Inactive Used Malware to remove worm, now
- Thread starter msta999
- Start date
- Status
Inspiron 5100
Laptop
2 512 ram sticks.
OTL logfile created on: 7/24/2010 12:57:55 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 316.00 Mb Available Physical Memory | 62.00% Memory free
459.00 Mb Paging File | 341.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 113.37 Gb Free Space | 76.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/11/19 15:26:54 | 000,455,944 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/07/21 17:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 19:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/12/27 19:39:30 | 000,166,520 | ---- | M] () [Auto] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2007/12/27 19:39:20 | 000,051,816 | ---- | M] () [Auto] -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)
SRV - [2006/11/03 22:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
DRV - [2010/02/02 09:50:19 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 13:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 13:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 15:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/28 16:56:45 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2008/03/13 09:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/13 09:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007/09/05 16:03:00 | 000,049,664 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/06/25 01:56:54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007/06/25 01:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/06/25 01:56:34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/06/18 23:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/06 00:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/06 00:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/06 00:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007/03/06 00:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007/03/06 00:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2005/11/10 14:54:56 | 000,402,944 | R--- | M] (Belkin Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2004/10/25 16:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2003/08/29 08:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/04/25 21:10:52 | 000,220,176 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2002/12/17 15:41:36 | 000,042,368 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 02:31:36 | 000,539,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/10/09 14:20:52 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/12 15:19:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 00:15:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/04 19:41:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/17 20:49:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010/07/18 13:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/04 14:19:05 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/08/04 14:19:05 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
O1 HOSTS File: ([2010/07/16 16:22:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.128.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/28 16:33:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Laptop
2 512 ram sticks.
OTL logfile created on: 7/24/2010 12:57:55 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 316.00 Mb Available Physical Memory | 62.00% Memory free
459.00 Mb Paging File | 341.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 113.37 Gb Free Space | 76.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/11/19 15:26:54 | 000,455,944 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/07/21 17:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 19:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/12/27 19:39:30 | 000,166,520 | ---- | M] () [Auto] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2007/12/27 19:39:20 | 000,051,816 | ---- | M] () [Auto] -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)
SRV - [2006/11/03 22:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
DRV - [2010/02/02 09:50:19 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 13:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 13:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 15:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/28 16:56:45 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2008/03/13 09:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/13 09:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007/09/05 16:03:00 | 000,049,664 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/06/25 01:56:54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007/06/25 01:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/06/25 01:56:34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/06/18 23:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/06 00:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/06 00:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/06 00:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007/03/06 00:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007/03/06 00:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2005/11/10 14:54:56 | 000,402,944 | R--- | M] (Belkin Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2004/10/25 16:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2003/08/29 08:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/04/25 21:10:52 | 000,220,176 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2002/12/17 15:41:36 | 000,042,368 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 02:31:36 | 000,539,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/10/09 14:20:52 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/12 15:19:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 00:15:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/04 19:41:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/17 20:49:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010/07/18 13:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/04 14:19:05 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/08/04 14:19:05 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
O1 HOSTS File: ([2010/07/16 16:22:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.128.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/28 16:33:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/07/23 18:43:03 | 000,552,960 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/07/23 18:43:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/18 00:48:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/16 16:30:43 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/07/16 16:21:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2010/07/16 16:21:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2010/07/16 14:02:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/16 13:54:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/16 13:54:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/16 13:54:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/16 13:54:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/16 13:54:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/16 13:49:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/16 13:42:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\VERIZON_BROAD
[2010/07/16 13:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/16 11:35:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/16 11:35:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/16 11:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/16 11:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/07/14 15:08:12 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/04 19:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/07/04 18:45:50 | 000,730,824 | ---- | C] (ammara.com) -- C:\WINDOWS\System32\DBPix20.ocx
[2010/07/04 18:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\DBPix 2.0.3
[2010/07/04 17:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reloaders Reference
[2010/06/28 04:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
========== Files - Modified Within 30 Days ==========
[2010/07/19 12:33:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/19 12:33:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/19 11:44:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/19 09:44:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/19 05:10:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/16 23:04:34 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-839522115-152049171-1708537768-1004.job
[2010/07/16 23:04:32 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-152049171-1708537768-1004.job
[2010/07/16 23:04:08 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/07/16 16:22:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/16 16:22:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/16 14:02:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/16 13:42:33 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/07/16 13:41:42 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/16 13:41:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\perf73845.dat
[2010/07/16 13:38:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/16 11:30:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/16 00:07:11 | 000,000,092 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/07 20:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/06 12:55:42 | 000,130,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/04 08:44:04 | 000,552,960 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
========== Files Created - No Company Name ==========
[2010/07/23 17:37:32 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
[2010/07/16 14:02:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/16 14:02:23 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/16 13:54:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/16 13:54:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/16 13:54:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/16 13:54:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/16 13:54:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/16 13:42:32 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/07/16 13:42:32 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/07/16 13:41:39 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/16 13:41:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\perf73845.dat
[2010/07/16 13:38:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/16 11:33:58 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/16 00:07:11 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/28 04:32:02 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/06/28 04:32:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/01/07 00:56:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/02 01:27:29 | 003,313,664 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2005/07/12 18:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/03/23 20:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/07/19 05:10:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
< End of report >
[2010/07/23 18:43:03 | 000,552,960 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/07/23 18:43:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/18 00:48:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/16 16:30:43 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/07/16 16:21:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2010/07/16 16:21:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2010/07/16 14:02:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/16 13:54:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/16 13:54:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/16 13:54:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/16 13:54:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/16 13:54:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/16 13:49:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/16 13:42:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\VERIZON_BROAD
[2010/07/16 13:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/16 11:35:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/16 11:35:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/16 11:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/16 11:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/07/14 15:08:12 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/04 19:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/07/04 18:45:50 | 000,730,824 | ---- | C] (ammara.com) -- C:\WINDOWS\System32\DBPix20.ocx
[2010/07/04 18:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\DBPix 2.0.3
[2010/07/04 17:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reloaders Reference
[2010/06/28 04:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
========== Files - Modified Within 30 Days ==========
[2010/07/19 12:33:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/19 12:33:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/19 11:44:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/19 09:44:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/19 05:10:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/16 23:04:34 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-839522115-152049171-1708537768-1004.job
[2010/07/16 23:04:32 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-152049171-1708537768-1004.job
[2010/07/16 23:04:08 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/07/16 16:22:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/16 16:22:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/16 14:02:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/16 13:42:33 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/07/16 13:41:42 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/16 13:41:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\perf73845.dat
[2010/07/16 13:38:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/16 11:30:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/16 00:07:11 | 000,000,092 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/07 20:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/06 12:55:42 | 000,130,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/04 08:44:04 | 000,552,960 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
========== Files Created - No Company Name ==========
[2010/07/23 17:37:32 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
[2010/07/16 14:02:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/16 14:02:23 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/16 13:54:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/16 13:54:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/16 13:54:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/16 13:54:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/16 13:54:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/16 13:42:32 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/07/16 13:42:32 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/07/16 13:41:39 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/16 13:41:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\perf73845.dat
[2010/07/16 13:38:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/16 11:33:58 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/16 00:07:11 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/28 04:32:02 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/06/28 04:32:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/01/07 00:56:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/02 01:27:29 | 003,313,664 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2005/07/12 18:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/03/23 20:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/07/19 05:10:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
< End of report >
Broni
Posts: 56,041 +516
Yeah, as far, as I can tell, we removed all visible bad entries, so we have to move to RAM issue.
Turn the laptop off.
Remove one RAM stick and try to start laptop normally.
If that doesn't work, switch sticks and try again.
Also, try different slots with each stick.
So, you have 4 combination to try.
Turn the laptop off.
Remove one RAM stick and try to start laptop normally.
If that doesn't work, switch sticks and try again.
Also, try different slots with each stick.
So, you have 4 combination to try.
.............
Broni
Posts: 56,041 +516
No, but it'll allow you to backup your data.
I did some search regarding Dell Inspiron 5100 and it looks like this particular model has some issues:
http://www.google.com/search?source...fai=CnjHPH2lKTJLTG4PSiAPy14DDBAAAAKoEBU_QgNOb
http://forums.techguy.org/windows-xp/522679-amount-memory-system-has-changed.html
http://forum.notebookreview.com/dell/188794-amount-system-memory-may-have-changed.html
I'm 99% sure, we're not dealing with any infection.
I mean, it's possible, your computer is not totally clean, but it's not your culprit at this moment.
OTL log shows everything what starts, when your computer boots and I don't see anything malicious there.
I did some search regarding Dell Inspiron 5100 and it looks like this particular model has some issues:
http://www.google.com/search?source...fai=CnjHPH2lKTJLTG4PSiAPy14DDBAAAAKoEBU_QgNOb
http://forums.techguy.org/windows-xp/522679-amount-memory-system-has-changed.html
http://forum.notebookreview.com/dell/188794-amount-system-memory-may-have-changed.html
I'm 99% sure, we're not dealing with any infection.
I mean, it's possible, your computer is not totally clean, but it's not your culprit at this moment.
OTL log shows everything what starts, when your computer boots and I don't see anything malicious there.
Broni
Posts: 56,041 +516
I believe, it's a pure coincidence.
It's simply impossible to say for sure.
Do you have any disks, that came with the laptop?
Do you know, if there is recovery partition there?
But....first things first. Take your time and backup your data before you try anything else.
I'm not saying anything for sure.
It's simply impossible to say for sure.
Do you have any disks, that came with the laptop?
Do you know, if there is recovery partition there?
But....first things first. Take your time and backup your data before you try anything else.
Broni
Posts: 56,041 +516
In that case, it looks like your only option is to remove the drive and slave it in working computer: http://articles.techrepublic.com.com/5100-10878_11-5160538.html
You did. I reboot the computer with the external drive connected, then the computer could see it and was able to get most of my files. the only thing I couldn't figure out is my bookmarks on Firefox browser. Just couldn't find them. I believe I got most of my pic's though and doc's.
I try'd the reinstallation cd, but the computer would not start it. I have everything that came with the computer, so I have all the discs.
Yes, I moved the cd line to the top (F2) and it still would not boot from the cd by it's self, in order to get it to work on even the OTLP disc, I had to go into F12 and select which drive to boot from. For some reason hitting F8 on bootup will not work. I have used F8 in the past, when a problem accured.
- Status
Similar threads
Latest posts
-
These credit cards feature OLEDs that light up upon payment- Uncle Al replied
-
Amazon denies reports it started a business just to spy on rivals- nitebird replied
-
PlayStation 5 Pro will be bigger, faster, and better using the same CPU
- anastrophe replied
