Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Completely disabled by SecureBill,inc virus / malware! [Closed]


  • This topic is locked This topic is locked

#1
Duncan63

Duncan63

    Member

  • Member
  • PipPip
  • 27 posts
This somehow got onto my son's Notebook yesterday. When I log on as Administrator I get all sorts of fake warnings about hard drive problems etc. and a window encouraging me to part with my well-earned beer money for a fix! I think all the warnings are fakes to scare me but as I'm getting no desktop and no options in the Start Menu, i.e. I can access no programs or the internet, I can't even start to look at fixes involving either installed software or downloads. Please help - my son's autistic and I need to get him off my back, bless him!!!!!! (Clearly I'm sending this from a different PC!)

Worked out how to open IE so managed to run OTL - text files (two off) following:

OTL logfile created on: 24/01/2012 00:25:59 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.37 Mb Total Physical Memory | 74.65 Mb Available Physical Memory | 14.86% Memory free
1.20 Gb Paging File | 0.42 Gb Available in Paging File | 35.05% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.81 Gb Total Space | 42.48 Gb Free Space | 76.12% Space Free | Partition Type: NTFS

Computer Name: DELLD520-NB | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/24 00:25:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/01/24 00:08:22 | 000,358,648 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Gp08U7VTsS7cIZ.exe
PRC - [2012/01/23 01:00:27 | 000,456,952 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ScFifFUnavADgjd.exe
PRC - [2011/11/16 12:32:48 | 010,310,968 | -H-- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/11/16 12:32:48 | 010,200,376 | -H-- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
PRC - [2011/06/15 16:33:20 | 000,249,648 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 00:12:12 | 000,012,288 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\attrib.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/08/28 21:57:12 | 000,395,776 | -H-- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/06/29 12:13:32 | 001,032,192 | -H-- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/06/29 12:12:34 | 000,376,832 | -H-- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | -H-- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/12/28 12:04:56 | 000,262,217 | -H-- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2005/12/28 11:56:16 | 000,602,182 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/12/28 11:55:40 | 000,667,718 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/12/28 11:52:32 | 000,397,381 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/10/06 23:13:38 | 000,176,128 | RH-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 01:41:08 | 000,045,056 | RH-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/28 08:56:12 | 000,045,056 | RH-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/24 00:08:22 | 000,358,648 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Gp08U7VTsS7cIZ.exe
MOD - [2012/01/23 01:00:27 | 000,456,952 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ScFifFUnavADgjd.exe
MOD - [2006/06/29 12:13:50 | 000,073,728 | -H-- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2005/12/28 12:11:34 | 000,876,544 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/12/28 12:11:34 | 000,208,965 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/12/28 12:11:34 | 000,053,322 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/11/16 10:05:08 | 000,970,862 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/16 12:32:48 | 010,310,968 | -H-- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/07/07 18:31:08 | 000,195,336 | -H-- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2006/06/29 12:12:34 | 000,376,832 | -H-- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/12/28 12:04:56 | 000,262,217 | -H-- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®


========== Driver Services (SafeList) ==========

DRV - [2008/04/25 05:38:22 | 000,071,184 | -H-- | M] (Raxco Software, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2006/10/08 17:35:14 | 000,044,544 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/24 16:34:30 | 001,156,648 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 11:07:58 | 000,004,864 | -H-- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/28 13:22:08 | 000,013,568 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/04 23:55:30 | 001,428,096 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/09/28 05:57:18 | 000,113,847 | RH-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/12 07:49:44 | 003,298,432 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/08/12 17:50:46 | 000,016,128 | -H-- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)



O1 HOSTS File: ([2012/01/23 23:13:37 | 000,440,267 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15141 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ScFifFUnavADgjd.exe] C:\Documents and Settings\All Users\Application Data\ScFifFUnavADgjd.exe ()
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = digbyspecial.notts.sch.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FAE4BA1-33F0-4916-AAFA-FDA0E5E41A37}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/24 00:29:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/01/24 00:25:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/23 01:09:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\System Check
[2012/01/20 19:33:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Virgin Media
[2012/01/20 19:27:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\appmgmt
[2012/01/16 02:18:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Virgin Media
[2012/01/16 02:04:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2012/01/16 02:04:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Radialpoint
[2012/01/16 02:04:24 | 000,000,000 | -H-D | C] -- C:\Program Files\Virgin Media
[2012/01/16 02:04:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
[2012/01/16 01:32:35 | 000,286,720 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\qkm.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/24 00:36:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0C384B24-1090-4E87-AA9E-8422C090095C}.job
[2012/01/24 00:35:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AD37D727-FF9B-4239-ABFE-473EE108F178}.job
[2012/01/24 00:25:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/01/24 00:10:04 | 000,000,296 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~Gp08U7VTsS7cIZ
[2012/01/24 00:10:04 | 000,000,184 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~Gp08U7VTsS7cIZr
[2012/01/24 00:08:31 | 000,000,328 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Gp08U7VTsS7cIZ
[2012/01/24 00:08:22 | 000,358,648 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Gp08U7VTsS7cIZ.exe
[2012/01/24 00:08:07 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/24 00:07:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/24 00:07:30 | 526,843,904 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/23 23:13:37 | 000,440,267 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/23 22:49:50 | 000,000,464 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\SnxQRmtGkDDUsm
[2012/01/23 22:48:10 | 000,000,296 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~SnxQRmtGkDDUsm
[2012/01/23 22:48:10 | 000,000,184 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~SnxQRmtGkDDUsmr
[2012/01/23 20:20:24 | 000,000,296 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~11KKr5W6RoYaQu
[2012/01/23 20:20:24 | 000,000,184 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~11KKr5W6RoYaQur
[2012/01/23 20:18:21 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\11KKr5W6RoYaQu
[2012/01/23 18:56:07 | 000,000,296 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~XBU7jusQ7UFG2s
[2012/01/23 18:56:07 | 000,000,184 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~XBU7jusQ7UFG2sr
[2012/01/23 18:55:45 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\XBU7jusQ7UFG2s
[2012/01/23 18:40:15 | 000,000,296 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~IS9vq4V35DBl7v
[2012/01/23 18:40:15 | 000,000,184 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~IS9vq4V35DBl7vr
[2012/01/23 18:12:54 | 000,000,440 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\IS9vq4V35DBl7v
[2012/01/23 02:35:06 | 000,000,272 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~WuaUVWTaYeXSwf
[2012/01/23 02:35:05 | 000,000,168 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~WuaUVWTaYeXSwfr
[2012/01/23 02:34:01 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\WuaUVWTaYeXSwf
[2012/01/23 01:46:47 | 000,000,424 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\KpnGZJBUHWVE1E
[2012/01/23 01:46:18 | 000,382,260 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/23 01:46:18 | 000,053,838 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/23 01:46:03 | 000,000,272 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~KpnGZJBUHWVE1E
[2012/01/23 01:46:03 | 000,000,168 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~KpnGZJBUHWVE1Er
[2012/01/23 01:15:44 | 000,000,853 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/23 01:09:38 | 000,000,835 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\System Check.lnk
[2012/01/23 01:09:38 | 000,000,272 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~rOsrqHAnI5sNKX
[2012/01/23 01:09:38 | 000,000,168 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~rOsrqHAnI5sNKXr
[2012/01/23 01:09:29 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\rOsrqHAnI5sNKX
[2012/01/23 01:00:27 | 000,456,952 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ScFifFUnavADgjd.exe
[2012/01/16 05:28:15 | 000,008,016 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\8da2f173
[2012/01/16 05:28:15 | 000,008,007 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ffd614a0
[2012/01/16 05:28:15 | 000,008,000 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\ba1244a5
[2012/01/16 02:43:40 | 000,440,267 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120123-231336.backup
[2012/01/16 01:32:35 | 000,286,720 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\qkm.exe
[2012/01/12 18:48:22 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/24 00:10:04 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~Gp08U7VTsS7cIZ
[2012/01/24 00:10:04 | 000,000,184 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~Gp08U7VTsS7cIZr
[2012/01/24 00:08:30 | 000,000,328 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Gp08U7VTsS7cIZ
[2012/01/24 00:08:22 | 000,358,648 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Gp08U7VTsS7cIZ.exe
[2012/01/24 00:07:30 | 526,843,904 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/23 22:48:10 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~SnxQRmtGkDDUsm
[2012/01/23 22:48:10 | 000,000,184 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~SnxQRmtGkDDUsmr
[2012/01/23 22:37:09 | 000,000,464 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\SnxQRmtGkDDUsm
[2012/01/23 20:20:24 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~11KKr5W6RoYaQu
[2012/01/23 20:20:24 | 000,000,184 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~11KKr5W6RoYaQur
[2012/01/23 20:18:21 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\11KKr5W6RoYaQu
[2012/01/23 18:56:07 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~XBU7jusQ7UFG2s
[2012/01/23 18:56:07 | 000,000,184 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~XBU7jusQ7UFG2sr
[2012/01/23 18:55:45 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\XBU7jusQ7UFG2s
[2012/01/23 18:12:38 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~IS9vq4V35DBl7v
[2012/01/23 18:12:38 | 000,000,184 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~IS9vq4V35DBl7vr
[2012/01/23 18:11:38 | 000,000,440 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\IS9vq4V35DBl7v
[2012/01/23 02:35:05 | 000,000,272 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~WuaUVWTaYeXSwf
[2012/01/23 02:35:05 | 000,000,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~WuaUVWTaYeXSwfr
[2012/01/23 02:33:59 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\WuaUVWTaYeXSwf
[2012/01/23 01:46:03 | 000,000,272 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~KpnGZJBUHWVE1E
[2012/01/23 01:46:03 | 000,000,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~KpnGZJBUHWVE1Er
[2012/01/23 01:45:54 | 000,000,424 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\KpnGZJBUHWVE1E
[2012/01/23 01:15:43 | 000,000,853 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/23 01:09:38 | 000,000,835 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\System Check.lnk
[2012/01/23 01:09:38 | 000,000,272 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~rOsrqHAnI5sNKX
[2012/01/23 01:09:38 | 000,000,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~rOsrqHAnI5sNKXr
[2012/01/23 01:09:29 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\rOsrqHAnI5sNKX
[2012/01/23 01:03:31 | 000,456,952 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ScFifFUnavADgjd.exe
[2012/01/16 01:32:44 | 000,008,016 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\8da2f173
[2012/01/16 01:32:44 | 000,008,007 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ffd614a0
[2012/01/16 01:32:44 | 000,008,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\ba1244a5
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/09 18:40:55 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2009/02/07 16:05:22 | 000,000,799 | -H-- | C] () -- C:\WINDOWS\disney.ini
[2007/01/31 08:01:34 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/26 17:57:46 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/26 17:54:45 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2007/01/26 17:30:59 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe
[2007/01/26 17:29:54 | 000,000,473 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:24:19 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,118,952 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,382,260 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,053,838 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

Second text file (extras.txt):

OTL Extras logfile created on: 24/01/2012 00:25:59 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.37 Mb Total Physical Memory | 74.65 Mb Available Physical Memory | 14.86% Memory free
1.20 Gb Paging File | 0.42 Gb Available in Paging File | 35.05% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.81 Gb Total Space | 42.48 Gb Free Space | 76.12% Space Free | Partition Type: NTFS

Computer Name: DELLD520-NB | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe" = C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint SafeCare Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 22
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel® PROSet/Wireless Software
"RadialpointClientGateway_is1" = Virgin Media Service Manager 4.1.16
"SearchAssist" = SearchAssist
"Shockwave" = Shockwave
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Edited by Duncan63, 23 January 2012 - 06:38 PM.

  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,639 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the appropriate forum and wait for help.

Hi and welcome to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Next:

Have you got a Genuine XP Installation CD-ROM that we can use or not?

Also please try booting up your Son's machine again and let me know if the same problem you mentioned in your waiting room topic, thank you.
  • 0

#3
Duncan63

Duncan63

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi, and thanks for attempting to help me!

In response to your queries:

1. No, unfortunately I do not have access to the original installation software. The PC was supplied a few years ago by the local Education Authority and they have since lost interest in it (I don't think they have any record that we still have it!) so I wouldn't know who to approach. It was, however, genuine, legit software.

2. Same problem still exists - I power up and I get the same "Windows could not start..." message as soon as it tries to boot.
  • 0

#4
Duncan63

Duncan63

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Again - just occurred to me - did you also get the additional message that I posted when I moved this post to the "waiting room" regarding having run Malwarebytes Anti-Malware and the subsequent issue following the fix that resulted from that?
  • 0

#5
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,639 posts
Hi. :)

Hi, and thanks for attempting to help me!

You're welcome!

1. No, unfortunately I do not have access to the original installation software. The PC was supplied a few years ago by the local Education Authority and they have since lost interest in it (I don't think they have any record that we still have it!) so I wouldn't know who to approach. It was, however, genuine, legit software.

2. Same problem still exists - I power up and I get the same "Windows could not start..." message as soon as it tries to boot.

Fair play and aye I am aware your son's machine is from the Carlton Digby School and or was connected to that particular local education LAN(local area network) at one time. However without the XP Installation CD-ROM I may not be able to assist you fully...

Hi Again - just occurred to me - did you also get the additional message that I posted when I moved this post to the "waiting room" regarding having run Malwarebytes Anti-Malware and the subsequent issue following the fix that resulted from that?

Aye I am, if able I would like to be review that log in due course.

Anyway for now try this for me please to see if we can get your Son's machine to boot up at all...

Reboot into Safe Mode:

How to boot into Safe Mode:

Restart the computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode, do so.

If any problems refer to this tutorial.

Next:

In Safe Mode when the Windows Advanced Options menu appears use the Arrow(On the number pad part of the keyboard)keys to select Last Known Good Configuration (your most recent settings that worked), and then press the Enter/Return key.

Next:

Let myself know the outcome before proceeding any further please.
  • 0

#6
Duncan63

Duncan63

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi, Scary you can find that out - we took him out of Carlton Digby over 3 years ago - kept coming home with unexplained bruises. I assume there is some info about his machine associatd with the IP address that I'm now on, as we obviously share a wireless router? Anyway, the machine was his, from the LEA, and the only reason Carlton Digby got involved with it was so he could access the Internet over their LAN when he took his machine to school. I did ask them to flatpack it when he left to remove al trace of them but they failed! I'm sure that in the worst case I could return his machine to the LEA, but I'm scared it'll disappear into a big black hole and we'll never see it again, and it's his lifeblood, so I'd prefer to fix it without involving them, if possible.

Anyway, regarding the problem, when I restart in safe mode and select last known good configuration it asks me to select OS, so when I select XP Pro (the only option available) it comes up with the same initial boot problem, i.e. "Windows could not start...........<Windowsroot>\system32\hal.dll". Could I not simply copy this file onto a USB drive from my good machine and install it on the broken one - I bet it's not as easy as that?!!!!
  • 0

#7
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,639 posts
Hi. :)

I apoligise for the delay as I am rarely online at the weekends and neglected to mention that(have updated my signature to reflect such)...

I assume there is some info about his machine associated with the IP address that I'm now on

We can deal with that in due course.

I have read the rest you posted and acknowledge such, I will try my best to rectify your son's machines ongoing issues as follows...

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer

  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert it back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
  • 0

#8
Duncan63

Duncan63

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thanks for your continued support!

Having a bit of a problem with this......

When I expand mnt in xPUD all I see is sda1, sda2, sda3 - no sdb..... i.e. not seeing the USB. It definitely has driver.sh on it - I reinserted it back into my good machine and it is there, but when I put it in the bad machine I'm not seeing it (unless there's a problem with the USB, but I've tried a couple of different USB ports).

?????

Thanx!
  • 0

#9
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,639 posts
Hi. :)

Thanks for your continued support!

You're welcome!

When I expand mnt in xPUD all I see is sda1, sda2, sda3 - no sdb..... i.e. not seeing the USB. It definitely has driver.sh on it - I reinserted it back into my good machine and it is there, but when I put it in the bad machine I'm not seeing it (unless there's a problem with the USB, but I've tried a couple of different USB ports).

It may be the USB ports on your son's machine have been hindered by malware and or just not working. If the former should not be a problem since the machine is running via xPUD.

OK try this please as follows:-

Boot up your son's machine with xPUD but without the USB drive inserted.

Once booted up, insert the USB Drive and check if in the top right hand corner the below is visible after a short time:-

Device Found
/mntsdb1 Mounted


If so carry out my prior instructions to create/retrieve the report.txt.

In the event the USB drive is still is still not recognised:-

Back at the xPUD desktop click on Setting >> System Info >> mount

Check if a entry at the bottom for /dev sdb1 on mnt/sdb1 etc etc

If not proceed to the below please...

Next:

Remove the USB Drive from your son's machine and insert in your good machine >> click on Start >> Computer(or My Computer depending on which Operating System in use) >> right-click on the drive icon for the USB Drive >> Properties

Make a note of the File system: in use, be it Fat16/Fat32 or NTFS and inform me in your next reply what it is.

Next:

Please also inform myself what exact make and modal your son's machine is and also do you have access to another XP Installation CD-ROM at all? As we could use that to actually boot-up your son's machine to what is known as the Recovery Console and see if we could implement some repairs that way and possibly get it to boot-up again.
  • 0

#10
Duncan63

Duncan63

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi again :wacko: !

Have tried as you advised and no joy - tried all 4 USB ports and even a different USB drive and still not seeing it - System Information>>Mount showing sda1 and sda2 but no sdb, so looks like the ports have been disabled?

File system for the USB Drive is simply showing in Properties as FAT, not Fat16/Fat32.

Bad machine is Dell Latitude D520, running XP Pro, this (good) machine is Dell Inspiron 1300, running XP Home. Yes, I do have the Installation Disc for this machine (somewhere - have to find it!!!) - does it matter that it's XP Home rather than XP Pro - will I lose anything from the bad machine?

Thanks again for your help!
  • 0

Advertisements


#11
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,639 posts
Hi. :)

Have tried as you advised and no joy - tried all 4 USB ports and even a different USB drive and still not seeing it - System Information>>Mount showing sda1 and sda2 but no sdb, so looks like the ports have been disabled?

Possible and or a actual hardware failure.

File system for the USB Drive is simply showing in Properties as FAT, not Fat16/Fat32.

OK that is quite a old file system but surprisingly many USB Drives purchased still utilise such. Anyway if fine by yourself, format the USB drive to either Fat32 or NTFS...

To do so right-click on the drive when conneceted to your machine and select Format...

In the File System drop down menu, select either Fat32 or NTFS >> under the Format options >> select Quick Format >> Start

Note: Once we have finished with your USB Drive you can re-format back again to the original format if you so wish.

Once completed, re-download driver.sh to the USB Drive >> then see if my original instructions here can be completed.

Bad machine is Dell Latitude D520, running XP Pro

Unfortunately for us in this instance, your son's Dell machine does not have what is known as a Recovery Partition. It was a long shot myself asking being honest as I saw no evidence of such in the OTL log you posted.

Basically the machine requires both the actual Dell Operating System CD-ROM and Dell Drivers and Utilities CD-ROM, which I am aware you do not have if I advised a actual reformat and reinstallation of the Windows Operating System.

does it matter that it's XP Home rather than XP Pro - will I lose anything from the bad machine?

Not in the least for using the CD-ROM to merely access the Recovery Console feature on the aforementioned.
  • 0

#12
Duncan63

Duncan63

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hiya,

Reformatted the USB Drive as Fat32, re-downloaded driver.sh to it, followed your instructions and bad machine still not seeing anything on the USB ports.

I have the Dell OS, Drivers, Utilities discs for the (good) Inspiron, but not for the (bad) Latitude. Not looking good, is it..............?

Is there no way that I can download driver.sh to the DVD Drive, rather than USB Drive? (Excuse my ignorance if that's a stupid question!)

Thanks again!!

:huh:
  • 0

#13
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,639 posts
Please bare with me, I have asked for a second opinion from a well respected colleague mine how we may best continiue. :)
  • 0

#14
Duncan63

Duncan63

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OK - thank you! :whistling:
  • 0

#15
Duncan63

Duncan63

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hiya,

Is there anything else to be done on this, or am I chasing a lost cause - I'd be grateful if you could let me know, thanks. (I am in the process of trying to track down the installation discs but I do't know if I'll be successful.)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP