Jump to content

unable to access internet, a screen blocks access

trejrmd

By trejrmd
in Resolved Malware Removal Logs

 Share

Recommended Posts

trejrmd

trejrmd

Posted
Posted

When on internet, surfing, a screen appeared alledging that illicit material was being accessed. The screen suggesting the FBI as the source and requesting payment of a fine to "unlock the computer". I have run the Malwarebytes program, although unable to update the program, not having internet access with the computer. Attached are files as suggested. Thank you for help.

attachddstext.txt

ddsscantext.txt

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello trejrmd and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

First, I want to make sure you understand what is going on. Please read this FBI post:

http://www.fbi.gov/portland/press-releases/2012/scam-warning-citadel-malware-delivers-reveton-ransomware-in-attempts-to-extort-money

Next:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites
trejrmd

trejrmd

Posted
  • Author
Posted

This is the file resulting from running the Farber Recovery Scan Tool. Are there any further instructions? Thank you.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) (x86) Version: 08-09-2012

Ran by Administrator at 09-09-2012 12:42:20

Running from I:\

Service Pack 3 (X86) OS Language: English(US)

Attention: Could not load system hive.

Error: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

============ One Month Created Files and Folders ==============

2012-09-09 12:42 - 2012-09-09 12:42 - 00000000 ____D C:\FRST

2012-09-06 15:51 - 2012-09-06 15:37 - 00607260 ____A (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com

2012-09-06 15:51 - 2012-09-06 15:36 - 00607260 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.scr

2012-09-04 18:57 - 2012-09-04 18:57 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2012-09-04 18:56 - 2012-09-04 18:56 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-04 18:56 - 2012-09-04 18:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-09-04 18:56 - 2012-09-04 18:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes

2012-09-04 18:56 - 2012-07-03 13:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-04 18:55 - 2012-09-04 18:55 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache

2012-09-04 18:54 - 2012-09-04 18:54 - 00000000 __SHD C:\Windows\CSC

2012-09-02 18:48 - 2012-09-05 19:48 - 04503728 ___AT C:\Documents and Settings\All Users\Application Data\nud0repor.pad

2012-08-29 14:09 - 2012-08-29 14:09 - 00000000 ____D C:\Documents and Settings\Elisa\Local Settings\Application Data\Help

2012-08-29 14:09 - 2012-08-29 14:09 - 00000000 ____D C:\Documents and Settings\Elisa\Application Data\Help

2012-08-15 03:17 - 2012-08-15 03:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2712808$

2012-08-15 03:16 - 2012-08-15 03:16 - 00000000 __HDC C:\Windows\$NtUninstallKB2731847$

2012-08-15 03:15 - 2012-08-15 03:16 - 00012357 ____A C:\Windows\KB2731847.log

2012-08-15 03:06 - 2012-08-15 03:06 - 00010958 ____A C:\Windows\KB2723135.log

2012-08-15 03:06 - 2012-08-15 03:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2723135$

2012-08-15 03:06 - 2012-08-15 03:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2705219$

2012-08-15 03:00 - 2012-08-15 03:04 - 00015400 ____A C:\Windows\KB2722913-IE8.log

2012-08-14 18:06 - 2012-08-15 03:17 - 00016634 ____A C:\Windows\KB2712808.log

2012-08-14 18:05 - 2012-08-15 03:06 - 00016217 ____A C:\Windows\KB2705219.log

2012-08-10 07:01 - 2012-08-10 07:01 - 08139162 ____A C:\Documents and Settings\Tom\Desktop\T R ELLENBERGER JR MD PC-081012.ptb

============ 3 Months Modified Files ========================

2012-09-09 12:34 - 2010-12-14 10:28 - 00000062 _ASHC C:\Documents and Settings\Administrator\Local Settings\desktop.ini

2012-09-09 12:34 - 2010-12-14 10:23 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini

2012-09-09 12:34 - 2008-04-14 03:00 - 00002206 ____A C:\Windows\System32\wpa.dbl

2012-09-09 12:29 - 2010-12-14 10:28 - 00032522 ____A C:\Windows\SchedLgU.Txt

2012-09-09 12:29 - 2010-12-14 10:28 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini

2012-09-09 12:29 - 2010-12-14 10:28 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-09-09 12:29 - 2010-12-14 10:16 - 01426422 ____A C:\Windows\WindowsUpdate.log

2012-09-09 12:27 - 2010-12-14 11:29 - 00000178 __ASH C:\Documents and Settings\Tom\ntuser.ini

2012-09-09 12:27 - 2010-12-14 04:47 - 00000216 ____A C:\Windows\wiadebug.log

2012-09-09 12:27 - 2010-12-14 04:47 - 00000048 ____A C:\Windows\wiaservc.log

2012-09-09 12:26 - 2003-02-18 10:28 - 00003131 ____A C:\Windows\PAW120.ini

2012-09-09 12:14 - 2011-03-05 16:18 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-09-09 09:14 - 2011-03-05 16:18 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-09-09 06:24 - 2012-07-03 21:30 - 00000366 ___AH C:\Windows\Tasks\avast! Emergency Update.job

2012-09-06 19:35 - 2010-12-14 11:29 - 00000062 __ASH C:\Documents and Settings\Tom\Local Settings\desktop.ini

2012-09-06 19:07 - 2010-12-14 10:28 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini

2012-09-06 15:37 - 2012-09-06 15:51 - 00607260 ____A (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com

2012-09-06 15:36 - 2012-09-06 15:51 - 00607260 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.scr

2012-09-05 19:48 - 2012-09-02 18:48 - 04503728 ___AT C:\Documents and Settings\All Users\Application Data\nud0repor.pad

2012-09-04 18:56 - 2012-09-04 18:56 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-30 15:14 - 2010-12-17 22:05 - 00008834 ____A C:\Documents and Settings\Tom\Application Data\wklnhst.dat

2012-08-29 22:44 - 2010-12-14 12:54 - 00001814 ____A C:\Documents and Settings\Elisa\Application Data\wklnhst.dat

2012-08-29 20:33 - 2010-12-14 11:41 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job

2012-08-29 14:07 - 2010-12-17 21:09 - 00000547 ____A C:\Windows\TWAIN.LOG

2012-08-29 14:07 - 2010-12-17 21:09 - 00000004 ____A C:\Windows\Twain001.Mtx

2012-08-24 11:00 - 2010-12-14 11:28 - 00000062 __ASH C:\Documents and Settings\Elisa\Local Settings\desktop.ini

2012-08-21 18:23 - 2010-12-14 10:18 - 00002626 ____A C:\Windows\System32\CONFIG.NT

2012-08-21 05:13 - 2011-04-07 20:38 - 00729752 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2012-08-21 05:13 - 2010-12-14 10:44 - 00355632 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2012-08-21 05:13 - 2010-12-14 10:44 - 00097608 ____A (AVAST Software) C:\Windows\System32\Drivers\aswmon2.sys

2012-08-21 05:13 - 2010-12-14 10:44 - 00089624 ____A (AVAST Software) C:\Windows\System32\Drivers\aswmon.sys

2012-08-21 05:13 - 2010-12-14 10:44 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys

2012-08-21 05:13 - 2010-12-14 10:44 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys

2012-08-21 05:13 - 2010-12-14 10:44 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2012-08-21 05:13 - 2010-12-14 10:43 - 00025256 ____A (AVAST Software) C:\Windows\System32\Drivers\aavmker4.sys

2012-08-21 05:12 - 2010-12-14 10:43 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2012-08-21 05:12 - 2010-12-14 10:43 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr

2012-08-15 03:35 - 2010-12-14 04:40 - 00414264 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-15 03:17 - 2012-08-14 18:06 - 00016634 ____A C:\Windows\KB2712808.log

2012-08-15 03:17 - 2010-12-14 04:45 - 01400399 ____A C:\Windows\iis6.log

2012-08-15 03:17 - 2010-12-14 04:45 - 01233033 ____A C:\Windows\FaxSetup.log

2012-08-15 03:17 - 2010-12-14 04:45 - 00613888 ____A C:\Windows\ocgen.log

2012-08-15 03:17 - 2010-12-14 04:45 - 00569534 ____A C:\Windows\tsoc.log

2012-08-15 03:17 - 2010-12-14 04:45 - 00414883 ____A C:\Windows\comsetup.log

2012-08-15 03:17 - 2010-12-14 04:45 - 00394538 ____A C:\Windows\msmqinst.log

2012-08-15 03:17 - 2010-12-14 04:45 - 00252610 ____A C:\Windows\ntdtcsetup.log

2012-08-15 03:17 - 2010-12-14 04:45 - 00215247 ____A C:\Windows\netfxocm.log

2012-08-15 03:17 - 2010-12-14 04:45 - 00085856 ____A C:\Windows\MedCtrOC.log

2012-08-15 03:17 - 2010-12-14 04:45 - 00068442 ____A C:\Windows\ocmsn.log

2012-08-15 03:17 - 2010-12-14 04:45 - 00062119 ____A C:\Windows\msgsocm.log

2012-08-15 03:17 - 2010-12-14 04:45 - 00061628 ____A C:\Windows\tabletoc.log

2012-08-15 03:17 - 2010-12-14 04:45 - 00001374 ____A C:\Windows\imsins.log

2012-08-15 03:16 - 2012-08-15 03:15 - 00012357 ____A C:\Windows\KB2731847.log

2012-08-15 03:16 - 2010-12-14 04:45 - 00001374 ____A C:\Windows\imsins.BAK

2012-08-15 03:07 - 2011-01-03 19:42 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-08-15 03:06 - 2012-08-15 03:06 - 00010958 ____A C:\Windows\KB2723135.log

2012-08-15 03:06 - 2012-08-14 18:05 - 00016217 ____A C:\Windows\KB2705219.log

2012-08-15 03:06 - 2010-12-14 10:50 - 00090469 ____A C:\Windows\updspapi.log

2012-08-15 03:04 - 2012-08-15 03:00 - 00015400 ____A C:\Windows\KB2722913-IE8.log

2012-08-10 07:01 - 2012-08-10 07:01 - 08139162 ____A C:\Documents and Settings\Tom\Desktop\T R ELLENBERGER JR MD PC-081012.ptb

2012-08-05 12:33 - 2010-12-15 20:52 - 01027624 ____A C:\ads_err.adt

2012-08-05 12:33 - 2010-12-15 20:52 - 00018944 ____A C:\ads_err.adi

2012-07-22 08:52 - 2010-12-14 11:28 - 00000178 ___SH C:\Documents and Settings\Elisa\ntuser.ini

2012-07-21 13:55 - 2012-07-21 13:55 - 00000232 ____A C:\Documents and Settings\Tom\sharedSession.properties

2012-07-21 13:55 - 2011-08-08 07:06 - 00062734 ____A C:\Windows\setupapi.log

2012-07-13 03:16 - 2012-07-12 16:53 - 00134872 ____A C:\Windows\KB2691442.log

2012-07-13 03:15 - 2012-07-13 03:14 - 00069550 ____A C:\Windows\KB2718523.log

2012-07-13 03:14 - 2012-07-12 16:53 - 00133864 ____A C:\Windows\KB2655992.log

2012-07-13 03:14 - 2012-07-12 16:52 - 00134450 ____A C:\Windows\KB2719985.log

2012-07-13 03:04 - 2012-07-13 03:02 - 00070229 ____A C:\Windows\KB2698365.log

2012-07-12 17:53 - 2010-12-17 23:42 - 00005261 ____A C:\additdiag.txt

2012-07-06 09:58 - 2008-04-14 03:00 - 00337920 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\netapi32.dll

2012-07-06 09:58 - 2008-04-14 03:00 - 00337920 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-07-06 09:58 - 2008-04-14 03:00 - 00078336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\browser.dll

2012-07-06 09:58 - 2008-04-14 03:00 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-07-04 10:05 - 2010-12-14 10:10 - 00139784 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\rdpwd.sys

2012-07-04 10:05 - 2010-12-14 10:10 - 00139784 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-07-03 13:46 - 2012-09-04 18:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-03 09:40 - 2008-04-14 03:00 - 01866112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys

2012-07-03 09:40 - 2008-04-14 03:00 - 01866112 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-02 23:19 - 2010-12-16 04:10 - 11111424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll

2012-07-02 23:19 - 2009-03-08 05:39 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-02 13:49 - 2012-06-13 15:40 - 00521728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\jsdbgui.dll

2012-07-02 13:49 - 2010-12-16 04:10 - 02000384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll

2012-07-02 13:49 - 2010-12-16 04:10 - 00743424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll

2012-07-02 13:49 - 2010-12-16 04:10 - 00629760 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll

2012-07-02 13:49 - 2010-12-16 04:10 - 00247808 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll

2012-07-02 13:49 - 2010-12-16 04:10 - 00055296 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll

2012-07-02 13:49 - 2010-12-16 04:10 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll

2012-07-02 13:49 - 2009-03-08 05:32 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-02 13:49 - 2009-03-08 05:32 - 00629760 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-07-02 13:49 - 2009-03-08 05:31 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 06008320 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 06008320 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 01469440 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl

2012-07-02 13:49 - 2008-04-14 03:00 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-02 13:49 - 2008-04-14 03:00 - 01212416 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00916992 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00611840 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00387584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00206848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00184320 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00105984 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00067072 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00043520 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00025600 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll

2012-07-02 13:49 - 2008-04-14 03:00 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-02 08:05 - 2008-04-14 03:00 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2012-07-02 08:05 - 2008-04-14 03:00 - 00174080 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe

2012-07-02 08:05 - 2008-04-14 03:00 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2012-06-14 08:57 - 2012-06-13 15:41 - 00018393 ____A C:\Windows\KB2707511.log

2012-06-14 08:51 - 2010-12-14 04:45 - 00551936 ____A C:\Windows\System32\PerfStringBackup.INI

2012-06-14 07:54 - 2012-06-14 07:49 - 00015440 ____A C:\Windows\KB2699988-IE8.log

2012-06-14 07:49 - 2012-06-14 07:44 - 00007099 ____A C:\Windows\KB2685939.log

2012-06-14 07:12 - 2012-06-13 15:39 - 00012165 ____A C:\Windows\KB2709162.log

2012-06-13 22:39 - 2012-06-13 22:39 - 00090112 ____A C:\Windows\Minidump\Mini061312-01.dmp

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points (XP) =====================

==================== Memory info ===========================

Percentage of memory in use: 15%

Total physical RAM: 766.48 MB

Available physical RAM: 647.14 MB

Total Pagefile: 1877.15 MB

Available Pagefile: 1832 MB

Total Virtual: 2047.88 MB

Available Virtual: 1997.09 MB

==================== Partitions ============================

2 Drive c: () (Fixed) (Total:27.91 GB) (Free:4.63 GB) NTFS ==>[Drive with boot components (Windows XP)]

5 Drive i: (PKBACK# 001) (Removable) (Total:3.73 GB) (Free:0.36 GB) FAT32

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 28 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 31 MB 32 KB

Partition 2 Primary 28 GB 31 MB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0

The disk management services could not complete the operation.

==================================================================================

==================== End Of Log =============================

Attached is file after running Farber Recovery Scan Tool. Thank you.

Link to post
Share on other sites
trejrmd

trejrmd

Posted
  • Author
Posted

My choices upon restarting the computer and using F8 key are: Windows Advanced Options Menu

Safe mode

Safe mode with networking

Safe mode with command prompt

Enable boot logging

Enable VGA mode

Last known Good configuration

Directory services mode

Disable automatic restart on system failure

Start Windows normally

Reboot

Return OS choices menu.

There is not a choice resembling "Repair your computer". So I chose Safe mode with command prompt. Beyond that I believe I followed the instructions as requested. Maniac, do you believe I accomplished what was intended? Thank you. Tom

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites
trejrmd

trejrmd

Posted
  • Author
Posted

As you advised, the 2 files are below. What is it that they indicate?

OTL logfile created on: 9/13/2012 4:31:16 PM - Run 1

OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.48 Mb Total Physical Memory | 629.15 Mb Available Physical Memory | 82.08% Memory free

1.83 Gb Paging File | 1.77 Gb Available in Paging File | 96.57% Paging File free

Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 27.91 Gb Total Space | 4.77 Gb Free Space | 17.08% Space Free | Partition Type: NTFS

Drive I: | 3.73 Gb Total Space | 3.44 Gb Free Space | 92.07% Space Free | Partition Type: FAT32

Computer Name: DR-C1B1BB294C9C | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/12 22:18:56 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2011/05/27 16:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)

SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)

DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/12/17 23:37:31 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)

DRV - [2010/12/06 05:33:00 | 000,606,056 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)

DRV - [2010/08/22 22:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)

DRV - [2010/04/16 17:22:04 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)

DRV - [2003/01/15 14:45:06 | 000,042,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2002/10/09 13:50:52 | 000,170,499 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2002/10/09 13:50:16 | 001,175,536 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2002/10/09 13:44:10 | 000,604,240 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1957994488-1897051121-1547161642-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)

O4 - HKLM..\Run: [instaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\Elisa\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1957994488-1897051121-1547161642-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O16 - DPF: {04B6290C-97B8-49A1-B0A3-1312254F7C54} https://careportal.conemaugh.org/portal/applets/SharedSession.dll (SharedSessionService Class)

O16 - DPF: {36600F07-8977-445A-96DF-A37BCF51FAFB} https://webpacs.conemaugh.org/Sapphire/download/Setup.cab (Reg Error: Key error.)

O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} https://portals.whsd.org/Reserved.ReportViewerWebControl.axd?ReportSession=ry11piywjzgztg45y4wwnl45&ControlID=d1125ed8e4ef470190e962f9b72901d4&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab (RSClientPrint 2008 Class)

O16 - DPF: {7EC816D4-6FC3-4C58-A7DA-A770EE461602} http://beta.healthofficeweb.com/WebConnect5.7/windows/ptdownloader.cab (PowerTerm Downloader Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {A08D2318-19E6-4332-A741-87FBBD3984CD} https://careportal.conemaugh.org/portal/mckesson/eig/viewer/mckapprun.cab (McKesson Application Launcher Control)

O16 - DPF: {AC52EC5D-B562-446E-B532-E2B1F1AA933B} https://webpacs.conemaugh.org/Sapphire/download/Setup.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {EB29B81A-7351-4890-8BCE-58127C3545F9} https://careportal.conemaugh.org/portal/applets/mckntauth.ocx (Mckntauth Control)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)

O16 - DPF: SapphireSetupChecker.cab https://webpacs.conemaugh.org/Sapphire/download/SapphireSetupChecker.cab (Reg Error: Key error.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/12/14 10:18:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/13 16:30:38 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2012/09/13 16:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp

[2012/09/13 16:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe

[2012/09/13 16:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe

[2012/09/09 12:42:17 | 000,000,000 | ---D | C] -- C:\FRST

[2012/09/06 15:51:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos

[2012/09/06 15:51:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools

[2012/09/06 15:51:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr

[2012/09/06 15:51:29 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.com

[2012/09/04 18:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2012/09/04 18:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/09/04 18:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/09/04 18:56:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/09/04 18:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/09/04 18:55:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache

[2012/09/04 18:54:25 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/13 16:29:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/09/13 16:29:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/09/13 16:25:01 | 000,003,131 | ---- | M] () -- C:\WINDOWS\PAW120.ini

[2012/09/13 16:14:18 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/09/13 09:14:02 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/09/13 06:24:00 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012/09/12 22:18:56 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2012/09/12 20:33:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/09/09 14:49:51 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2012/09/06 15:37:22 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.com

[2012/09/06 15:36:40 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr

[2012/09/05 19:48:46 | 004,503,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\nud0repor.pad

[2012/09/04 18:56:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/29 14:07:01 | 000,000,004 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx

[2012/08/21 18:23:03 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012/08/21 05:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012/08/15 03:35:29 | 000,414,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/08/15 03:16:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/04 18:56:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/02 18:48:14 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nud0repor.pad

[2012/04/05 22:27:08 | 001,058,111 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1957994488-1897051121-1547161642-1005-0.dat

[2012/03/31 17:06:19 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc

[2012/03/14 03:26:31 | 000,363,310 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1957994488-1897051121-1547161642-1004-0.dat

[2012/03/07 21:46:36 | 000,363,310 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2012/02/15 17:29:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/12/03 17:53:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI

[2011/08/16 20:36:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Medisoft.ini

[2011/08/16 20:30:50 | 000,000,064 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2011/02/28 21:16:54 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2011/02/28 21:16:54 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2011/02/28 21:16:54 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2011/02/28 21:16:54 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2011/02/28 21:16:54 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2011/02/28 21:16:54 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2011/02/28 21:16:54 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2011/02/28 21:16:54 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2011/02/28 21:16:54 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat

[2011/02/28 21:16:54 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2011/02/28 21:16:54 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2011/02/28 21:16:54 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2011/02/28 21:16:54 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2011/02/28 21:16:54 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2011/02/28 21:16:54 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat

[2011/02/28 21:16:54 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat

[2011/02/28 21:16:54 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2011/02/28 21:16:54 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2011/02/28 21:16:53 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2011/02/12 16:35:40 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2011/01/22 13:45:52 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010/12/20 20:12:28 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI

[2010/12/18 16:45:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI

[2010/12/17 22:00:27 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE

[2010/12/16 21:39:09 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll

[2010/12/15 20:32:24 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini

[2010/12/14 12:32:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/12/14 10:47:35 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/12/14 10:22:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/12/14 10:12:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/12/14 04:45:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/12/14 04:40:03 | 000,414,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/11/22 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\vmdcr.dll

[2010/11/07 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\jrdgl.dll

[2010/11/07 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\amcdr.dll

[2010/10/22 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\rkeyds.sys

[2010/10/22 01:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\emlks.dll

========== LOP Check ==========

[2011/11/26 20:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy

[2010/12/14 10:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/12/16 21:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2012/02/02 17:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2010/12/15 20:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eligibility

[2012/03/06 19:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin

[2010/12/17 23:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync

[2010/12/15 20:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Medisoft

[2011/01/10 21:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize

[2010/12/23 19:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate

[2011/01/11 15:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elisa\Application Data\Ericom

[2012/03/06 19:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elisa\Application Data\GARMIN

[2010/12/18 15:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elisa\Application Data\HotSync

[2012/02/03 09:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elisa\Application Data\ICAClient

[2011/01/11 15:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elisa\Application Data\Net2Printer RDP Client

[2010/12/14 12:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elisa\Application Data\OpenOffice.org

[2011/08/24 18:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elisa\Application Data\Template

[2012/03/13 21:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Garmin

[2010/12/17 23:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\HotSync

[2012/02/02 17:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ICAClient

[2010/12/17 23:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Leadertech

[2010/12/17 23:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\OpenOffice.org

[2011/02/28 21:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Panasonic

[2012/09/13 06:24:00 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 9/13/2012 4:31:16 PM - Run 1

OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.48 Mb Total Physical Memory | 629.15 Mb Available Physical Memory | 82.08% Memory free

1.83 Gb Paging File | 1.77 Gb Available in Paging File | 96.57% Paging File free

Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 27.91 Gb Total Space | 4.77 Gb Free Space | 17.08% Space Free | Partition Type: NTFS

Drive I: | 3.73 Gb Total Space | 3.44 Gb Free Space | 92.07% Space Free | Partition Type: FAT32

Computer Name: DR-C1B1BB294C9C | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

"C:\PowerTerm WebConnect 5.7\beta.healthofficeweb.com\PtRdp.exe" = C:\PowerTerm WebConnect 5.7\beta.healthofficeweb.com\PtRdp.exe:*:Enabled:PowerTerm WebConnect RemoteView -- ()

"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)

"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004

"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport

"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater

"{130109DD-4BD1-492A-922D-B7B500263F86}" = .NET Framework Machine Code Access Security Policy

"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java 6 Update 18

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23

"{27206D2F-0D25-4C0A-BDDA-5160CE8B60C4}" = Peachtree Accounting 2005

"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{3883E554-6927-42A9-8B76-90D8D4D7B4A2}" = Horizon MI View

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C391720-EAA2-012B-AE98-000000000000}" = TurboTax 2009 wpaiper

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes

"{4647B1E4-9907-4A58-963C-E785DF674C3E}" = TurboTax 2010 wpaiper

"{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS

"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper

"{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix online plug-in (USB)

"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2

"{6C528316-05A0-4594-A949-94B792EC396C}" = TurboTax 2011 wpaiper

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A3AE0EFB-C8C2-4AF5-9841-459DB1C138CF}" = Crystal Reports 10 Support Files

"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update

"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)

"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2DEA1ED-F9D0-401D-9714-6FA8E89EF9D7}" = Palm

"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD

"{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix online plug-in (HDX)

"{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix online plug-in (DV)

"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9

"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools

"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0

"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper

"{F445476A-42DE-11D4-80D0-00C04F2750A6}" = Epocrates Essentials

"{FA8D0E23-BE28-4011-85D9-850DB7B0737A}" = Medicare Remit EasyPrint

"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Amazing Calendar Maker" = Amazing Calendar Maker

"avast" = avast! Free Antivirus

"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor

"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2

"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web

"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V92 56K DF PCI Modem

"ie8" = Windows Internet Explorer 8

"InstallShield_{27206D2F-0D25-4C0A-BDDA-5160CE8B60C4}" = Peachtree Accounting 2005

"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite

"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Medisoft Advanced Patient Accounting 12" = Medisoft Advanced Patient Accounting 12

"Medisoft Advanced Patient Accounting 12 SP2" = Medisoft Advanced Patient Accounting 12 SP2

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Modem User Guide" = Modem User Guide

"PictureIt_v9" = Microsoft Picture It! Photo Premium 9

"Shockwave" = Shockwave

"Tax Forms Helper 2010_is1" = Tax Forms Helper 2010 9.5

"Tax Forms Helper 2011_is1" = Tax Forms Helper 2011 10.0

"TurboTax 2010" = TurboTax 2010

"TurboTax 2011" = TurboTax 2011

"Works2004Setup" = Microsoft Works 2004 Setup Launcher

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/21/2012 3:35:57 PM | Computer Name = DR-C1B1BB294C9C | Source = Application Hang | ID = 1002

Description = Hanging application MAPA.EXE, version 12.2.2.2, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 7/5/2012 4:50:31 PM | Computer Name = DR-C1B1BB294C9C | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module flash11e.ocx, version 11.1.102.55, fault address 0x001b10d5.

Error - 7/12/2012 4:42:35 PM | Computer Name = DR-C1B1BB294C9C | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/19/2012 5:41:44 PM | Computer Name = DR-C1B1BB294C9C | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2012 12:04:33 PM | Computer Name = DR-C1B1BB294C9C | Source = Application Error | ID = 1000

Description = Faulting application amazcal.exe, version 1.0.0.1, faulting module

unknown, version 0.0.0.0, fault address 0x00000000.

Error - 9/2/2012 5:15:43 PM | Computer Name = DR-C1B1BB294C9C | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/2/2012 5:15:48 PM | Computer Name = DR-C1B1BB294C9C | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module , version 0.0.0.0, fault address 0x00000000.

Error - 9/3/2012 11:59:49 AM | Computer Name = DR-C1B1BB294C9C | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/3/2012 11:59:49 AM | Computer Name = DR-C1B1BB294C9C | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/9/2012 2:58:16 PM | Computer Name = DR-C1B1BB294C9C | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 9/12/2012 9:01:58 AM | Computer Name = DR-C1B1BB294C9C | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

Error - 9/12/2012 8:33:03 PM | Computer Name = DR-C1B1BB294C9C | Source = SideBySide | ID = 16842813

Description = Syntax error in manifest or policy file "C:\Program Files\Apple Software

Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2. The required attribute

version is missing from element assemblyIdentity.

Error - 9/12/2012 8:33:03 PM | Computer Name = DR-C1B1BB294C9C | Source = SideBySide | ID = 16842810

Description = Syntax error in manifest or policy file "C:\Program Files\Apple Software

Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2.

Error - 9/12/2012 8:33:03 PM | Computer Name = DR-C1B1BB294C9C | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for C:\Program Files\Apple Software

Update\Plugins\EXEInstallPlugin.dll.Manifest. Reference error message: The operation

completed successfully. .

Error - 9/12/2012 8:33:03 PM | Computer Name = DR-C1B1BB294C9C | Source = SideBySide | ID = 16842813

Description = Syntax error in manifest or policy file "C:\Program Files\Apple Software

Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2. The required attribute

version is missing from element assemblyIdentity.

Error - 9/12/2012 8:33:03 PM | Computer Name = DR-C1B1BB294C9C | Source = SideBySide | ID = 16842810

Description = Syntax error in manifest or policy file "C:\Program Files\Apple Software

Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2.

Error - 9/12/2012 8:33:03 PM | Computer Name = DR-C1B1BB294C9C | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for C:\Program Files\Apple Software

Update\Plugins\MSIInstallPlugin.dll.Manifest. Reference error message: The operation

completed successfully. .

Error - 9/13/2012 4:13:25 PM | Computer Name = DR-C1B1BB294C9C | Source = DCOM | ID = 10010

Description = The server {0002DF01-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 9/13/2012 4:29:49 PM | Computer Name = DR-C1B1BB294C9C | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/13/2012 4:30:25 PM | Computer Name = DR-C1B1BB294C9C | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Aavmker4 aswSnx aswSP aswTdi ctxusbm Fips intelppm OMCI

< End of report >

Link to post
Share on other sites
  • 2 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.