Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

logonUI.exe unable to locate component. wtsapi32.dll not found [Solved


  • This topic is locked This topic is locked

#1
cuda67

cuda67

    Member

  • Member
  • PipPip
  • 37 posts
hi,
after opening a gumtree email i lost my internet connection, so rebooted and got logonUI.exe unable to locate component. this app failed to start because WTSAPI32.dll was not found. re-installing the app may fix this problem, i have to click on ok three times to advance.

i can log on and some programs work but others will not open. i have tried cmd prompt to scannow but i cannot get it to work. also cannot get admin rights to work. i have my vista disc, am using a dell desk top.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have a USB stick to enable the transfer of files and logs ?

If so then on the Host (Clean ) Computer run the following programme with the USB stick you are intending to use plugged in

Download and run Panda Vaccinate following the instructions on the download page

Then download the following programmes to the USB stick and copy to the infected system desktop and run them from there. Once they have run then copy the logs to the USB and from the clean computer upload them here

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\afd /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Second programme

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Final programme

run farbar service scanner

Posted Image
Tick "Internet services" and "Windows Firewall" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#3
cuda67

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
hi, thanks for taking this on. i have downloaded the programs to a stick and am running otl now.
will post logs if i can get them onto my stick. did you read my post in the waiting room, it gave a bit more detail.
also please remember i can only run programs from a stick in safe mode with cmd prompt.

Edited by cuda67, 08 January 2012 - 02:06 PM.

  • 0

#4
cuda67

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Here's the logs, could only get one OTL notepad not the extras log.


Farbar Service Scanner
Ran by brian (administrator) on 08-01-2012 at 20:10:37
Microsoft® Windows Vista™ Home Premium (X86)
Boot Mode: Minimal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.
Checking LEGACY_Nsi: Attention! Unable to open LEGACY_Nsi\0000 registry key. The key does not exist.

nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2006-11-02 08:56] - [2006-11-02 09:46] - 0204800 ____A (Microsoft Corporation)

C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-08 20:08:18
-----------------------------
20:08:18.970 OS Version: Windows 6.0.6000
20:08:18.970 Number of processors: 2 586 0x6B02
20:08:18.970 ComputerName: BRIAN-PC UserName: brian
20:08:20.406 Initialize success
20:08:38.782 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
20:08:38.782 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
20:08:38.782 Disk 0 MBR read successfully
20:08:38.782 Disk 0 MBR scan
20:08:38.782 Disk 0 Windows VISTA default MBR code
20:08:38.782 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
20:08:38.798 Disk 0 scanning sectors +1953521664
20:08:38.845 Disk 0 scanning C:\Windows\system32\drivers
20:08:42.792 Service scanning
20:08:43.790 Modules scanning
20:08:45.350 Disk 0 trace - called modules:
20:08:45.397 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
20:08:45.397 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84d155a0]
20:08:45.397 3 ntkrnlpa.exe[824b07e2] -> nt!IofCallDriver -> [0x85b26a80]
20:08:45.397 5 acpi.sys[804d632a] -> nt!IofCallDriver -> \Device\00000059[0x8572aca0]
20:08:45.397 Scan finished successfully
20:09:25.879 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
20:09:25.894 The log file has been saved successfully to "J:\aswMBR log.txt"





OTL logfile created on: 08/01/2012 20:01:09 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = J:\
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 88.53% Memory free
6.05 Gb Paging File | 5.87 Gb Available in Paging File | 97.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 664.71 Gb Free Space | 71.36% Space Free | Partition Type: NTFS
Drive E: | 2.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 3.76 Gb Total Space | 3.63 Gb Free Space | 96.70% Space Free | Partition Type: FAT32

Computer Name: BRIAN-PC | User Name: brian | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/08 19:30:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- J:\OTL.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2006/11/02 09:44:59 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/10/15 08:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/29 07:54:00 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2007/06/28 13:05:40 | 000,131,072 | ---- | M] (Dell) [Auto | Stopped] -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe -- (deMntrService)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 12:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/10/15 08:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/08/02 09:43:54 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/08/02 09:43:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/05/27 18:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/06/23 09:23:44 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/22 16:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2009/06/09 23:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/10/21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008/10/21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008/10/21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008/10/21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008/10/21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008/10/21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008/10/21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/08/18 18:58:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/08/01 12:51:00 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/22 11:11:00 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\NVAMACPI.sys -- (nvamacpi)
DRV - [2007/05/11 09:59:00 | 000,017,536 | ---- | M] (Olivetti-Engineering SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\desrvusb.sys -- (DESVUSB)
DRV - [2006/11/02 07:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2379901808-2792845267-3761982873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2379901808-2792845267-3761982873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2379901808-2792845267-3761982873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/12/22 13:53:15 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DeStatusMon] C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe (Dell)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2379901808-2792845267-3761982873-1000..\Run: [Google Update] "C:\Users\brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKU\S-1-5-21-2379901808-2792845267-3761982873-1000..\Run: [RDReminder] File not found
O4 - HKU\S-1-5-21-2379901808-2792845267-3761982873-1000..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background File not found
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C554416-D74B-4652-A900-D53C91B5F6F9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\brian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\brian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 20:00:00 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4e11b8ad-97f4-11e0-8817-001e4f564a31}\Shell\AutoRun\command - "" = K:\pccompanion\Startme.exe
O33 - MountPoints2\{4e11b8ad-97f4-11e0-8817-001e4f564a31}\Shell\menu1\command - "" = K:\pccompanion\Startme.exe
O33 - MountPoints2\{524b3d1e-88f7-11e0-82fb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{524b3d1e-88f7-11e0-82fb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2006/11/02 20:00:00 | 000,109,160 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2006/11/02 20:00:00 | 000,109,160 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/08 19:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2012/01/08 19:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/01/06 10:37:22 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Roaming\dll-files.com
[2012/01/06 10:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files.com Fixer
[2012/01/06 10:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Dll-Files.com Fixer
[2012/01/05 10:22:26 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/01/05 10:22:26 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2012/01/05 10:22:12 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/12/19 21:29:29 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Local\Mozilla
[2011/12/17 12:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/08 19:43:57 | 000,620,156 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/08 19:43:57 | 000,107,688 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/08 19:39:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/08 19:24:00 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/08 19:23:59 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 10:49:36 | 000,000,680 | ---- | M] () -- C:\Users\brian\AppData\Local\d3d9caps.dat
[2012/01/06 10:37:14 | 000,001,823 | ---- | M] () -- C:\Users\brian\Desktop\DLL-Files.com FIXER.lnk
[2012/01/06 10:37:14 | 000,001,807 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\DLL-Files.com FIXER.lnk
[2012/01/06 10:18:42 | 000,228,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/05 18:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/05 10:33:45 | 229,166,552 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/02 20:06:43 | 000,000,940 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/28 21:48:30 | 000,035,328 | ---- | M] () -- C:\Users\brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 21:00:06 | 000,002,561 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Dell Printer AIO Supplies - Inkjet.lnk
[2011/12/28 13:15:04 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 11:29:02 | 141,687,319 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/12/26 18:56:35 | 000,249,160 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/12/19 16:20:58 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/18 13:30:10 | 000,000,953 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/17 12:51:22 | 000,000,981 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
[2011/12/17 12:51:22 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/06 10:37:14 | 000,001,823 | ---- | C] () -- C:\Users\brian\Desktop\DLL-Files.com FIXER.lnk
[2012/01/06 10:37:14 | 000,001,807 | ---- | C] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\DLL-Files.com FIXER.lnk
[2012/01/05 13:22:11 | 000,000,680 | ---- | C] () -- C:\Users\brian\AppData\Local\d3d9caps.dat
[2011/12/28 14:38:45 | 229,166,552 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/19 16:20:58 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/17 12:51:22 | 000,000,981 | ---- | C] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
[2011/12/17 12:51:22 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2011/11/09 16:53:30 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/08/17 10:39:20 | 000,004,076 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011/08/17 10:39:20 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\2F830017D8.sys
[2011/08/07 16:03:39 | 001,353,296 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2011/06/22 21:41:07 | 000,024,206 | ---- | C] () -- C:\Users\brian\AppData\Roaming\UserTile.png
[2011/06/16 21:50:28 | 000,035,328 | ---- | C] () -- C:\Users\brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/26 06:38:00 | 000,002,595 | ---- | C] () -- C:\Windows\System32\d1wiaUiStr.bin
[2006/11/02 19:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,228,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,620,156 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,107,688 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 07:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 07:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

========== LOP Check ==========

[2011/10/27 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\AMS
[2011/11/22 11:54:29 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\Auslogics
[2011/05/29 09:14:59 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\AVG10
[2011/11/04 19:57:19 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\Azureus
[2012/01/06 10:37:22 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\dll-files.com
[2011/12/17 12:52:04 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\HTC
[2011/10/16 11:43:12 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/06/22 21:41:07 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\PeerNetworking
[2012/01/02 20:15:37 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\uTorrent
[2011/12/28 00:28:49 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: EXPLORER.EXE >
[2011/05/20 11:07:53 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\explorer.exe
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/05/20 11:07:53 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/05/27 19:32:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/05/27 19:32:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011/05/20 11:07:53 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011/05/27 19:32:01 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/05/20 11:07:52 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/05/27 19:32:01 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/08/27 03:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows.old\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2011/05/20 11:42:54 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/08/27 02:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows.old\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2011/05/20 11:42:53 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2011/05/20 11:07:53 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2011/05/27 19:32:01 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/18 22:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows.old\Windows\System32\svchost.exe
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/18 22:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows.old\Windows\System32\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old\Windows\System32\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\services\NetBT/s >
Invalid Switch: s


< HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\services\NetBIOS/s >
Invalid Switch: s


< HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\services\afd/s >
Invalid Switch: s


< hklm\software\clients\startmenuinternet|command/rs >
Invalid Switch: rs


< hklm\software\clients\startmenuinternet|command/64/rs >
Invalid Switch: rs


< C:Windows\assembly\tmp\U\*.*/s >

< %Temp%\smtmp\1*.* >

< %Temp%\smtmp\2*.* >

< %Temp%\smtmp\3*.* >

< %Temp%\smtmp\4*.* >

< End of report >
  • 0

#5
cuda67

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
i will be away from my computer from 06.00 to 15.00 throughout the week due to work. again many thanks for taking this on, i will be donating when we are done.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi the malware has destroyed some of your service registry keys

Do you have access to another Vista machine to export the entries from ?

Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.
Checking LEGACY_Nsi: Attention! nable to open LEGACY_Nsi\0000 registry key. The key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


There is also a file missing which we will need to search for

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    dhcpcsvc.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#7
cuda67

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
i only have a pc with windows 7 on, but i do have the vista repair disc, i will run otl now and post the log for you.
can i ask where in darkest cornwall are you, im in newquay.
  • 0

#8
cuda67

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Here's the logs
The extras log from yesterday


OTL Extras logfile created on: 08/01/2012 20:01:10 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = J:\
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 88.53% Memory free
6.05 Gb Paging File | 5.87 Gb Available in Paging File | 97.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 664.71 Gb Free Space | 71.36% Space Free | Partition Type: NTFS
Drive E: | 2.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 3.76 Gb Total Space | 3.63 Gb Free Space | 96.70% Space Free | Partition Type: FAT32

Computer Name: BRIAN-PC | User Name: brian | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BECAA627-A08C-42AF-AAB5-388FAE13F7E3}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049B62BA-2904-4BF5-8DDD-E2E411A97AD1}" = protocol=6 | dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |
"{32FAB27D-7A4B-416C-BE44-316C4BEE9CDB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{3A3B5D88-222F-4AC8-A868-087732223E73}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{400914F6-BB8C-499B-9751-03642A90DED1}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{52D107B4-8497-4E1E-A5DD-15BDB0141236}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{52F4E6CD-3B1C-45EC-A080-502210531C8D}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{82E74921-C041-4561-8DC9-AAA5501E205F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{8EE1AA99-A637-453B-A654-D0B8FBE75165}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{912F2EA1-B8AE-43BA-B56A-A274B9F0FBED}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{9BA7F55E-82D3-4805-9B41-1417B87A7CBB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{B26B7259-339F-44BB-BD63-EAA9688D8208}" = protocol=17 | dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |
"{B77C7035-91F5-42A1-ACDB-598E26B82DDF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{BC4689BC-85A0-417E-A49F-C7140C171193}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C9FD9F25-6847-4A1D-B3C4-8B891A56B777}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{EB019DE5-7AD2-40D4-9158-42A88A658423}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F9F31ED0-5952-4BBE-802B-E0B3E5DE5729}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{FE03C99A-5884-4441-845A-DEF31DADF301}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"TCP Query User{361EE8AD-AC40-4D2F-8645-F7162593C073}C:\program files\dell\mfp_dell\deupdater.exe" = protocol=6 | dir=in | app=c:\program files\dell\mfp_dell\deupdater.exe |
"TCP Query User{3F68412B-5041-4B93-81D9-2CB3399986C8}C:\program files\belkin\belkin usb print and storage center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |
"TCP Query User{8C8324E3-7AE8-40E9-BBBD-DC6BC5C37472}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{C323614A-2B61-47A7-9E0C-E8D780D032D1}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{1C608E66-42FA-4C53-B2C6-7B9EB8E6C5F7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{558F61C8-0116-4BBC-89C9-30AFF48058E6}C:\program files\dell\mfp_dell\deupdater.exe" = protocol=17 | dir=in | app=c:\program files\dell\mfp_dell\deupdater.exe |
"UDP Query User{F9FD97F8-523C-4C0D-85B5-04BB216CD35A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{FE196D40-9FC9-4094-B041-E1508265EE0A}C:\program files\belkin\belkin usb print and storage center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00762C8C-31A8-4892-9960-587872CAE77C}" = Dell All-In-One Center
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C933E76-5795-48D2-BB38-1FFD64AACA4F}" = BlackBerry Device Manager 6.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.1.2903
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{526B2AE8-73DF-4CE0-B140-9968677A7C93}" = HTC Sync
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{656A70D4-98FD-41F8-B172-575F60C922BB}" = AVG 2011
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BEC98AB1-991D-4A2D-9FDD-10F3DEBAF568}" = Dell Photo AIO 928
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{FA1162AE-AF27-44A9-9C78-0C46BD44D75F}" = AVG 2011
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2011
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center
"BelkinDailyDj" = Belkin Daily DJ
"BelkinLabeler" = Belkin Music Labeler
"BlackBerry_{1C933E76-5795-48D2-BB38-1FFD64AACA4F}" = BlackBerry Device Manager 6.1
"CCleaner" = CCleaner
"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer
"Easy Hi-Q Recorder_is1" = Easy Hi-Q Recorder 2.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

OTL logfile created on: 09/01/2012 19:48:20 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = J:\
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 88.85% Memory free
6.05 Gb Paging File | 5.88 Gb Available in Paging File | 97.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 664.73 Gb Free Space | 71.36% Space Free | Partition Type: NTFS
Drive E: | 2.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 3.76 Gb Total Space | 3.63 Gb Free Space | 96.69% Space Free | Partition Type: FAT32

Computer Name: BRIAN-PC | User Name: brian | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/08 19:30:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- J:\OTL.exe
PRC - [2006/11/02 09:44:59 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/10/15 08:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/29 07:54:00 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2007/06/28 13:05:40 | 000,131,072 | ---- | M] (Dell) [Auto | Stopped] -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe -- (deMntrService)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 12:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/10/15 08:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/08/02 09:43:54 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/08/02 09:43:54 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/05/27 18:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/06/23 09:23:44 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/22 16:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2009/06/09 23:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/10/21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008/10/21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008/10/21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008/10/21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008/10/21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008/10/21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008/10/21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/08/18 18:58:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/08/01 12:51:00 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/22 11:11:00 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\NVAMACPI.sys -- (nvamacpi)
DRV - [2007/05/11 09:59:00 | 000,017,536 | ---- | M] (Olivetti-Engineering SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\desrvusb.sys -- (DESVUSB)
DRV - [2006/11/02 07:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2379901808-2792845267-3761982873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2379901808-2792845267-3761982873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2379901808-2792845267-3761982873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/12/22 13:53:15 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DeStatusMon] C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe (Dell)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2379901808-2792845267-3761982873-1000..\Run: [Google Update] "C:\Users\brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKU\S-1-5-21-2379901808-2792845267-3761982873-1000..\Run: [RDReminder] File not found
O4 - HKU\S-1-5-21-2379901808-2792845267-3761982873-1000..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C554416-D74B-4652-A900-D53C91B5F6F9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\brian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\brian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 20:00:00 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4e11b8ad-97f4-11e0-8817-001e4f564a31}\Shell\AutoRun\command - "" = K:\pccompanion\Startme.exe
O33 - MountPoints2\{4e11b8ad-97f4-11e0-8817-001e4f564a31}\Shell\menu1\command - "" = K:\pccompanion\Startme.exe
O33 - MountPoints2\{524b3d1e-88f7-11e0-82fb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{524b3d1e-88f7-11e0-82fb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2006/11/02 20:00:00 | 000,109,160 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2006/11/02 20:00:00 | 000,109,160 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/08 19:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2012/01/08 19:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/01/06 10:37:22 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Roaming\dll-files.com
[2012/01/06 10:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files.com Fixer
[2012/01/06 10:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Dll-Files.com Fixer
[2012/01/05 10:22:26 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/01/05 10:22:26 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2012/01/05 10:22:12 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/12/19 21:29:29 | 000,000,000 | ---D | C] -- C:\Users\brian\AppData\Local\Mozilla
[2011/12/17 12:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/09 19:49:12 | 000,620,156 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/09 19:49:12 | 000,107,688 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/09 19:44:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/08 21:14:07 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/08 21:14:07 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/08 21:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/08 20:05:28 | 000,000,680 | ---- | M] () -- C:\Users\brian\AppData\Local\d3d9caps.dat
[2012/01/06 10:37:14 | 000,001,823 | ---- | M] () -- C:\Users\brian\Desktop\DLL-Files.com FIXER.lnk
[2012/01/06 10:37:14 | 000,001,807 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\DLL-Files.com FIXER.lnk
[2012/01/06 10:18:42 | 000,228,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/05 10:33:45 | 229,166,552 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/02 20:06:43 | 000,000,940 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/28 21:48:30 | 000,035,328 | ---- | M] () -- C:\Users\brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 21:00:06 | 000,002,561 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Dell Printer AIO Supplies - Inkjet.lnk
[2011/12/28 13:15:04 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 11:29:02 | 141,687,319 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/12/26 18:56:35 | 000,249,160 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/12/19 16:20:58 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/18 13:30:10 | 000,000,953 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/17 12:51:22 | 000,000,981 | ---- | M] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/06 10:37:14 | 000,001,823 | ---- | C] () -- C:\Users\brian\Desktop\DLL-Files.com FIXER.lnk
[2012/01/06 10:37:14 | 000,001,807 | ---- | C] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\DLL-Files.com FIXER.lnk
[2012/01/05 13:22:11 | 000,000,680 | ---- | C] () -- C:\Users\brian\AppData\Local\d3d9caps.dat
[2011/12/28 14:38:45 | 229,166,552 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/19 16:20:58 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/17 12:51:22 | 000,000,981 | ---- | C] () -- C:\Users\brian\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
[2011/11/09 16:53:30 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/08/17 10:39:20 | 000,004,076 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011/08/17 10:39:20 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\2F830017D8.sys
[2011/08/07 16:03:39 | 001,353,296 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2011/06/22 21:41:07 | 000,024,206 | ---- | C] () -- C:\Users\brian\AppData\Roaming\UserTile.png
[2011/06/16 21:50:28 | 000,035,328 | ---- | C] () -- C:\Users\brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/26 06:38:00 | 000,002,595 | ---- | C] () -- C:\Windows\System32\d1wiaUiStr.bin
[2006/11/02 19:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,228,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,620,156 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,107,688 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 07:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 07:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

========== LOP Check ==========

[2011/10/27 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\AMS
[2011/11/22 11:54:29 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\Auslogics
[2011/05/29 09:14:59 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\AVG10
[2011/11/04 19:57:19 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\Azureus
[2012/01/06 10:37:22 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\dll-files.com
[2011/12/17 12:52:04 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\HTC
[2011/10/16 11:43:12 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/06/22 21:41:07 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\PeerNetworking
[2012/01/02 20:15:37 | 000,000,000 | ---D | M] -- C:\Users\brian\AppData\Roaming\uTorrent
[2011/12/28 00:28:49 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: DHCPCSVC.DLL >
[2006/11/02 09:46:03 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=17210D8064EC116A3FC6B5E45E577D43 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16386_none_d52367a431a4bea6\dhcpcsvc.dll
[2006/11/02 09:46:03 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=17210D8064EC116A3FC6B5E45E577D43 -- C:\Windows\System32\dhcpcsvc.dll
[2006/11/02 09:46:03 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=17210D8064EC116A3FC6B5E45E577D43 -- C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16386_none_d52367a431a4bea6\dhcpcsvc.dll
[2008/01/18 22:34:04 | 000,204,288 | ---- | M] (Microsoft Corporation) MD5=43A988A9C10333476CB5FB667CBD629D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\dhcpcsvc.dll
[2007/06/26 02:36:21 | 000,203,776 | ---- | M] (Microsoft Corporation) MD5=4E04126C04C38DA7FF86C2AFC87E89AC -- C:\Windows.old\Windows\SoftwareDistribution\Download\c2d16ac4059fdbd92f81e17f676ecf22\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.20627_none_d5eee80d4a90ca6f\dhcpcsvc.dll
[2011/05/20 10:50:39 | 000,203,776 | ---- | M] (Microsoft Corporation) MD5=4E04126C04C38DA7FF86C2AFC87E89AC -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.20627_none_d5eee80d4a90ca6f\dhcpcsvc.dll
[2007/06/26 02:49:06 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=DC45739BC22D528D2B3E50D3F6761750 -- C:\Windows.old\Windows\SoftwareDistribution\Download\c2d16ac4059fdbd92f81e17f676ecf22\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16512_none_d56b19bc316f9001\dhcpcsvc.dll
[2011/05/20 10:50:39 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=DC45739BC22D528D2B3E50D3F6761750 -- C:\Windows.old\Windows\System32\dhcpcsvc.dll
[2011/05/20 10:50:39 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=DC45739BC22D528D2B3E50D3F6761750 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16512_none_d56b19bc316f9001\dhcpcsvc.dll

< MD5 for: DHCPCSVC.DLL.MUI >
[2006/11/02 12:41:22 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=E06EC3316D23C00A77BF0E805EAB7DBE -- C:\Windows.old\Windows\System32\en-US\dhcpcsvc.dll.mui
[2006/11/02 12:41:22 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=E06EC3316D23C00A77BF0E805EAB7DBE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-d..lient-dll.resources_31bf3856ad364e35_6.0.6000.16386_en-us_53b03e5abd25559f\dhcpcsvc.dll.mui
[2006/11/02 12:41:22 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=E06EC3316D23C00A77BF0E805EAB7DBE -- C:\Windows\System32\en-US\dhcpcsvc.dll.mui
[2006/11/02 12:41:22 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=E06EC3316D23C00A77BF0E805EAB7DBE -- C:\Windows\winsxs\x86_microsoft-windows-d..lient-dll.resources_31bf3856ad364e35_6.0.6000.16386_en-us_53b03e5abd25559f\dhcpcsvc.dll.mui

< End of report >
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just down the road from you in Helston :lol:


In that case we may well be better off doing an inplace upgrade, you will not lose any data doing this. It is the equivalent of the XP repair install

Go to this page and read the destructions carefully a few times to familiarise yourself with it.. If you have any questions at all then just ask

How to perform a repair installation of Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2. Performing a repair installation will restore the current Windows installation to the version of the installation DVD. This also requires the installation of all updates that are not included on the installation DVD.

Note Performing a repair installation will not damage files and applications that are currently installed on your computer

.
  • 0

#10
cuda67

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
couldnt get the disc to work in vista, 1073741515 error box.
update will not work in safe mode, so tried a clean install. this wouldnt work due to the pc not being able to restart itself, so i helped it along. but after completing the install it said it couldnt run with the hardware. but the hardware hasnt been altered.
then the pc just rolled back all the changes and kept restarting itself.

so no joy there. is there a way i can grab the files i need from the disc on my windows 7 pc and transfer them by stick.
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye there are a variety of tools based on Linux which will enable you to recover the data you require, or we do have a PE disc which gives you a windows XP environment to transfer data. Reading the error code given it appears to be related to corrupt system files using C++

Once you have backed up the data then go for a clean install. This latest crop of malware seems to relish deleting registry keys.. and the ones relating to the internet are usually system specific, so are the most difficult to track down and fix

Let me know what interface you would prefer i.e. Linux or windows and we will proceed from there
  • 0

#12
cuda67

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
cheers, i have never heard of linux. i knew we would get to the complicated bit eventually.

i have managed to put all the personal files i need on a portable hard drive, so im up for a clean install. so give me whatever is simplest and treat me as a complete novice.
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK first thing to do is to install the windows CD and reboot

You will get the prompt "Press any key to boot from CD"
Just press a key

1.Turn on your computer and insert the Windows Vista DVD or CD.

2.On the Install Windows page, follow any instructions that might appear, and then click Install now.
Posted Image

3.On the Get important updates for installation page, we recommend getting the latest updates to help ensure a successful installation and to help protect your computer against security threats. You will need an Internet connection to get installation updates.

4.On the Type your product key for activation page, we strongly recommend that you type your 25-character product key to help avoid problems during activation.

5.On the Please read the license terms page, if you accept the license terms, click I accept the license terms.

6.Follow the instructions on each page. On the Which type of installation do you want? page, click Custom.

7.On the Where do you want to install Windows? page, select the partition where you want to install Windows. (This will be the drive windows is currently on)

8.Click Next to begin the installation. You might see a compatibility report.

9.Follow the instructions.
  • 0

#14
cuda67

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
can only load in safe mode. get to the copy files page and then while expanding files, the pc cant reboot itself so have to start again. am on my fourth attempt.
  • 0

#15
cuda67

cuda67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
no joy. it gets to the point where it wants to restart the pc then the installation stops. as windows cant reboot box comes up saying please shutdown all programs and restart the install.
i cant run the cd due to the 1073741515 error.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP