
[2010/09/18 15:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\vShare
[2010/02/11 20:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Windows Desktop Search
[2010/02/28 11:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Windows Search
[2010/02/25 20:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\WindSolutions
[2010/02/25 18:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gillian\Application Data\Zoner
[2012/01/02 00:28:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Boost Speed Disk Defrag Start On Windows Logon.job
[2012/01/01 16:17:04 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C41D49E3-3065-492C-8C9A-34C847A14A5B}.job

========== Purity Check ==========

< End of report >

#48
Steviep

Posted 02 January 2012 - 04:55 AM

Member

Topic Starter
Member
338 posts

Hi what I meant in my last post about not quite understanding what you meant about chosing the restore point was that OTL didnt give me any option to choose a restore point?

I went to system restore and there were no restore points available so I restarted DHCP and created a restore point, then I restored it bac to that point however when restarted the DHCP still wasnt running?

#49
Essexboy

Posted 02 January 2012 - 06:00 AM

GeekU Moderator

Retired Staff
69,964 posts

OK thanks I will ask the techs if they have come across this before

#50
Steviep

Posted 02 January 2012 - 06:05 AM

Member

Topic Starter
Member
338 posts

cheers

#51
Essexboy

Posted 02 January 2012 - 06:08 AM

GeekU Moderator

Retired Staff
69,964 posts

Posted and awaiting a response - do not be surprised if a Tech pops in with some questions

#52
Essexboy

Posted 02 January 2012 - 06:27 AM

GeekU Moderator

Retired Staff
69,964 posts

Please download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:
Double-click VEW.exe
Under 'Select log to query', select (as appropriate):
- Application
- System
Under 'Select type to list', select (as appropriate):
- Error
- Warning

Then use the 'Date of events' or 'Number of events' as follows:

Either:

Click the radio button for 'Number of events'
Type 3 in the 1 to 20 box (or any number from 1 to 20)
Then click the Run button.
Notepad will open with the output log.
Click the radio button for 'Date of events'
In the From: boxes type today's date (presuming the crash happened today) 13 07 2009
In the To: boxes type today's date (presuming the crash happened today) 13 07 2009
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply

#53
Steviep

Posted 03 January 2012 - 08:59 AM

Member

Topic Starter
Member
338 posts

Hi,

Here re the outputs:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 03/01/2012 14:56:35

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
No 'Application' log error events found from 03/01/2012 to 03/01/2012

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
No 'Application' log warning events found from 03/01/2012 to 03/01/2012

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
No 'System' log error events found from 03/01/2012 to 03/01/2012

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
No 'System' log warning events found from 03/01/2012 to 03/01/2012

Vino's Event Viewer v01c run on Windows XP in English
Report run at 03/01/2012 14:54:36

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/01/2012 14:52:38
Type: error Category: 0
Event: 3011 Source: LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section.

Log: 'Application' Date/Time: 03/01/2012 14:52:38
Type: error Category: 0
Event: 3012 Source: LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. BaseIndex value from Performance registry is the first DWORD in Data section, LastCounter value is the second DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Log: 'Application' Date/Time: 02/01/2012 10:49:34
Type: error Category: 0
Event: 3011 Source: LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/01/2012 00:50:43
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user E6400\Gillian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 02/01/2012 00:50:33
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 02/01/2012 00:46:48
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user E6400\Gillian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/01/2012 14:48:46
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: NetBT

Log: 'System' Date/Time: 03/01/2012 14:48:46
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 03/01/2012 14:48:46
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/12/2011 18:04:44
Type: warning Category: 0
Event: 27 Source: e1yexpress
Intel® 82567LM Gigabit Network Connection Link has been disconnected.

#54
Essexboy

Posted 03 January 2012 - 12:26 PM

GeekU Moderator

Retired Staff
69,964 posts

This may be the cause

Log: 'System' Date/Time: 03/01/2012 14:48:46
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

I will pass that on to the more knowledgeable techs

#55
Steviep

Posted 03 January 2012 - 01:14 PM

Member

Topic Starter
Member
338 posts

Thanks

#56
Macboatmaster

Posted 03 January 2012 - 02:54 PM

Member
7,237 posts

Please go Control panel Admin Tools, Services and check on the DHCP Client service - the services that it depends on
That is click the dependencies tab, after you have double clicked to open the DHCP Client service.

One of them will be the auxilliary function driver
another MAY be on your computer the NetBios over TCP/IP
PLEASE CHECK and make a note of the dependencies on that service.

Also while you are in services check the TCP/IPNetBiosHelper service please, ensure it is set Automatic Start and then start it.

Now please go to Device Manager and
Check in Device Manager - on hidden devices.
on the view tab click to show hidden devices
Is there is any warning on the Auxilliary Function driver - Non plug and play devices.
See my screenshot please

double-click the entry AFD, and click the Driver tab Set the Startup type to System. Start the service. Note down the error message if any. Similarly start the two other drivers namely:

TCP/IP Protocol Driver
NetBios over Tcpip
using the above as an example check each of these and/or as listed in your dependencies

Close Device Manager and restart Windows.

.

Go back to services.
If the DHCP service is not started, set the start to automatic and then start it.

#57
Steviep

Posted 03 January 2012 - 03:37 PM

Member

Topic Starter
Member
338 posts

Hi I've taken some screen prints as I dont seem to have a non plug and play section

#58
Essexboy

Posted 03 January 2012 - 03:43 PM

GeekU Moderator

Retired Staff
69,964 posts

At the top of device manager is a view item - click that and select show hidden devices

Also have been given something else to try - mega effort on this one

Could you type the following commands into the run box pressing enter after each one

netsh winsock reset catalog
netsh int ip reset resetlog.txt

You should find a reset log.txt at the c drive

Can you connect now without having to start the service

#59
Steviep

Posted 03 January 2012 - 04:02 PM

Member

Topic Starter
Member
338 posts

I really do appreciate ll your help with this. I've tried netsh winsock reset catalog
netsh int ip reset resetlog.txt but still cnt connect without going through services and starting the dhcp.

I have clicked on the show hidden devices nd still cant see non plug and play, I've attached screen print

I also noticed there seems to be an error with a broadcom device again here is a screenprint says driver not installed - could this be linked?

#60
Essexboy

Posted 03 January 2012 - 04:10 PM

GeekU Moderator

Retired Staff
69,964 posts

There is that possibilty could you right click the device - select properties and let me know what details are there about the device

Also you need to scroll down to non-plug and play devices - click the little arrow. That is where AFD is