Jump to content

Recommended Posts

I had a previous thread that was closed because I was away for a little while. I apologize for that.

Basically, when I boot my Windows xp PC, I hear all the normal sounds and see all the normal boot screens, however once it gets to the desktop all I can see is my background image and mouse cursor. There are no icons, no taskbar and CTRL-ALT-DEL does nothing. When I right click the mouse, the normal options are there, but I can't do anything with them. For example, when I click "Properties" the box simply closes. Sometimes when I boot I can't even get the right click menu to appear.

I was able to boot the machine in Safe Mode and everything is there. However Malwarebytes won't run. I tried to download Malwarebytes again and it seems to have updated but nothing happens when I double click or right-click Open.

I was able to complete the Defogger step.

I was able to RUN (not save and run) DDS but it seemingly froze and never displayed any logs even after being open a few hours.

I was able to complete the GMER step and that is the only log I have to attach.

Please help, you guys are amazing!

~Kim

641 - http://www.gmer.net

Rootkit scan 2011-08-30 13:18:28

Windows 5.1.2600 Service Pack 2

Running: ho9bi5w2.exe; Driver: I:\DOCUME~1\Owner\LOCALS~1\Temp\kfpcyfog.sys

---- User code sections - GMER 1.0.15 ----

.text I:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 7E38C510 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text I:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 7E38C491 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text I:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 7E38C4D5 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text I:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 7E38C3D9 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text I:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 7E38C413 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text I:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 7E38C54B I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text I:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 7E38C44D I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk1\DR2 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

Link to post
Share on other sites

2011/09/06 18:41:18.0203 0688 TDSS rootkit removing tool 2.5.19.0 Sep 6 2011 19:23:56

2011/09/06 18:41:20.0203 0688 ================================================================================

2011/09/06 18:41:20.0203 0688 SystemInfo:

2011/09/06 18:41:20.0203 0688

2011/09/06 18:41:20.0203 0688 OS Version: 5.1.2600 ServicePack: 2.0

2011/09/06 18:41:20.0203 0688 Product type: Workstation

2011/09/06 18:41:20.0203 0688 ComputerName: KENNY-577585BD9

2011/09/06 18:41:20.0203 0688 UserName: Owner

2011/09/06 18:41:20.0203 0688 Windows directory: I:\WINDOWS

2011/09/06 18:41:20.0203 0688 System windows directory: I:\WINDOWS

2011/09/06 18:41:20.0203 0688 Processor architecture: Intel x86

2011/09/06 18:41:20.0203 0688 Number of processors: 2

2011/09/06 18:41:20.0203 0688 Page size: 0x1000

2011/09/06 18:41:20.0203 0688 Boot type: Safe boot with network

2011/09/06 18:41:20.0203 0688 ================================================================================

2011/09/06 18:41:21.0218 0688 Initialize success

2011/09/06 18:42:06.0234 1692 ================================================================================

2011/09/06 18:42:06.0234 1692 Scan started

2011/09/06 18:42:06.0234 1692 Mode: Manual;

2011/09/06 18:42:06.0234 1692 ================================================================================

2011/09/06 18:42:07.0343 1692 ACPI (a10c7534f7223f4a73a948967d00e69b) I:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/09/06 18:42:07.0406 1692 ACPIEC (9859c0f6936e723e4892d7141b1327d5) I:\WINDOWS\system32\drivers\ACPIEC.sys

2011/09/06 18:42:07.0546 1692 aec (1ee7b434ba961ef845de136224c30fec) I:\WINDOWS\system32\drivers\aec.sys

2011/09/06 18:42:07.0609 1692 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) I:\WINDOWS\System32\drivers\afd.sys

2011/09/06 18:42:08.0093 1692 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) I:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/09/06 18:42:08.0375 1692 ASCTRM (d880831279ed91f9a4190a2db9539ea9) I:\WINDOWS\system32\drivers\ASCTRM.sys

2011/09/06 18:42:08.0500 1692 ASPI32 (5b01af89d16d562825c4db4530f20cbb) I:\WINDOWS\system32\drivers\ASPI32.sys

2011/09/06 18:42:08.0578 1692 AsyncMac (02000abf34af4c218c35d257024807d6) I:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/09/06 18:42:08.0640 1692 atapi (cdfe4411a69c224bd1d11b2da92dac51) I:\WINDOWS\system32\DRIVERS\atapi.sys

2011/09/06 18:42:08.0812 1692 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) I:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/09/06 18:42:08.0890 1692 audstub (d9f724aa26c010a217c97606b160ed68) I:\WINDOWS\system32\DRIVERS\audstub.sys

2011/09/06 18:42:08.0984 1692 Beep (da1f27d85e0d1525f6621372e7b685e9) I:\WINDOWS\system32\drivers\Beep.sys

2011/09/06 18:42:09.0234 1692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) I:\WINDOWS\system32\drivers\cbidf2k.sys

2011/09/06 18:42:09.0296 1692 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) I:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/09/06 18:42:09.0421 1692 Cdaudio (c1b486a7658353d33a10cc15211a873b) I:\WINDOWS\system32\drivers\Cdaudio.sys

2011/09/06 18:42:09.0484 1692 Cdfs (cd7d5152df32b47f4e36f710b35aae02) I:\WINDOWS\system32\drivers\Cdfs.sys

2011/09/06 18:42:09.0562 1692 Cdrom (af9c19b3100fe010496b1a27181fbf72) I:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/09/06 18:42:10.0140 1692 Disk (00ca44e4534865f8a3b64f7c0984bff0) I:\WINDOWS\system32\DRIVERS\disk.sys

2011/09/06 18:42:10.0265 1692 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) I:\WINDOWS\system32\drivers\dmboot.sys

2011/09/06 18:42:10.0343 1692 dmio (f5e7b358a732d09f4bcf2824b88b9e28) I:\WINDOWS\system32\drivers\dmio.sys

2011/09/06 18:42:10.0406 1692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) I:\WINDOWS\system32\drivers\dmload.sys

2011/09/06 18:42:10.0515 1692 DMusic (a6f881284ac1150e37d9ae47ff601267) I:\WINDOWS\system32\drivers\DMusic.sys

2011/09/06 18:42:10.0640 1692 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) I:\WINDOWS\system32\drivers\drmkaud.sys

2011/09/06 18:42:10.0703 1692 E1000 (1dc189cd47ad4c8ca214b234b84ca228) I:\WINDOWS\system32\DRIVERS\e1000325.sys

2011/09/06 18:42:10.0890 1692 Fastfat (3117f595e9615e04f05a54fc15a03b20) I:\WINDOWS\system32\drivers\Fastfat.sys

2011/09/06 18:42:10.0968 1692 Fdc (ced2e8396a8838e59d8fd529c680e02c) I:\WINDOWS\system32\DRIVERS\fdc.sys

2011/09/06 18:42:11.0031 1692 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) I:\WINDOWS\system32\drivers\Fips.sys

2011/09/06 18:42:11.0109 1692 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) I:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/09/06 18:42:11.0171 1692 FltMgr (157754f0df355a9e0a6f54721914f9c6) I:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/09/06 18:42:11.0234 1692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) I:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/09/06 18:42:11.0296 1692 Ftdisk (6ac26732762483366c3969c9e4d2259d) I:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/09/06 18:42:11.0390 1692 GEARAspiWDM (f2f431d1573ee632975c524418655b84) I:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/09/06 18:42:11.0453 1692 Gpc (c0f1d4a21de5a415df8170616703debf) I:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/09/06 18:42:11.0531 1692 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) I:\WINDOWS\system32\drivers\HdAudio.sys

2011/09/06 18:42:11.0593 1692 HDAudBus (4f11912e3b579013be7b1628791ebbcd) I:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/09/06 18:42:11.0687 1692 HidIr (cc6b00739ed83a64cd817dc93d26a667) I:\WINDOWS\system32\DRIVERS\hidir.sys

2011/09/06 18:42:11.0781 1692 HidUsb (1de6783b918f540149aa69943bdfeba8) I:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/09/06 18:42:11.0906 1692 HSFHWAZL (dfadd76b2efdf49b81e5ebfa691d5131) I:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/09/06 18:42:12.0000 1692 HSF_DP (a5997c70a8df5f4e5c60fff7429823e9) I:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/09/06 18:42:12.0109 1692 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) I:\WINDOWS\system32\Drivers\HTTP.sys

2011/09/06 18:42:12.0312 1692 i8042prt (5502b58eef7486ee6f93f3f164dcb808) I:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/09/06 18:42:12.0375 1692 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) I:\WINDOWS\system32\DRIVERS\imapi.sys

2011/09/06 18:42:12.0578 1692 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) I:\WINDOWS\system32\DRIVERS\intelide.sys

2011/09/06 18:42:12.0656 1692 intelppm (279fb78702454dff2bb445f238c048d2) I:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/09/06 18:42:12.0703 1692 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) I:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/09/06 18:42:12.0781 1692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) I:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/09/06 18:42:12.0859 1692 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) I:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/09/06 18:42:12.0968 1692 IpNat (e2168cbc7098ffe963c6f23f472a3593) I:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/09/06 18:42:13.0062 1692 IPSec (64537aa5c003a6afeee1df819062d0d1) I:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/09/06 18:42:13.0125 1692 IrBus (7381237118fdc710e7ff698baa5a2e67) I:\WINDOWS\system32\DRIVERS\IrBus.sys

2011/09/06 18:42:13.0187 1692 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) I:\WINDOWS\system32\DRIVERS\irenum.sys

2011/09/06 18:42:13.0281 1692 isapnp (e504f706ccb699c2596e9a3da1596e87) I:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/09/06 18:42:13.0359 1692 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) I:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/09/06 18:42:13.0437 1692 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) I:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/09/06 18:42:13.0500 1692 kmixer (d93cad07c5683db066b0b2d2d3790ead) I:\WINDOWS\system32\drivers\kmixer.sys

2011/09/06 18:42:13.0562 1692 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) I:\WINDOWS\system32\drivers\KSecDD.sys

2011/09/06 18:42:13.0812 1692 MASPINT (a2ae666cee860babe7fa6f1662b71737) I:\WINDOWS\system32\drivers\MASPINT.sys

2011/09/06 18:42:13.0875 1692 mdmxsdk (3c318b9cd391371bed62126581ee9961) I:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/09/06 18:42:13.0984 1692 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) I:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/09/06 18:42:14.0046 1692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) I:\WINDOWS\system32\drivers\mnmdd.sys

2011/09/06 18:42:14.0125 1692 Modem (6fc6f9d7acc36dca9b914565a3aeda05) I:\WINDOWS\system32\drivers\Modem.sys

2011/09/06 18:42:14.0203 1692 Mouclass (34e1f0031153e491910e12551400192c) I:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/09/06 18:42:14.0265 1692 mouhid (b1c303e17fb9d46e87a98e4ba6769685) I:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/09/06 18:42:14.0328 1692 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) I:\WINDOWS\system32\drivers\MountMgr.sys

2011/09/06 18:42:14.0468 1692 MRxDAV (46edcc8f2db2f322c24f48785cb46366) I:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/09/06 18:42:14.0562 1692 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) I:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/09/06 18:42:14.0640 1692 Msfs (561b3a4333ca2dbdba28b5b956822519) I:\WINDOWS\system32\drivers\Msfs.sys

2011/09/06 18:42:14.0718 1692 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) I:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/09/06 18:42:14.0796 1692 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) I:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/09/06 18:42:14.0859 1692 MSPQM (1988a33ff19242576c3d0ef9ce785da7) I:\WINDOWS\system32\drivers\MSPQM.sys

2011/09/06 18:42:14.0921 1692 mssmbios (469541f8bfd2b32659d5d463a6714bce) I:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/09/06 18:42:15.0046 1692 MSTEE (bf13612142995096ab084f2db7f40f77) I:\WINDOWS\system32\drivers\MSTEE.sys

2011/09/06 18:42:15.0109 1692 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) I:\WINDOWS\system32\drivers\Mup.sys

2011/09/06 18:42:15.0187 1692 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) I:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/09/06 18:42:15.0250 1692 NDIS (558635d3af1c7546d26067d5d9b6959e) I:\WINDOWS\system32\drivers\NDIS.sys

2011/09/06 18:42:15.0312 1692 NdisIP (520ce427a8b298f54112857bcf6bde15) I:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/09/06 18:42:15.0390 1692 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) I:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/09/06 18:42:15.0453 1692 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) I:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/09/06 18:42:15.0515 1692 NdisWan (0b90e255a9490166ab368cd55a529893) I:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/09/06 18:42:15.0578 1692 NDProxy (59fc3fb44d2669bc144fd87826bb571f) I:\WINDOWS\system32\drivers\NDProxy.sys

2011/09/06 18:42:15.0656 1692 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) I:\WINDOWS\system32\DRIVERS\netbios.sys

2011/09/06 18:42:15.0718 1692 NetBT (0c80e410cd2f47134407ee7dd19cc86b) I:\WINDOWS\system32\DRIVERS\netbt.sys

2011/09/06 18:42:15.0875 1692 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) I:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/09/06 18:42:15.0953 1692 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) I:\WINDOWS\system32\drivers\Npfs.sys

2011/09/06 18:42:16.0046 1692 Ntfs (b78be402c3f63dd55521f73876951cdd) I:\WINDOWS\system32\drivers\Ntfs.sys

2011/09/06 18:42:16.0156 1692 Null (73c1e1f395918bc2c6dd67af7591a3ad) I:\WINDOWS\system32\drivers\Null.sys

2011/09/06 18:42:16.0546 1692 nv (ed9816dbaf6689542ea7d022631906a1) I:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/09/06 18:42:16.0890 1692 NVHDA (049aa7021e5406e77f3535be66635b74) I:\WINDOWS\system32\drivers\nvhda32.sys

2011/09/06 18:42:16.0968 1692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) I:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/09/06 18:42:17.0031 1692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) I:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/09/06 18:42:17.0093 1692 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) I:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/09/06 18:42:17.0187 1692 Parport (29744eb4ce659dfe3b4122deb45bc478) I:\WINDOWS\system32\DRIVERS\parport.sys

2011/09/06 18:42:17.0250 1692 PartMgr (3334430c29dc338092f79c38ef7b4cd0) I:\WINDOWS\system32\drivers\PartMgr.sys

2011/09/06 18:42:17.0312 1692 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) I:\WINDOWS\system32\drivers\ParVdm.sys

2011/09/06 18:42:17.0359 1692 PCI (8086d9979234b603ad5bc2f5d890b234) I:\WINDOWS\system32\DRIVERS\pci.sys

2011/09/06 18:42:17.0500 1692 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) I:\WINDOWS\system32\DRIVERS\pciide.sys

2011/09/06 18:42:17.0578 1692 Pcmcia (82a087207decec8456fbe8537947d579) I:\WINDOWS\system32\drivers\Pcmcia.sys

2011/09/06 18:42:18.0140 1692 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) I:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/09/06 18:42:18.0234 1692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) I:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/09/06 18:42:18.0296 1692 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) I:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/09/06 18:42:18.0734 1692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) I:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/09/06 18:42:18.0843 1692 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) I:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/09/06 18:42:18.0906 1692 RasPppoe (7306eeed8895454cbed4669be9f79faa) I:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/09/06 18:42:18.0984 1692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) I:\WINDOWS\system32\DRIVERS\raspti.sys

2011/09/06 18:42:19.0046 1692 Rdbss (809ca45caa9072b3176ad44579d7f688) I:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/09/06 18:42:19.0109 1692 RDPCDD (4912d5b403614ce99c28420f75353332) I:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/09/06 18:42:19.0218 1692 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) I:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/09/06 18:42:19.0312 1692 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) I:\WINDOWS\system32\drivers\RDPWD.sys

2011/09/06 18:42:19.0375 1692 redbook (b31b4588e4086d8d84adbf9845c2402b) I:\WINDOWS\system32\DRIVERS\redbook.sys

2011/09/06 18:42:19.0640 1692 Secdrv (d26e26ea516450af9d072635c60387f4) I:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/09/06 18:42:19.0718 1692 Serial (cd9404d115a00d249f70a371b46d5a26) I:\WINDOWS\system32\drivers\Serial.sys

2011/09/06 18:42:19.0812 1692 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) I:\WINDOWS\system32\drivers\Sfloppy.sys

2011/09/06 18:42:19.0968 1692 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) I:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/09/06 18:42:20.0062 1692 smrt (27d6be8e961ab9df26ec5ce823b68b7f) I:\WINDOWS\system32\DRIVERS\smrt.sys

2011/09/06 18:42:20.0187 1692 sonypvd2 (4101a5a53d93a7c6d059e630992b9149) I:\WINDOWS\system32\DRIVERS\sonypvd2.sys

2011/09/06 18:42:20.0281 1692 sonypvf2 (810caa0bf9325cd10c87127aed3f9ff2) I:\WINDOWS\system32\drivers\sonypvf2.sys

2011/09/06 18:42:20.0359 1692 sonypvl2 (4efce4ce7813b8c4d7c526ad3b821fe9) I:\WINDOWS\system32\drivers\sonypvl2.sys

2011/09/06 18:42:20.0437 1692 sonypvt2 (04be0be6b50bac71de235c0cb766268c) I:\WINDOWS\system32\drivers\sonypvt2.sys

2011/09/06 18:42:20.0578 1692 splitter (8e186b8f23295d1e42c573b82b80d548) I:\WINDOWS\system32\drivers\splitter.sys

2011/09/06 18:42:20.0687 1692 sr (e41b6d037d6cd08461470af04500dc24) I:\WINDOWS\system32\DRIVERS\sr.sys

2011/09/06 18:42:20.0781 1692 Srv (553007ecce7f6565bbe645beb66d3b69) I:\WINDOWS\system32\DRIVERS\srv.sys

2011/09/06 18:42:20.0890 1692 streamip (284c57df5dc7abca656bc2b96a667afb) I:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/09/06 18:42:20.0953 1692 swenum (03c1bae4766e2450219d20b993d6e046) I:\WINDOWS\system32\DRIVERS\swenum.sys

2011/09/06 18:42:21.0031 1692 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) I:\WINDOWS\system32\drivers\swmidi.sys

2011/09/06 18:42:21.0375 1692 sysaudio (650ad082d46bac0e64c9c0e0928492fd) I:\WINDOWS\system32\drivers\sysaudio.sys

2011/09/06 18:42:21.0500 1692 Tcpip (583e063fdc888ca30d05c2724b0d7ef4) I:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/09/06 18:42:21.0562 1692 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) I:\WINDOWS\system32\drivers\TDPIPE.sys

2011/09/06 18:42:21.0609 1692 TDTCP (ed0580af02502d00ad8c4c066b156be9) I:\WINDOWS\system32\drivers\TDTCP.sys

2011/09/06 18:42:21.0671 1692 TermDD (a540a99c281d933f3d69d55e48727f47) I:\WINDOWS\system32\DRIVERS\termdd.sys

2011/09/06 18:42:21.0906 1692 Udfs (12f70256f140cd7d52c58c7048fde657) I:\WINDOWS\system32\drivers\Udfs.sys

2011/09/06 18:42:22.0078 1692 Update (aff2e5045961bbc0a602bb6f95eb1345) I:\WINDOWS\system32\DRIVERS\update.sys

2011/09/06 18:42:22.0203 1692 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) I:\WINDOWS\system32\Drivers\usbaapl.sys

2011/09/06 18:42:22.0281 1692 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) I:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/09/06 18:42:22.0343 1692 usbehci (15e993ba2f6946b2bfbbfcd30398621e) I:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/09/06 18:42:22.0421 1692 usbhub (c72f40947f92cea56a8fb532edf025f1) I:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/09/06 18:42:22.0484 1692 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) I:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/09/06 18:42:22.0546 1692 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) I:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/09/06 18:42:22.0609 1692 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/09/06 18:42:22.0671 1692 usbuhci (f8fd1400092e23c8f2f31406ef06167b) I:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/09/06 18:42:22.0750 1692 VgaSave (8a60edd72b4ea5aea8202daf0e427925) I:\WINDOWS\System32\drivers\vga.sys

2011/09/06 18:42:22.0890 1692 VolSnap (ee4660083deba849ff6c485d944b379b) I:\WINDOWS\system32\drivers\VolSnap.sys

2011/09/06 18:42:23.0031 1692 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) I:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/09/06 18:42:23.0109 1692 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) I:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/09/06 18:42:23.0250 1692 wdmaud (2797f33ebf50466020c430ee4f037933) I:\WINDOWS\system32\drivers\wdmaud.sys

2011/09/06 18:42:23.0343 1692 winachsf (cdc87dc4d727a1c0c7cfaf82e58b0e7c) I:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/09/06 18:42:23.0656 1692 WSTCODEC (d5842484f05e12121c511aa93f6439ec) I:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/09/06 18:42:23.0859 1692 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/09/06 18:42:24.0031 1692 Boot (0x1200) (ea056d6c64c2bb57784622f0eedb9feb) \Device\Harddisk0\DR0\Partition0

2011/09/06 18:42:24.0062 1692 ================================================================================

2011/09/06 18:42:24.0062 1692 Scan finished

2011/09/06 18:42:24.0062 1692 ================================================================================

2011/09/06 18:42:24.0125 0640 Detected object count: 0

2011/09/06 18:42:24.0125 0640 Actual detected object count: 0

Link to post
Share on other sites

  • Staff

Try this instead:

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

OTL logfile created on: 9/12/2011 5:32:07 PM - Run 1

OTL by OldTimer - Version 3.2.28.0 Folder = I:\Documents and Settings\Owner\Desktop

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 828.55 Mb Available Physical Memory | 80.96% Memory free

2.40 Gb Paging File | 2.34 Gb Available in Paging File | 97.25% Paging File free

Paging file location(s): I:\pagefile.sys 1536 4096 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files

Drive I: | 232.88 Gb Total Space | 70.73 Gb Free Space | 30.37% Space Free | Partition Type: NTFS

Computer Name: KENNY-577585BD9 | User Name: Owner | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/12 17:27:36 | 000,581,632 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Owner\Desktop\OTL.exe

PRC - [2004/08/10 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe

PRC - [2004/08/10 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\userinit.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)

SRV - [2009/01/09 17:13:28 | 001,951,376 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Stopped] -- I:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)

SRV - [2007/11/07 23:48:20 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- I:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2006/11/09 15:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- I:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- I:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)

SRV - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- I:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- I:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)

SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- I:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)

========== Driver Services (SafeList) ==========

DRV - [2010/06/21 18:07:39 | 000,091,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2006/05/13 08:03:24 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- I:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)

DRV - [2004/08/10 03:47:50 | 000,046,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\IrBus.sys -- (IrBus)

DRV - [2004/08/05 22:20:34 | 000,788,736 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\smrt.sys -- (smrt)

DRV - [2004/04/13 15:57:00 | 000,160,640 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2004/04/13 15:56:00 | 000,682,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2004/04/13 15:54:00 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2004/04/08 11:04:56 | 000,635,017 | ---- | M] (Sony Corporation) [File_System | System | Running] -- I:\WINDOWS\System32\drivers\sonypvf2.sys -- (sonypvf2)

DRV - [2004/03/17 15:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)

DRV - [2003/08/20 10:44:26 | 000,431,236 | ---- | M] (Sony Corporation) [File_System | System | Running] -- I:\WINDOWS\System32\drivers\sonypvt2.sys -- (sonypvt2)

DRV - [2003/07/25 15:02:40 | 000,019,478 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- I:\WINDOWS\System32\drivers\sonypvl2.sys -- (sonypvl2)

DRV - [2003/06/24 10:29:34 | 000,064,093 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- I:\WINDOWS\system32\drivers\sonypvd2.sys -- (sonypvd2)

DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- I:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32)

DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Stopped] -- I:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com/?src=customie7'>http://www.aol.com/?src=customie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://my.aol.com/?ncid=aolmas00050000000002 [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://my.aol.com/?ncid=aolmas00050000000002 [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=customie7'>http://www.aol.com/?src=customie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = AOL search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55α=%s&S=1

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

O1 HOSTS File: ([2010/02/27 11:26:50 | 000,000,027 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Photo Downloader] I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AOLDialer] I:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)

O4 - HKLM..\Run: [ATICCC] "I:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay File not found

O4 - HKLM..\Run: [Carbonite Backup] I:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)

O4 - HKLM..\Run: [EPSON Stylus Photo RX620 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] I:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [HostManager] I:\Program Files\Common Files\AOL\1149769522\ee\aolsoftware.exe (AOL LLC)

O4 - HKLM..\Run: [NapsterShell] I:\Program Files\Napster\napster.exe (Napster)

O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [Pure Networks Port Magic] I:\Program Files\Pure Networks\Port Magic\PortAOL.exe (Pure Networks, Inc.)

O4 - HKLM..\Run: [WinampAgent] I:\Program Files\Winamp\winampa.exe ()

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] I:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)

O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = I:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = I:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = I:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -I:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) -I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: fastabel - (I:\WINDOWS\system32\cmdl2bin.dll) - File not found

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/12 17:27:35 | 000,581,632 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\Owner\Desktop\OTL.exe

[2011/09/06 18:44:08 | 000,607,260 | R--- | C] (Swearware) -- I:\Documents and Settings\Owner\Desktop\dds1.scr

[2011/09/06 18:38:57 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Owner\My Documents\tdsskiller

[2011/08/30 06:06:49 | 000,607,260 | R--- | C] (Swearware) -- I:\Documents and Settings\Owner\Desktop\dds.scr

[2011/08/30 05:59:52 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- I:\Documents and Settings\Owner\Desktop\mbam-setup.exe

[2011/08/30 05:33:50 | 000,000,000 | ---D | C] -- I:\Program Files\ATI Technologies

[2011/08/30 04:38:04 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Carbonite

[2011/08/30 04:37:48 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/08/30 04:37:40 | 000,000,000 | ---D | C] -- I:\Program Files\Malwarebytes' Anti-Malware

[2011/08/30 04:37:40 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Owner\Application Data\Malwarebytes

[2011/08/30 04:37:40 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/08/30 03:15:40 | 000,000,000 | -HSD | C] -- I:\Config.Msi

[2006/05/19 08:17:50 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- I:\Program Files\Common Files\SM1updtr.dll

[4 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

[1 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/12 17:31:41 | 000,013,646 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl

[2011/09/12 17:31:29 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat

[2011/09/12 17:27:36 | 000,581,632 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Owner\Desktop\OTL.exe

[2011/09/06 18:44:19 | 000,607,260 | R--- | M] (Swearware) -- I:\Documents and Settings\Owner\Desktop\dds1.scr

[2011/09/06 18:38:10 | 001,386,462 | ---- | M] () -- I:\Documents and Settings\Owner\My Documents\tdsskiller.zip

[2011/08/30 06:29:42 | 000,302,592 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\ho9bi5w2.exe

[2011/08/30 06:06:50 | 000,607,260 | R--- | M] (Swearware) -- I:\Documents and Settings\Owner\Desktop\dds.scr

[2011/08/30 06:05:35 | 000,050,477 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\Defogger.exe

[2011/08/30 05:59:52 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- I:\Documents and Settings\Owner\Desktop\mbam-setup.exe

[2011/08/30 05:04:04 | 000,126,912 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT

[4 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

[1 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/06 18:38:05 | 001,386,462 | ---- | C] () -- I:\Documents and Settings\Owner\My Documents\tdsskiller.zip

[2011/08/30 06:29:39 | 000,302,592 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\ho9bi5w2.exe

[2011/08/30 06:05:34 | 000,050,477 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\Defogger.exe

[2011/06/29 20:26:59 | 000,079,448 | ---- | C] () -- I:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/04/17 10:47:52 | 000,232,968 | ---- | C] () -- I:\WINDOWS\System32\nvdrsdb0.bin

[2011/04/17 10:47:50 | 000,232,968 | ---- | C] () -- I:\WINDOWS\System32\nvdrsdb1.bin

[2011/04/17 10:47:50 | 000,000,001 | ---- | C] () -- I:\WINDOWS\System32\nvdrssel.bin

[2011/04/17 10:15:36 | 000,000,010 | ---- | C] () -- I:\WINDOWS\WININIT.INI

[2010/07/09 18:38:00 | 002,195,030 | ---- | C] () -- I:\WINDOWS\System32\nvdata.bin

[2010/03/05 18:54:07 | 000,261,632 | ---- | C] () -- I:\WINDOWS\PEV.exe

[2010/03/05 18:54:07 | 000,098,816 | ---- | C] () -- I:\WINDOWS\sed.exe

[2010/03/05 18:54:07 | 000,080,412 | ---- | C] () -- I:\WINDOWS\grep.exe

[2010/03/05 18:54:07 | 000,077,312 | ---- | C] () -- I:\WINDOWS\MBR.exe

[2010/03/05 18:54:07 | 000,068,096 | ---- | C] () -- I:\WINDOWS\zip.exe

[2010/03/04 21:15:55 | 000,013,836 | -HS- | C] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\04lB

[2010/02/25 20:39:50 | 000,014,142 | -HS- | C] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\7EgpN4

[2007/02/24 14:40:48 | 000,000,067 | ---- | C] () -- I:\WINDOWS\AoADVDRipper.INI

[2007/02/24 14:39:08 | 000,003,082 | ---- | C] () -- I:\WINDOWS\System32\affv9553p6now.sys

[2006/12/27 21:45:18 | 000,108,134 | ---- | C] () -- I:\Documents and Settings\Owner\Application Data\fontlst2.opf

[2006/10/07 15:41:05 | 000,000,754 | ---- | C] () -- I:\WINDOWS\WORDPAD.INI

[2006/08/08 18:17:33 | 000,000,101 | ---- | C] () -- I:\WINDOWS\QHI.INI

[2006/08/08 18:13:43 | 000,000,028 | ---- | C] () -- I:\WINDOWS\ICOA.INI

[2006/08/08 18:13:33 | 000,000,000 | ---- | C] () -- I:\WINDOWS\QFN.ini

[2006/08/08 18:13:33 | 000,000,000 | ---- | C] () -- I:\WINDOWS\QDQICK.ini

[2006/08/08 17:51:52 | 000,000,185 | ---- | C] () -- I:\WINDOWS\intuprof.ini

[2006/08/08 17:51:51 | 000,007,102 | ---- | C] () -- I:\WINDOWS\ICOADB32.DAT

[2006/08/08 17:51:27 | 000,000,856 | ---- | C] () -- I:\WINDOWS\QUICKEN.INI

[2006/06/11 21:10:56 | 000,031,744 | ---- | C] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/06/11 15:05:47 | 000,000,291 | ---- | C] () -- I:\WINDOWS\msfsetup.ini

[2006/06/08 08:13:34 | 000,000,029 | ---- | C] () -- I:\WINDOWS\atid.ini

[2006/06/01 16:44:38 | 000,000,022 | ---- | C] () -- I:\WINDOWS\kodakpcd.Owner.ini

[2006/05/27 22:23:37 | 000,528,384 | ---- | C] () -- I:\WINDOWS\System32\BladeEnc.dll

[2006/05/27 22:23:37 | 000,120,832 | ---- | C] () -- I:\WINDOWS\System32\ShnDll32.dll

[2006/05/23 21:04:32 | 000,000,029 | ---- | C] () -- I:\WINDOWS\DEBUGSM.INI

[2006/05/18 14:57:55 | 000,000,021 | ---- | C] () -- I:\WINDOWS\PI_setup.ini

[2006/05/18 14:57:45 | 000,033,797 | ---- | C] () -- I:\WINDOWS\System32\EPPICPrinterDB.dat

[2006/05/18 14:57:45 | 000,020,910 | ---- | C] () -- I:\WINDOWS\System32\EPPICPattern2.dat

[2006/05/18 14:57:45 | 000,020,869 | ---- | C] () -- I:\WINDOWS\System32\EPPICPattern1.dat

[2006/05/18 14:57:45 | 000,000,022 | ---- | C] () -- I:\WINDOWS\System32\PICSDK.ini

[2006/05/18 14:56:29 | 000,096,768 | ---- | C] () -- I:\WINDOWS\SlantAdj.dll

[2006/05/18 14:56:29 | 000,003,136 | ---- | C] () -- I:\WINDOWS\Ade001.bin

[2006/05/18 14:56:29 | 000,000,072 | ---- | C] () -- I:\WINDOWS\System32\epDPE.ini

[2006/05/18 14:47:22 | 000,000,227 | ---- | C] () -- I:\WINDOWS\EPSON RX620 Installer.ini

[2006/05/13 11:07:36 | 000,053,248 | ---- | C] () -- I:\WINDOWS\System32\pxhpinst.exe

[2006/05/13 08:04:26 | 000,000,715 | ---- | C] () -- I:\WINDOWS\aolback.exe.lnk

[2006/05/13 08:02:13 | 000,000,335 | ---- | C] () -- I:\WINDOWS\nsreg.dat

[2006/05/12 23:43:42 | 000,086,016 | ---- | C] () -- I:\WINDOWS\aeirem.exe

[2006/05/12 23:43:42 | 000,000,196 | ---- | C] () -- I:\WINDOWS\aeirem.ini

[2006/05/09 21:27:04 | 000,000,128 | ---- | C] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat

[2006/05/09 18:46:14 | 000,131,072 | ---- | C] () -- I:\WINDOWS\System32\e1000msg.dll

[2006/05/09 17:44:00 | 000,002,048 | --S- | C] () -- I:\WINDOWS\bootstat.dat

[2006/05/09 17:37:47 | 000,021,640 | ---- | C] () -- I:\WINDOWS\System32\emptyregdb.dat

[2006/05/09 13:30:04 | 000,004,161 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI

[2006/05/09 13:29:04 | 000,126,912 | ---- | C] () -- I:\WINDOWS\System32\FNTCACHE.DAT

[2005/02/03 23:59:48 | 000,118,784 | ---- | C] () -- I:\WINDOWS\System32\metaflac.exe

[2005/02/03 23:59:44 | 000,217,088 | ---- | C] () -- I:\WINDOWS\System32\flac.exe

[2004/08/10 08:00:00 | 000,673,088 | ---- | C] () -- I:\WINDOWS\System32\mlang.dat

[2004/08/10 08:00:00 | 000,546,034 | ---- | C] () -- I:\WINDOWS\System32\perfh009.dat

[2004/08/10 08:00:00 | 000,272,128 | ---- | C] () -- I:\WINDOWS\System32\perfi009.dat

[2004/08/10 08:00:00 | 000,218,003 | ---- | C] () -- I:\WINDOWS\System32\dssec.dat

[2004/08/10 08:00:00 | 000,106,864 | ---- | C] () -- I:\WINDOWS\System32\perfc009.dat

[2004/08/10 08:00:00 | 000,046,258 | ---- | C] () -- I:\WINDOWS\System32\mib.bin

[2004/08/10 08:00:00 | 000,028,626 | ---- | C] () -- I:\WINDOWS\System32\perfd009.dat

[2004/08/10 08:00:00 | 000,027,440 | ---- | C] () -- I:\WINDOWS\System32\drivers\secdrv.sys

[2004/08/10 08:00:00 | 000,004,569 | ---- | C] () -- I:\WINDOWS\System32\secupd.dat

[2004/08/10 08:00:00 | 000,001,788 | ---- | C] () -- I:\WINDOWS\System32\Dcache.bin

[2004/08/10 08:00:00 | 000,000,741 | ---- | C] () -- I:\WINDOWS\System32\noise.dat

[2002/05/28 14:55:42 | 013,107,200 | ---- | C] () -- I:\WINDOWS\System32\oembios.bin

[2002/05/28 14:54:40 | 000,004,605 | ---- | C] () -- I:\WINDOWS\System32\oembios.dat

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 9/12/2011 5:32:07 PM - Run 1

OTL by OldTimer - Version 3.2.28.0 Folder = I:\Documents and Settings\Owner\Desktop

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.36 Mb Total Physical Memory | 828.55 Mb Available Physical Memory | 80.96% Memory free

2.40 Gb Paging File | 2.34 Gb Available in Paging File | 97.25% Paging File free

Paging file location(s): I:\pagefile.sys 1536 4096 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files

Drive I: | 232.88 Gb Total Space | 70.73 Gb Free Space | 30.37% Space Free | Partition Type: NTFS

Computer Name: KENNY-577585BD9 | User Name: Owner | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Generate MD5 Signatures] -- "I:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise)

Directory [Winamp.Bookmark] -- "I:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "I:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "I:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"I:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = I:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)

"I:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = I:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)

"I:\Program Files\America Online 9.0\waol.exe" = I:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

"I:\Program Files\America Online 9.0a\waol.exe" = I:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"I:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = I:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)

"I:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = I:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)

"I:\Program Files\America Online 9.0\waol.exe" = I:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

"I:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = I:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)

"I:\Program Files\Common Files\AOL\Loader\aolload.exe" = I:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"I:\Program Files\Common Files\AOL\1149769522\ee\aolsoftware.exe" = I:\Program Files\Common Files\AOL\1149769522\ee\aolsoftware.exe:*:Enabled:AOL Services -- (AOL LLC)

"I:\Program Files\Common Files\AOL\1149769522\ee\aim6.exe" = I:\Program Files\Common Files\AOL\1149769522\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)

"I:\Program Files\America Online 9.0a\waol.exe" = I:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- (America Online, Inc.)

"I:\Program Files\Full Tilt Poker\FullTiltPoker.exe" = I:\Program Files\Full Tilt Poker\FullTiltPoker.exe:*:Enabled:Full Tilt Poker -- ()

"I:\Program Files\America Online 9.0a\aol.exe" = I:\Program Files\America Online 9.0a\aol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

"I:\Program Files\PokerStars.NET\PokerStarsUpdate.exe" = I:\Program Files\PokerStars.NET\PokerStarsUpdate.exe:*:Enabled:PokerStars.net -- (PokerStars)

"I:\Program Files\Actiontec\DslAOL\napamon.exe" = I:\Program Files\Actiontec\DslAOL\napamon.exe:*:Enabled:Actiontec Home DSL Monitor -- ()

"I:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = I:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)

"I:\Program Files\AOL 9.1\waol.exe" = I:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)

"I:\Program Files\Common Files\AOL\System Information\sinf.exe" = I:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation

"{34566374-6C4D-419F-A9E0-8B21CA905FD8}" = ATI Catalyst Control Center

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{47D2D455-2C1C-4922-A520-3E3466D783E1}" = Sony Media Manager 2.0

"{48841A74-2C0D-43D4-BF6E-6B775CD87B4D}" = PGS

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0

"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM

"{576FBE17-EBF2-4CC7-87A4-A28034CBE424}" = Sony Vegas 6.0b

"{5817AD6D-0A4E-4B56-A09E-9861F6D5A194}" = Sony DVD Architect 3.0a

"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service

"{5CB34832-06F1-4511-AFA6-DB1271C3F0EC}" = Actiontec USB/Ethernet Home DSL Monitor

"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes

"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite

"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3

"{689404D2-1C94-44B3-9203-BEC5594FDA7A}" = Microsoft SQL Server Desktop Engine (NeatReceipts Professional)

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel

"{6CCDF4E6-D2AE-4DD8-80FD-F9AFF951AEAE}" = Adobe Premiere Elements 1.0

"{6F845B05-8B76-4302-A808-7FB21E2BC5E6}" = Sony DVD Handycam USB Driver

"{7106DFFD-2C84-11D7-A490-00C0DF117E72}" = SSuite Personal Office

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries

"{7E545666-F420-45FD-B3DF-C0B99A1A579F}" = QuickBooks Simple Start Edition

"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec USB/Ethernet Home DSL Modem

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0

"{AE704636-ECD0-426C-952E-05B8DABD1949}" = EPSON PhotoStarter3.2

"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster

"{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb

"{FD350FC2-A972-427D-800B-A2D200ACFF41}" = ImageMixer for Sony DVD Handycam

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)

"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver

"BurnWorld.Com BurnOn CD&DVD_is1" = BurnOn CD&DVD, Version 3.1.0 ( Build 2005-10-26, Win32, )

"Carbonite Backup" = Carbonite

"EPSON Printer and Utilities" = EPSON Printer Software

"EPSON Scanner" = EPSON Scan

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"FLAC" = FLAC Installer 1.1.2a (remove only)

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"mkwACT" = mkw Audio Compression Toolkit

"mkwMFCRTL" = mkw Runtime Libraries

"MWASPI" = MicroStaff WINASPI

"NeatReceipts Professional" = NeatReceipts Professional v2.5.5

"nik Color Efex Pro 2.0 Promo II" = nik Color Efex Pro 2.0 Promo II

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"PKR" = PKR

"PokerStars" = PokerStars

"PokerStars.net" = PokerStars.net

"Port Magic" = Pure Networks Port Magic

"PremElem10" = Adobe Premiere Elements 1.0

"PROSet" = Intel® PRO Network Adapters and Drivers

"Quicken 2001 Deluxe" = Quicken 2001 Deluxe

"RealPlayer 6.0" = RealPlayer Basic

"Silent Package Run-Time Sample" = EPSON SPRX620 Reference Guide

"SM1FX_AT" = USB Storage Adapter FX (SM1)

"StreetPlugin" = Learn2 Player (Uninstall Only)

"TestPokerStars.com" = TestPokerStars.com

"VLC media player" = VideoLAN VLC media player 0.8.5

"WGA" = Windows Genuine Advantage Validation Tool

"Winamp" = Winamp (remove only)

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format Runtime

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 7/18/2011 7:19:40 PM | Computer Name = KENNY-577585BD9 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 7/18/2011 7:19:45 PM | Computer Name = KENNY-577585BD9 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.5730.13, faulting module

flash10t.ocx, version 10.3.181.26, fault address 0x000027b2.

Error - 7/18/2011 7:20:11 PM | Computer Name = KENNY-577585BD9 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This operation returned because the timeout period expired.

Error - 7/18/2011 7:20:11 PM | Computer Name = KENNY-577585BD9 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 7/18/2011 7:20:14 PM | Computer Name = KENNY-577585BD9 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 7/18/2011 7:20:14 PM | Computer Name = KENNY-577585BD9 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 7/18/2011 7:20:52 PM | Computer Name = KENNY-577585BD9 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.5730.13, faulting module

flash10t.ocx, version 10.3.181.26, fault address 0x000027b2.

Error - 8/30/2011 3:08:52 AM | Computer Name = KENNY-577585BD9 | Source = MsiInstaller | ID = 11706

Description = Product: ATI Catalyst Control Center -- Error 1706.No valid source

could be found for product ATI Catalyst Control Center. The Windows Installer

cannot continue.

Error - 9/6/2011 6:39:16 PM | Computer Name = KENNY-577585BD9 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This operation returned because the timeout period expired.

Error - 9/6/2011 6:40:16 PM | Computer Name = KENNY-577585BD9 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This operation returned because the timeout period expired.

[ System Events ]

Error - 9/12/2011 5:31:53 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service CarboniteService

with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 9/12/2011 5:31:53 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service CarboniteService

with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 9/12/2011 5:31:53 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service CarboniteService

with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 9/12/2011 5:31:53 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service CarboniteService

with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 9/12/2011 5:31:53 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service CarboniteService

with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 9/12/2011 5:31:53 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service CarboniteService

with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 9/12/2011 5:31:53 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service CarboniteService

with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 9/12/2011 5:31:53 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service CarboniteService

with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 9/12/2011 5:31:58 PM | Computer Name = KENNY-577585BD9 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/12/2011 5:33:15 PM | Computer Name = KENNY-577585BD9 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

ASPI32 Fips intelppm

< End of report >

Link to post
Share on other sites

When I double click on combo fix it appears to start running, but never gets past the blue screen that says it should take 10 minutes to run. No log ever produces and I have to manually shut my computer down by hitting the power button. Please note I can still only operate in safe mode, not sure if that has anything to do with it?

Link to post
Share on other sites

  • Staff

Hi,

Delete your copy of ComboFix. Grab a fresh copy and save t to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall

See if it will run successfully now. Stop it after half an hour of no activity.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Hi,

I sincerely apologize for the delay. Not sure how your post managed to slip through the cracks.

Let's try running it once more, in this way:

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall /nombr

See if it will run successfully now. Stop it after half an hour of no activity.

Link to post
Share on other sites

  • Staff

Hi,

Regular Safe Mode is fine.

Click Start --> Run, enter cmd.exe, and press Enter

In the black box that appears, enter this command exactly as shown:

chkdsk>"%userprofile%\desktop\chkdsk.txt"

Press Enter.

When it finishes, open chkdsk.txt on your Desktop and post its contents here.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.