Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No internet and AFD issues after apparent removal of Tidserve Activity 2 Removal


  • This topic is locked This topic is locked
84 replies to this topic

#1 Richmo

Richmo

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 24 January 2012 - 05:43 PM

I am running Windows XP Pro Version 2002 with SP3 on a Dell Inspiron E1505. I have Norton 360running for internet and firewall protection. I was experiencing the BSOD frequently and finally Windows would not boot. A Norton scann gave me the following "Tidserve Activity 2 Threat requiring manual removal detected". I downloaded the TDSSKiller from Kaspersky and removed seemed to remove the threat. I was able to get Windows up and running, but since then have had the following issues:
1. Occasional popup window with the message "C:\Windows\System\MSVIDEO.DLL is not a valid windows image. Please check this against your installation diskette"
2. Internet access is not possible. The DHCP won't function due to dependencies, specifically AFD, which has a yellow exclamation point in the Device Manager. AFD won't start. So I'm currently working via a flash drive to transfer files from the laptop to a functioning desktop.
Is my system still infected?
Thanks very much-
Richmo
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dell at 22:46:39 on 2012-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.371 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\DOCUME~1\Dell\LOCALS~1\Temp:winupd.exe
C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [winupd] c:\docume~1\dell\locals~1\Temp:winupd.exe
uRun: [Epson Stylus NX510(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifia.exe /fu "c:\windows\temp\E_SD1B.tmp" /EF "HKCU"
uRun: [EPSON NX510 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifia.exe /fu "c:\windows\temp\E_S22.tmp" /EF "HKCU"
uRun: [Aim6]
mRun: [VMM Mode Selection] c:\program files\htc\modeselection\VMMModeSelection.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NSWosCheck] "c:\program files\norton systemworks premier\osCheck.exe"
mRun: [IntelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\dell\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111 configuration utility\wpn111.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks premier\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7EC816D4-6FC3-4C58-A7DA-A770EE461602} - hxxp://151.203.99.51/Ericom/WebConnect%205.6/web/windows/ptdownloader.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1228078171810&h=f831a1258ec97b086d6ef3ab10685961/&filename=jinstall-6u10-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{74B1783D-4FE3-4605-B47C-7F366CA6208A} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B8C634F0-7F3A-463D-8326-F0E53E2340F3} : NameServer = 192.168.0.1
TCP: Interfaces\{B8C634F0-7F3A-463D-8326-F0E53E2340F3} : DhcpNameServer = 192.168.0.1
Filter: text/html - {a732b819-192c-49a0-bc8c-60639d931b40} -
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2012-1-16 26872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-26 64512]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-5-2 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20111223.001\BHDrvx86.sys [2011-11-30 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-5-2 136312]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccsvchst.exe [2011-5-2 130008]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~1\norton~1\NPROTECT.EXE [2005-11-3 95832]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-12-1 1251720]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-16 24652]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-6-23 17149]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-1-15 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120113.002\IDSXpx86.sys [2012-1-13 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120115.009\NAVENG.SYS [2012-1-15 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120115.009\NAVEX15.SYS [2012-1-15 1576312]
S0 76778378;76778378;c:\windows\system32\drivers\29584334.sys --> c:\windows\system32\drivers\29584334.sys [?]
S3 ATHFMWDL;NETGEAR WPN111 Bootloader driver;c:\windows\system32\drivers\athwpn.sys [2009-6-23 43392]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2009-6-23 286720]
.
=============== Created Last 30 ================
.
2012-01-21 21:26:45 388096 ----a-r- c:\documents and settings\dell\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-21 21:26:38 -------- d-----w- c:\program files\Trend Micro
2012-01-19 22:18:43 138112 ----a-w- c:\windows\system32\afd.sys
2012-01-17 04:52:02 -------- d-----w- c:\documents and settings\dell\application data\FixTDSS
2012-01-16 21:08:02 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-01-15 17:23:29 -------- d-----w- C:\Healy Genealogy
.
==================== Find3M ====================
.
2011-12-29 15:19:09 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 22:48:28.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:00 AM

Posted 25 January 2012 - 04:23 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Yes, you are still infected.

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



If you choose to continue, please download the following on your clean computer and run it:

Running Flash Disinfector
Download Flash_Disinfector.exe by sUBs from HERE and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


NEXT:



Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:


Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. aswMBR log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
Agent ST.

Edited by SweetTech, 25 January 2012 - 04:24 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Richmo

Richmo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 25 January 2012 - 07:01 PM

Hi Agent ST-
Thanks for the quick response to my post. Here is the information you requested:

1. Comments/ questions- One piece of information I neglected to add to my first post was that I attempted to do a system restore at a couple of restore dates and both times received a message that system restore could not be done.

2. Here's the aswMBR log
aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-25 18:23:29
-----------------------------
18:23:29.843 OS Version: Windows 5.1.2600 Service Pack 3
18:23:29.843 Number of processors: 2 586 0xE08
18:23:29.843 ComputerName: DELL-7C86FD2F5A UserName: Dell
18:23:33.703 Initialize success
18:24:05.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:24:05.218 Disk 0 Vendor: SAMSUNG_HM060HI YD100-15 Size: 57231MB BusType: 3
18:24:05.296 Disk 0 MBR read successfully
18:24:05.296 Disk 0 MBR scan
18:24:05.296 Disk 0 Windows XP default MBR code
18:24:05.328 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
18:24:05.343 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 57176 MB offset 96390
18:24:05.375 Disk 0 scanning sectors +117194175
18:24:05.578 Disk 0 scanning C:\WINDOWS\system32\drivers
18:24:50.265 Service scanning
18:24:53.765 Service .rdpdr \* **LOCKED** 123
18:24:54.562 Modules scanning
18:25:41.937 Disk 0 trace - called modules:
18:25:41.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
18:25:41.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d56ab8]
18:25:41.984 3 CLASSPNP.SYS[f759dfd7] -> nt!IofCallDriver -> \Device\0000007f[0x86d13f18]
18:25:41.984 5 ACPI.sys[f7414620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d5c940]
18:25:41.984 Scan finished successfully
18:26:06.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dell\Desktop\MBR.dat"
18:26:06.531 The log file has been saved successfully to "C:\Documents and Settings\Dell\Desktop\aswMBR.txt"


3. Here's the Farbar Service Scanner log
Farbar Service Scanner Version: 18-01-2012 01
Ran by Dell (administrator) on 25-01-2012 at 18:28:23
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd: "%system root%\system32\drivers\afd.sys".


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2007-10-10 21:23] - [2007-09-19 23:49] - 0025944 ____A (Microsoft Corporation) D29AD7484B98279ED21877DE051A180F

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(11) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(12) NwlnkNb(13) PSched(7) s24trans(10) SYMTDI(9) Tcpip(4)
0x0D0000000500000001000000020000000300000004000000090000000600000007000000080000000A0000000B0000000C0000000D000000
IpSec Tag value is correct.

**** End of log ****

4. OTL.txt and Extras.txt
OTL logfile created on: 1/25/2012 6:31:16 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dell\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 320.84 Mb Available Physical Memory | 31.63% Memory free
1.63 Gb Paging File | 1.09 Gb Available in Paging File | 66.75% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 34.81 Gb Free Space | 62.34% Space Free | Partition Type: NTFS
Drive E: | 250.72 Mb Total Space | 151.62 Mb Free Space | 60.47% Space Free | Partition Type: FAT

Computer Name: DELL-7C86FD2F5A | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\DOCUME~1\Dell\LOCALS~1\Temp:winupd.exe
PRC - [2012/01/25 18:30:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
PRC - [2011/10/30 18:09:28 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/30 18:09:24 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/02/14 08:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2009/01/12 08:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/21 17:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/23 17:24:35 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/09/18 10:25:45 | 000,181,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks Premier\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/03/24 20:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/11/03 22:08:02 | 000,095,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks Premier\Norton Utilities\NPROTECT.EXE
PRC - [2005/07/22 21:52:30 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2005/07/22 21:47:12 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/07/22 21:46:52 | 000,401,408 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/02/23 18:57:24 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Mixer\CTSVolFE.exe
PRC - [2005/01/24 15:58:24 | 000,491,606 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WPN111 Configuration Utility\WPN111.exe
PRC - [2003/04/30 08:46:14 | 005,345,280 | ---- | M] (Advanced Book Exchange Inc.) -- C:\Program Files\HomeBase\HomeBase.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/05 12:55:56 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/12/05 12:54:51 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/10/13 18:03:32 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/10/13 18:03:28 | 000,589,184 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/10/13 18:01:12 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/08/18 14:25:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/02/14 08:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MOD - [2008/12/22 08:50:28 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/03/25 12:51:16 | 000,018,790 | ---- | M] () -- C:\WINDOWS\system32\ddmon.dll
MOD - [2008/01/23 17:24:35 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2008/01/23 17:24:35 | 000,362,376 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MOD - [2007/09/20 21:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/12/19 08:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2005/01/25 10:49:54 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\libeay32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/30 18:09:24 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/04 10:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/21 17:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/23 17:24:35 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/09/18 10:25:45 | 000,181,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks Premier\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/11/03 22:08:02 | 000,095,832 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks Premier\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2005/07/22 21:52:30 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2012/01/17 18:52:26 | 000,026,872 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\FixTDSS.sys -- (FixTDSS)
DRV - [2011/12/19 03:46:10 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120113.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/11/30 21:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 06:22:57 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/09 06:22:54 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/10/08 21:13:42 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120115.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/08 21:13:42 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120115.009\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/18 14:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/08/18 14:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/05/02 17:54:57 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/09/05 13:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/12/01 21:22:03 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/10/10 08:17:57 | 000,081,780 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2006/03/24 20:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/03 21:43:42 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2005/11/02 12:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/07/22 22:02:44 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/01/07 09:07:40 | 000,286,720 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WPN111.sys -- (WPN111)
DRV - [2004/10/14 17:24:00 | 000,043,392 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athwpn.sys -- (ATHFMWDL)
DRV - [2003/07/24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/23 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1004336348-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1004336348-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1004336348-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1004336348-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/09/30 05:36:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2012/01/23 17:30:34 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1004336348-412668190-682003330-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTSVolFE.exe] C:\Program Files\Creative\Mixer\CTSVolFE.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks Premier\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKU\S-1-5-21-1004336348-412668190-682003330-1003..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-1004336348-412668190-682003330-1003..\Run: [EPSON NX510 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1004336348-412668190-682003330-1003..\Run: [Epson Stylus NX510(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1004336348-412668190-682003330-1003..\Run: [winupd] C:\DOCUME~1\Dell\LOCALS~1\Temp:winupd.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-19..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111 Configuration Utility\WPN111.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\Dell\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7EC816D4-6FC3-4C58-A7DA-A770EE461602} http://151.203.99.51/Ericom/WebConnect%205.6/web/windows/ptdownloader.cab (PowerTerm Downloader Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1228078171810&h=f831a1258ec97b086d6ef3ab10685961/&filename=jinstall-6u10-windows-i586-jc.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74B1783D-4FE3-4605-B47C-7F366CA6208A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8C634F0-7F3A-463D-8326-F0E53E2340F3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8C634F0-7F3A-463D-8326-F0E53E2340F3}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/10 21:26:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/01/25 18:07:24 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/25 18:30:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
[2012/01/23 22:46:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Dell\Desktop\dds.scr
[2012/01/23 07:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/01/23 07:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Start Menu\Programs\HiJackThis
[2012/01/22 20:13:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/22 20:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/01/22 20:12:22 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dell\Desktop\erunt-setup.exe
[2012/01/21 16:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/19 17:18:43 | 000,138,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\afd.sys
[2012/01/17 07:06:54 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/01/16 23:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Application Data\FixTDSS
[2012/01/16 16:08:02 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys
[2012/01/16 15:52:44 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Dell\Desktop\FixTDSS.exe
[2012/01/15 12:23:29 | 000,000,000 | ---D | C] -- C:\Healy Genealogy
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Dell\Desktop\*.tmp files -> C:\Documents and Settings\Dell\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/25 18:30:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
[2012/01/25 18:26:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\MBR.dat
[2012/01/23 22:44:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dell\defogger_reenable
[2012/01/23 22:42:40 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\gmer.zip
[2012/01/23 22:41:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Dell\Desktop\dds.scr
[2012/01/23 22:39:18 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\Defogger.exe
[2012/01/23 17:38:36 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\HiJackThis.lnk
[2012/01/23 17:31:32 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/23 17:27:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/22 20:13:26 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Dell\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/01/22 20:13:12 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\NTREGOPT.lnk
[2012/01/22 20:13:12 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\ERUNT.lnk
[2012/01/22 20:09:18 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dell\Desktop\erunt-setup.exe
[2012/01/22 19:34:00 | 000,334,429 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\FSS.exe
[2012/01/21 11:41:18 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\HijackThis.msi
[2012/01/20 22:07:36 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/19 21:52:48 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/19 21:52:48 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/19 21:33:59 | 000,002,836 | ---- | M] () -- C:\Documents and Settings\Dell\My Documents\afd.reg
[2012/01/18 21:46:02 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/01/18 21:42:58 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/18 21:42:58 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/17 20:23:36 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/17 18:52:26 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys
[2012/01/17 18:16:04 | 001,956,910 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\tdsskiller1.zip
[2012/01/16 18:53:58 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/16 15:52:46 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Dell\Desktop\FixTDSS.exe
[2012/01/16 12:00:01 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2012/01/15 18:48:05 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2012/01/14 20:08:06 | 001,974,064 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dell\Desktop\TDSSKillervv.exe
[2012/01/05 22:10:22 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Dell\My Documents\9BCEC710
[2011/12/30 07:34:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/29 10:19:09 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Dell\Desktop\*.tmp files -> C:\Documents and Settings\Dell\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/25 18:26:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\MBR.dat
[2012/01/23 22:50:44 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\gmer.zip
[2012/01/23 22:46:29 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\Defogger.exe
[2012/01/23 22:44:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dell\defogger_reenable
[2012/01/22 20:13:26 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Dell\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/01/22 20:13:12 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\NTREGOPT.lnk
[2012/01/22 20:13:12 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\ERUNT.lnk
[2012/01/22 19:58:22 | 000,334,429 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\FSS.exe
[2012/01/21 16:26:41 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\HiJackThis.lnk
[2012/01/21 11:53:03 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\HijackThis.msi
[2012/01/19 21:33:58 | 000,002,836 | ---- | C] () -- C:\Documents and Settings\Dell\My Documents\afd.reg
[2012/01/18 21:46:05 | 000,001,661 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
[2012/01/17 18:15:51 | 001,956,910 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\tdsskiller1.zip
[2011/12/19 23:02:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/15 20:59:03 | 000,001,420 | ---- | C] () -- C:\Documents and Settings\Dell\Application Data\ac995af4
[2011/12/15 19:54:43 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Dell\Application Data\bb3cd2f1
[2011/12/15 00:07:59 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Dell\Application Data\5be12d0e
[2011/10/13 20:47:29 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/05/26 16:53:12 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/05/26 16:50:12 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/26 18:48:50 | 000,040,636 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/27 20:12:53 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2009/10/26 17:34:31 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2009/10/26 17:34:31 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/10/06 21:32:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009/09/27 21:29:39 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/09/27 21:29:39 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/09/27 21:29:39 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/09/27 21:29:39 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/09/27 21:29:39 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/09/27 21:29:38 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/09/27 21:29:38 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/09/27 21:29:38 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/09/27 21:29:38 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/09/27 21:29:38 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/09/27 21:29:38 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/09/27 21:29:38 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/09/27 21:29:38 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/09/27 21:29:38 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/09/27 21:29:38 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/09/27 21:29:38 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/09/27 21:24:06 | 000,000,060 | ---- | C] () -- C:\WINDOWS\EPNX510.ini
[2009/08/14 20:12:24 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2009/06/23 16:29:28 | 000,143,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2009/06/23 16:29:26 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/06/23 16:29:26 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/04/27 05:57:18 | 000,103,193 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2009/04/27 05:56:55 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/04/27 05:30:08 | 000,103,090 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp
[2009/04/27 05:30:08 | 000,004,445 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat.temp
[2009/04/26 22:29:37 | 000,004,445 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2009/04/14 21:02:43 | 000,339,456 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2008/12/27 19:11:37 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\w32mkde.exe
[2008/12/27 19:11:37 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\w32mkrc.dll
[2008/12/26 16:50:44 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/08 11:40:50 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2008/05/10 11:21:41 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/05/10 11:21:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/03/09 13:17:45 | 000,024,466 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/10/11 01:22:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2007/10/11 00:47:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007/10/11 00:47:39 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007/10/11 00:29:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/10 21:29:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/10/10 21:21:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/10/10 14:13:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/10/10 14:12:11 | 000,212,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/09 14:27:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ddcvt.exe
[2004/08/03 19:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >


OTL Extras logfile created on: 1/25/2012 6:31:16 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dell\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 320.84 Mb Available Physical Memory | 31.63% Memory free
1.63 Gb Paging File | 1.09 Gb Available in Paging File | 66.75% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 34.81 Gb Free Space | 62.34% Space Free | Partition Type: NTFS
Drive E: | 250.72 Mb Total Space | 151.62 Mb Free Space | 60.47% Space Free | Partition Type: FAT

Computer Name: DELL-7C86FD2F5A | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B7F3F1-5A2C-4FC8-A4C1-AF6FE3F8E9AA}" = Genline FamilyFinder
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{27555031-A116-4EC6-9991-7B400142A936}" = HP PSC & OfficeJet 6.1.A
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{31CB5EB3-1298-49E7-AFC7-11819768E124}" = Browntech Image Plugin
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR WPN111 Smart Wizard Wireless Utility
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77364F85-6219-4CB8-AAA0-6D53368D683D}" = Connection Keep Alive
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7CD7A451-7224-49C8-95EF-9A1859C66607}" = mZConfig
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E23C48E-5483-4971-BA50-089F2FABCD66}" = Norton SystemWorks
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}" = Norton SystemWorks Premier
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}" = MSRedist
"{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000-2010
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FB55BB78-2BC2-43E9-80FF-517A8D1AE3AD}" = Norton SystemWorks
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_6" = AIM 6
"BookHound 7ce 7.08" = BookHound 7ce 7.08
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Brother's Keeper 6.3" = Brother's Keeper 6.3
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"CTMBDemo_Audigy" = Sound Blaster Audigy ADVANCED MB Demo
"deskPDF 2.5 Professional_is1" = deskPDF 2.5 Professional Edition
"EOS Utility" = Canon Utilities EOS Utility
"EPSON NX510 Series" = EPSON NX510 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"HomeBase 2.3" = HomeBase 2.3
"HTC_WModemDriver" = WModem Driver Installer
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIXERLITE" = Mixer
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"N360" = Norton 360
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"ProInst" = Intel® PROSet/Wireless Software
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Savings Bond Wizard" = Savings Bond Wizard
"Stamps.com" = Stamps.com
"Stamps.com support for Microsoft Word 2000-2010" = Stamps.com support for Microsoft Word 2000-2010
"SymSetup.{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}" = Norton SystemWorks (Symantec Corporation)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1004336348-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.0.0.799

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2012 6:35:07 PM | Computer Name = DELL-7C86FD2F5A | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/23/2012 6:35:07 PM | Computer Name = DELL-7C86FD2F5A | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/23/2012 6:36:40 PM | Computer Name = DELL-7C86FD2F5A | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 1/23/2012 6:38:33 PM | Computer Name = DELL-7C86FD2F5A | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 1/23/2012 6:38:38 PM | Computer Name = DELL-7C86FD2F5A | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/23/2012 6:38:40 PM | Computer Name = DELL-7C86FD2F5A | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/23/2012 6:39:31 PM | Computer Name = DELL-7C86FD2F5A | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/23/2012 6:39:35 PM | Computer Name = DELL-7C86FD2F5A | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 1/23/2012 6:41:21 PM | Computer Name = DELL-7C86FD2F5A | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/23/2012 6:41:29 PM | Computer Name = DELL-7C86FD2F5A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/27/2011 3:20:21 PM | Computer Name = DELL-7C86FD2F5A | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000FB599076B. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 12/28/2011 8:05:51 AM | Computer Name = DELL-7C86FD2F5A | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec Core LC service.

Error - 12/28/2011 8:29:35 AM | Computer Name = DELL-7C86FD2F5A | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 12/28/2011 8:29:38 AM | Computer Name = DELL-7C86FD2F5A | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
connect.

Error - 12/29/2011 2:47:33 PM | Computer Name = DELL-7C86FD2F5A | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000FB599076B. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/29/2011 6:10:15 PM | Computer Name = DELL-7C86FD2F5A | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec Core LC service.

Error - 12/31/2011 10:08:50 PM | Computer Name = DELL-7C86FD2F5A | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000FB599076B. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/31/2011 10:08:55 PM | Computer Name = DELL-7C86FD2F5A | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000FB599076B. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 1/2/2012 10:05:39 AM | Computer Name = DELL-7C86FD2F5A | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000FB599076B. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 1/2/2012 9:31:32 PM | Computer Name = DELL-7C86FD2F5A | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000FB599076B. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.


< End of report >



5. My laptop is in the same state as it was before. I have not used it in any way since my post. Running Windows ok.

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:00 AM

Posted 26 January 2012 - 02:26 AM

Hi Richmo!

Do you happen to have your Windows XP disc?

1. Comments/ questions- One piece of information I neglected to add to my first post was that I attempted to do a system restore at a couple of restore dates and both times received a message that system restore could not be done.

Thanks for that information regarding the issue with the restore points.

We will need to run a registry fix.

We will first want to back-up your registry first.

ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

ERUNT utility program
Download:

  • Please download ERUNT...by Lars Hederer. Save it to your desktop.
  • Double-click erunt-setup-exe to start the install process. Follow the install prompts.
  • Use the default install settings...
    say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
  • Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.
Run:
  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


NEXT:



Please download the attached registry file AFD.reg to your desktop.

Double click on AFD.reg and when you get asked if you'd like to merge it with your registry, please select YES.


Attached File  afd.reg   2.29KB   8 downloads


NEXT:


OTL Fix

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O4 - HKU\S-1-5-21-1004336348-412668190-682003330-1003..\Run: [Aim6] File not found
    O4 - HKU\S-1-5-21-1004336348-412668190-682003330-1003..\Run: [winupd] C:\DOCUME~1\Dell\LOCALS~1\Temp:winupd.exe File not found
    O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
    O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
    O4 - HKU\S-1-5-19..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
    O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2012/01/15 18:48:05 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
    [2012/01/05 22:10:22 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Dell\My Documents\9BCEC710
    [2011/12/15 20:59:03 | 000,001,420 | ---- | C] () -- C:\Documents and Settings\Dell\Application Data\ac995af4
    [2011/12/15 19:54:43 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Dell\Application Data\bb3cd2f1
    [2011/12/15 00:07:59 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Dell\Application Data\5be12d0e
    [2011/05/26 16:53:12 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cfg
    [2010/09/27 20:12:53 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
    
    :Reg
    
    :Files
    net start Dhcp /c
    net start afd /c
    net start sharedaccess /c
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL Fix log.
3. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Richmo

Richmo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 26 January 2012 - 07:36 AM

1. I don't have an XP disk. I do have the Dell Operating Syatem installation DVD.
I can get an XP disk.

2. No comments/ questions yet
3. I backed up the registry and merged AFD.reg. All went well.
I pasted the OTLfix into Custom Scans/Fixes and presses Run Fix. The laptop immediately rebooted. It displayed the "Windows did not start successfully" screen. I let it time out to default to Start Windows Normally" and it got as far as the Windows XP screen with the status bar, then reverted back to the "Windows did not start successfully" screen. It cycled between these screens a couple of times, and then I chose Safe Mode, where it booted Windows and that's where I am now. I didn't find any OTL fix log in the location you indicated.
Richmo

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:00 AM

Posted 26 January 2012 - 08:28 AM

Hi!

Oh noes!

Can you see if you can get your hands on a Windows XP disc?? We may need to utilize it.

Please try this.

Last Known Good Configuration

Start the computer by using the last known good configuration. To start the computer by using the last known good configuration, follow these steps:

  • Restart your computer.
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • This will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll to Last Known Good Configuration
  • Then press the Enter Key on your Keyboard
  • Go into your usual account

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Richmo

Richmo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 26 January 2012 - 05:34 PM

Hi-
Last known good configuration worked. I'm now back in Windows normal mode.
I have a Windows XP Home Edition CD that came with my desktop, but have XP Pro on the laptop.
Also, I have the Dell Operating System disk.
Let me know what you think is the next step.
Richmo

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:00 AM

Posted 27 January 2012 - 03:52 AM

Hi Richmo!

Glad to hear you were able to boot into Last Known Good Configuration succesfully.

Please try running this tool:

Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Richmo

Richmo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 27 January 2012 - 06:25 PM

Hi-
Disabled Norton Anti-Virus, Firewall, Ad-Aware and ran ComboFix.
The ComboFix window popped up with "ComboFix is preparing to run". The system then rebooted into Windows successfully. A blue screen popped up very briefly at the start of the reboot. I have attached a screenshot of the Windows error message I received after the fact with the error signature, if that's a help. I'm standing by.
The system appears to be in the same state as before I tried running ComboFix.
Richmo

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:00 AM

Posted 28 January 2012 - 03:09 AM

Hi!

I don't see a file attached? Could you please try attaching it again for me?

I want to make sure we are on the same page here, you were not able to run the ComboFix successfully, correct?

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 Richmo

Richmo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 28 January 2012 - 07:05 AM

Hi- Sorry about the confusion. I forgot to press Attach. The error file is there now. I'm aasuming that ComboFx didn't run successfully. I have a ComboFix folder at C:\ComboFix, but no log. If I double-click on the folder I get a My Computer window with ComboFix as the title. The ComboFix window opened up and the last line of text I saw in the window before the system rebooted was "ComboFix is preparing to run".
Hope this info helped.

Attached Files



#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:00 AM

Posted 28 January 2012 - 08:01 AM

Can you try to run ComboFix again and see if you have better luck running it there?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 Richmo

Richmo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 28 January 2012 - 06:42 PM

I ran ComboFix again with the same results as before. The system still reboots after I see the ComboFix window saying "ComboFix is preparing to run". Before the reboot, A blue screen pops up for a second or two. I managed to get a photo of the blue screen. I hope the info there helps. Overall, the system behaves as it did before ComboFix was run.
Richmo

Attached Files



#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:00 AM

Posted 29 January 2012 - 04:24 AM

Hi!

Yes, that information is helpful.

Do you happen to have the TDSSKiller log from earlier when you ran it? If you do, it can be found in your C:\ drive.

Run this OTL custom scan for me:

OTL Custom Scan

We need to create a new OTL Report
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click on the NONE button at the top.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    afd.sys
    wuauserv.dll
    /md5stop
    
  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 Richmo

Richmo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 29 January 2012 - 07:45 AM

Hi-
1. Here is the TDSKiller report
18:48:20.0203 0272 TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41
18:48:20.0218 0272 ============================================================
18:48:20.0218 0272 Current date / time: 2012/01/17 18:48:20.0218
18:48:20.0218 0272 SystemInfo:
18:48:20.0218 0272
18:48:20.0218 0272 OS Version: 5.1.2600 ServicePack: 3.0
18:48:20.0218 0272 Product type: Workstation
18:48:20.0218 0272 ComputerName: DELL-7C86FD2F5A
18:48:20.0218 0272 UserName: Dell
18:48:20.0218 0272 Windows directory: C:\WINDOWS
18:48:20.0218 0272 System windows directory: C:\WINDOWS
18:48:20.0218 0272 Processor architecture: Intel x86
18:48:20.0218 0272 Number of processors: 2
18:48:20.0218 0272 Page size: 0x1000
18:48:20.0218 0272 Boot type: Safe boot with network
18:48:20.0218 0272 ============================================================
18:48:22.0781 0272 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:48:22.0906 0272 Initialize success
18:48:27.0484 1836 ============================================================
18:48:27.0484 1836 Scan started
18:48:27.0484 1836 Mode: Manual;
18:48:27.0484 1836 ============================================================
18:48:28.0859 1836 .rdpdr - ok
18:48:29.0312 1836 76778378 - ok
18:48:29.0703 1836 Abiosdsk - ok
18:48:30.0125 1836 abp480n5 - ok
18:48:30.0640 1836 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:48:30.0750 1836 ACPI - ok
18:48:31.0187 1836 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:48:31.0187 1836 ACPIEC - ok
18:48:31.0562 1836 adpu160m - ok
18:48:32.0062 1836 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:48:32.0140 1836 aec - ok
18:48:32.0593 1836 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:48:32.0609 1836 AegisP - ok
18:48:32.0984 1836 AFD - ok
18:48:33.0390 1836 Aha154x - ok
18:48:33.0796 1836 aic78u2 - ok
18:48:34.0203 1836 aic78xx - ok
18:48:34.0625 1836 AliIde - ok
18:48:35.0031 1836 amsint - ok
18:48:35.0531 1836 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:48:35.0578 1836 Arp1394 - ok
18:48:35.0968 1836 asc - ok
18:48:36.0375 1836 asc3350p - ok
18:48:36.0765 1836 asc3550 - ok
18:48:37.0265 1836 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:48:37.0281 1836 AsyncMac - ok
18:48:37.0734 1836 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:48:37.0734 1836 atapi - ok
18:48:38.0140 1836 Atdisk - ok
18:48:38.0640 1836 ATHFMWDL (37cdcd0d54b4d3f7ff866d1a996c620c) C:\WINDOWS\system32\Drivers\athwpn.sys
18:48:38.0656 1836 ATHFMWDL - ok
18:48:39.0109 1836 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:48:39.0140 1836 Atmarpc - ok
18:48:39.0578 1836 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:48:39.0578 1836 audstub - ok
18:48:40.0281 1836 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:48:40.0515 1836 BCM43XX - ok
18:48:40.0937 1836 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:48:40.0937 1836 Beep - ok
18:48:41.0593 1836 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys
18:48:42.0093 1836 BHDrvx86 - ok
18:48:42.0578 1836 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:48:42.0593 1836 cbidf2k - ok
18:48:43.0046 1836 cd20xrnt - ok
18:48:43.0468 1836 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:48:43.0484 1836 Cdaudio - ok
18:48:43.0953 1836 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:48:43.0984 1836 Cdfs - ok
18:48:44.0421 1836 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:48:44.0453 1836 Cdrom - ok
18:48:44.0828 1836 Changer - ok
18:48:45.0328 1836 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:48:45.0328 1836 CmBatt - ok
18:48:45.0718 1836 CmdIde - ok
18:48:46.0125 1836 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:48:46.0140 1836 Compbatt - ok
18:48:46.0578 1836 Cpqarray - ok
18:48:47.0015 1836 dac2w2k - ok
18:48:47.0406 1836 dac960nt - ok
18:48:47.0890 1836 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:48:47.0906 1836 Disk - ok
18:48:48.0765 1836 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:48:49.0203 1836 dmboot - ok
18:48:49.0687 1836 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:48:49.0781 1836 dmio - ok
18:48:50.0171 1836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:48:50.0171 1836 dmload - ok
18:48:50.0640 1836 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:48:50.0671 1836 DMusic - ok
18:48:51.0093 1836 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
18:48:51.0125 1836 DNINDIS5 - ok
18:48:51.0562 1836 dpti2o - ok
18:48:51.0968 1836 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:48:51.0968 1836 drmkaud - ok
18:48:52.0359 1836 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:48:52.0578 1836 eeCtrl - ok
18:48:52.0671 1836 EraserUtilRebootDrv - ok
18:48:53.0281 1836 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:48:53.0359 1836 Fastfat - ok
18:48:53.0812 1836 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:48:53.0828 1836 Fdc - ok
18:48:54.0250 1836 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:48:54.0281 1836 Fips - ok
18:48:54.0718 1836 FixTDSS (77d6ffaa3010b66fb4692532d75a585f) C:\WINDOWS\system32\drivers\FixTDSS.sys
18:48:54.0734 1836 FixTDSS - ok
18:48:55.0140 1836 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:48:55.0156 1836 Flpydisk - ok
18:48:55.0640 1836 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:48:55.0718 1836 FltMgr - ok
18:48:56.0140 1836 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:48:56.0140 1836 Fs_Rec - ok
18:48:56.0593 1836 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:48:56.0656 1836 Ftdisk - ok
18:48:57.0109 1836 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:48:57.0109 1836 GEARAspiWDM - ok
18:48:57.0578 1836 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:48:57.0593 1836 Gpc - ok
18:48:58.0015 1836 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
18:48:58.0015 1836 grmnusb - ok
18:48:58.0531 1836 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:48:58.0546 1836 HDAudBus - ok
18:48:59.0000 1836 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:48:59.0015 1836 HidUsb - ok
18:48:59.0437 1836 hpn - ok
18:48:59.0906 1836 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:48:59.0937 1836 HPZid412 - ok
18:49:00.0375 1836 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:49:00.0375 1836 HPZipr12 - ok
18:49:00.0796 1836 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:49:00.0796 1836 HPZius12 - ok
18:49:01.0375 1836 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:49:01.0515 1836 HTTP - ok
18:49:01.0921 1836 i2omgmt - ok
18:49:02.0328 1836 i2omp - ok
18:49:02.0812 1836 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:49:02.0828 1836 i8042prt - ok
18:49:06.0296 1836 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:49:09.0328 1836 ialm - ok
18:49:09.0765 1836 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120113.002\IDSxpx86.sys
18:49:09.0968 1836 IDSxpx86 - ok
18:49:10.0468 1836 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:49:10.0484 1836 Imapi - ok
18:49:10.0906 1836 ini910u - ok
18:49:11.0312 1836 IntelIde - ok
18:49:11.0796 1836 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:49:11.0812 1836 intelppm - ok
18:49:12.0250 1836 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:49:12.0281 1836 Ip6Fw - ok
18:49:12.0703 1836 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:49:12.0734 1836 IpFilterDriver - ok
18:49:13.0156 1836 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:49:13.0171 1836 IpInIp - ok
18:49:13.0656 1836 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:49:13.0750 1836 IpNat - ok
18:49:14.0203 1836 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:49:14.0250 1836 IPSec - ok
18:49:14.0671 1836 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:49:14.0671 1836 IRENUM - ok
18:49:15.0125 1836 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:49:15.0140 1836 isapnp - ok
18:49:15.0578 1836 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:49:15.0593 1836 Kbdclass - ok
18:49:16.0109 1836 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:49:16.0203 1836 kmixer - ok
18:49:16.0656 1836 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:49:16.0718 1836 KSecDD - ok
18:49:16.0937 1836 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
18:49:16.0953 1836 Lavasoft Kernexplorer - ok
18:49:17.0390 1836 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
18:49:17.0437 1836 Lbd - ok
18:49:17.0828 1836 lbrtfdc - ok
18:49:18.0406 1836 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:49:18.0406 1836 mnmdd - ok
18:49:18.0859 1836 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:49:18.0875 1836 Modem - ok
18:49:19.0312 1836 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:49:19.0328 1836 Mouclass - ok
18:49:19.0734 1836 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:49:19.0750 1836 mouhid - ok
18:49:20.0171 1836 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:49:20.0203 1836 MountMgr - ok
18:49:20.0578 1836 mraid35x - ok
18:49:21.0093 1836 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:49:21.0187 1836 MRxDAV - ok
18:49:21.0843 1836 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:49:22.0093 1836 MRxSmb - ok
18:49:22.0546 1836 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:49:22.0562 1836 Msfs - ok
18:49:23.0031 1836 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:49:23.0031 1836 MSKSSRV - ok
18:49:23.0437 1836 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:49:23.0437 1836 MSPCLOCK - ok
18:49:23.0843 1836 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:49:23.0843 1836 MSPQM - ok
18:49:24.0281 1836 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:49:24.0281 1836 mssmbios - ok
18:49:24.0750 1836 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:49:24.0812 1836 Mup - ok
18:49:25.0125 1836 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120115.009\NAVENG.SYS
18:49:25.0187 1836 NAVENG - ok
18:49:26.0109 1836 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120115.009\NAVEX15.SYS
18:49:26.0953 1836 NAVEX15 - ok
18:49:27.0500 1836 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:49:27.0593 1836 NDIS - ok
18:49:28.0031 1836 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:49:28.0046 1836 NdisTapi - ok
18:49:28.0468 1836 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:49:28.0468 1836 Ndisuio - ok
18:49:28.0906 1836 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:49:28.0953 1836 NdisWan - ok
18:49:29.0390 1836 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:49:29.0421 1836 NDProxy - ok
18:49:29.0859 1836 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:49:29.0890 1836 NetBIOS - ok
18:49:30.0406 1836 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:49:30.0500 1836 NetBT - ok
18:49:31.0046 1836 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:49:31.0078 1836 NIC1394 - ok
18:49:31.0578 1836 NPDriver (57883a0c8ab1d93fce74d79b5fe8b4ff) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
18:49:31.0625 1836 NPDriver - ok
18:49:32.0046 1836 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:49:32.0078 1836 Npfs - ok
18:49:32.0796 1836 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:49:33.0125 1836 Ntfs - ok
18:49:33.0578 1836 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:49:33.0578 1836 Null - ok
18:49:34.0015 1836 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:49:34.0031 1836 NwlnkFlt - ok
18:49:34.0437 1836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:49:34.0468 1836 NwlnkFwd - ok
18:49:34.0921 1836 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:49:34.0953 1836 ohci1394 - ok
18:49:35.0343 1836 OMCI - ok
18:49:35.0859 1836 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:49:35.0906 1836 Parport - ok
18:49:36.0343 1836 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:49:36.0343 1836 PartMgr - ok
18:49:36.0765 1836 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:49:36.0765 1836 ParVdm - ok
18:49:37.0203 1836 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:49:37.0250 1836 PCI - ok
18:49:37.0625 1836 PCIDump - ok
18:49:38.0046 1836 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:49:38.0046 1836 PCIIde - ok
18:49:38.0546 1836 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:49:38.0609 1836 Pcmcia - ok
18:49:38.0984 1836 PDCOMP - ok
18:49:39.0390 1836 PDFRAME - ok
18:49:39.0781 1836 PDRELI - ok
18:49:40.0171 1836 PDRFRAME - ok
18:49:40.0578 1836 perc2 - ok
18:49:40.0968 1836 perc2hib - ok
18:49:41.0562 1836 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:49:41.0593 1836 PptpMiniport - ok
18:49:42.0031 1836 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:49:42.0062 1836 PSched - ok
18:49:42.0468 1836 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:49:42.0484 1836 Ptilink - ok
18:49:42.0921 1836 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:49:42.0953 1836 PxHelp20 - ok
18:49:43.0343 1836 ql1080 - ok
18:49:43.0734 1836 Ql10wnt - ok
18:49:44.0140 1836 ql12160 - ok
18:49:44.0546 1836 ql1240 - ok
18:49:44.0937 1836 ql1280 - ok
18:49:45.0375 1836 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:49:45.0390 1836 RasAcd - ok
18:49:45.0859 1836 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:49:45.0890 1836 Rasl2tp - ok
18:49:46.0328 1836 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:49:46.0359 1836 RasPppoe - ok
18:49:46.0750 1836 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:49:46.0765 1836 Raspti - ok
18:49:47.0250 1836 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:49:47.0343 1836 Rdbss - ok
18:49:47.0750 1836 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:49:47.0750 1836 RDPCDD - ok
18:49:48.0281 1836 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:49:48.0406 1836 rdpdr - ok
18:49:48.0921 1836 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:49:48.0984 1836 RDPWD - ok
18:49:49.0453 1836 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:49:49.0484 1836 redbook - ok
18:49:50.0031 1836 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
18:49:50.0078 1836 rspndr - ok
18:49:50.0562 1836 s24trans (9c40cb317400f2cf643b8706147dd06d) C:\WINDOWS\system32\DRIVERS\s24trans.sys
18:49:50.0562 1836 s24trans - ok
18:49:51.0093 1836 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:49:51.0140 1836 sdbus - ok
18:49:51.0640 1836 SDdriver (ac2e5fa94155bc0c4c7ab8f97e181f6f) C:\WINDOWS\system32\Drivers\sddriver.sys
18:49:51.0703 1836 SDdriver - ok
18:49:52.0140 1836 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:49:52.0156 1836 Secdrv - ok
18:49:52.0625 1836 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:49:52.0671 1836 Serial - ok
18:49:53.0125 1836 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
18:49:53.0140 1836 sffdisk - ok
18:49:53.0562 1836 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
18:49:53.0562 1836 sffp_sd - ok
18:49:54.0015 1836 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:49:54.0015 1836 Sfloppy - ok
18:49:54.0437 1836 Simbad - ok
18:49:54.0843 1836 Sparrow - ok
18:49:55.0265 1836 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:49:55.0500 1836 SPBBCDrv - ok
18:49:55.0937 1836 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:49:55.0953 1836 splitter - ok
18:49:56.0421 1836 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:49:56.0453 1836 sr - ok
18:49:57.0218 1836 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
18:49:57.0500 1836 SRTSP - ok
18:49:57.0953 1836 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
18:49:57.0984 1836 SRTSPX - ok
18:49:58.0609 1836 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:49:58.0796 1836 Srv - ok
18:49:59.0859 1836 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
18:50:00.0468 1836 STHDA - ok
18:50:00.0937 1836 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:50:00.0937 1836 swenum - ok
18:50:01.0406 1836 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:50:01.0437 1836 swmidi - ok
18:50:01.0859 1836 symc810 - ok
18:50:02.0265 1836 symc8xx - ok
18:50:02.0906 1836 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
18:50:03.0078 1836 SymDS - ok
18:50:03.0937 1836 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
18:50:04.0343 1836 SymEFA - ok
18:50:04.0843 1836 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:50:04.0906 1836 SymEvent - ok
18:50:05.0312 1836 SYMFW - ok
18:50:05.0718 1836 SYMIDS - ok
18:50:06.0250 1836 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
18:50:06.0328 1836 SymIRON - ok
18:50:06.0765 1836 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
18:50:06.0765 1836 symlcbrd - ok
18:50:07.0156 1836 SYMNDIS - ok
18:50:07.0843 1836 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
18:50:07.0843 1836 SYMTDI - ok
18:50:08.0218 1836 sym_hi - ok
18:50:08.0640 1836 sym_u3 - ok
18:50:09.0109 1836 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:50:09.0140 1836 sysaudio - ok
18:50:09.0796 1836 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:50:09.0984 1836 Tcpip - ok
18:50:10.0406 1836 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:50:10.0421 1836 TDPIPE - ok
18:50:10.0828 1836 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:50:10.0843 1836 TDTCP - ok
18:50:11.0296 1836 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:50:11.0312 1836 TermDD - ok
18:50:11.0750 1836 TosIde - ok
18:50:12.0250 1836 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:50:12.0296 1836 Udfs - ok
18:50:12.0671 1836 ultra - ok
18:50:13.0296 1836 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:50:13.0500 1836 Update - ok
18:50:13.0984 1836 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:50:14.0015 1836 USBAAPL - ok
18:50:14.0453 1836 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:50:14.0468 1836 usbccgp - ok
18:50:14.0890 1836 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:50:14.0921 1836 usbehci - ok
18:50:15.0359 1836 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:50:15.0390 1836 usbhub - ok
18:50:15.0812 1836 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:50:15.0828 1836 usbprint - ok
18:50:16.0250 1836 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:50:16.0250 1836 usbscan - ok
18:50:16.0671 1836 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:50:16.0703 1836 USBSTOR - ok
18:50:17.0125 1836 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:50:17.0140 1836 usbuhci - ok
18:50:17.0578 1836 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:50:17.0593 1836 VgaSave - ok
18:50:17.0968 1836 ViaIde - ok
18:50:18.0453 1836 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:50:18.0484 1836 VolSnap - ok
18:50:18.0984 1836 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:50:19.0015 1836 Wanarp - ok
18:50:19.0390 1836 WDICA - ok
18:50:19.0859 1836 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:50:19.0906 1836 wdmaud - ok
18:50:20.0500 1836 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:50:20.0500 1836 WmiAcpi - ok
18:50:21.0140 1836 WPN111 (f0003c3bb6229c7cc3742242ea61f68b) C:\WINDOWS\system32\DRIVERS\WPN111.sys
18:50:21.0296 1836 WPN111 - ok
18:50:21.0812 1836 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:50:21.0843 1836 WudfPf - ok
18:50:22.0296 1836 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:50:22.0343 1836 WudfRd - ok
18:50:22.0500 1836 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:50:22.0843 1836 \Device\Harddisk0\DR0 - ok
18:50:22.0875 1836 Boot (0x1200) (e4db6fce4da869454b8045903c4f6caf) \Device\Harddisk0\DR0\Partition0
18:50:22.0875 1836 \Device\Harddisk0\DR0\Partition0 - ok
18:50:22.0890 1836 ============================================================
18:50:22.0890 1836 Scan finished
18:50:22.0890 1836 ============================================================
18:50:22.0937 0316 Detected object count: 0
18:50:22.0937 0316 Actual detected object count: 0
18:52:08.0515 1132 Deinitialize success

2. Here is the report for the OTL scan:
OTL logfile created on: 1/29/2012 7:22:06 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dell\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 675.33 Mb Available Physical Memory | 66.58% Memory free
1.63 Gb Paging File | 1.42 Gb Available in Paging File | 87.02% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 35.16 Gb Free Space | 62.97% Space Free | Partition Type: NTFS

Computer Name: DELL-7C86FD2F5A | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: 76778378.sys - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/10/10 14:11:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007/10/10 14:11:26 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007/10/10 14:11:26 | 000,897,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/01/17 18:52:26 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\FixTDSS.sys
[2011/12/29 10:19:09 | 000,023,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AFD.SYS >
[2008/04/13 14:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 14:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008/04/13 14:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\system32\afd.sys
[2008/04/13 14:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\system32\dllcache\afd.sys
[2008/04/13 14:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\system32\drivers\afd.sys
[2011/02/16 08:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 10:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 05:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 04:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtUninstallKB956803_1$\afd.sys
[2004/08/03 17:14:16 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008/08/14 04:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/08/14 04:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008/10/16 09:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 08:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 06:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 06:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 06:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 08:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2010/04/18 05:48:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/04/18 05:48:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Dell\Application Data\FixTDSS\Archive\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/09/19 23:48:51 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\Documents and Settings\Dell\Application Data\FixTDSS\Archive\VolSnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/03 17:00:18 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/03 18:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WUAUSERV.DLL >
[2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
[2007/09/19 23:49:32 | 000,025,944 | ---- | M] (Microsoft Corporation) MD5=D29AD7484B98279ED21877DE051A180F -- C:\WINDOWS\system32\dllcache\wuauserv.dll
[2007/09/19 23:49:32 | 000,025,944 | ---- | M] (Microsoft Corporation) MD5=D29AD7484B98279ED21877DE051A180F -- C:\WINDOWS\system32\wuauserv.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB53614$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

Thanks for your help-
Richmo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users