View Full Version : Browser Redirecting all the time
I am having the notorious browser redirection whenever I try to do searches on all search engines such as google or yahoo. I have run Malwarebytes Anti-malware software and it comes up clean. I have McAfee antivirus and it scanned my computer clean, also. I do not know where else to go except here. :)
My Hijack Log is as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:15 PM, on 3/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
D:\Program Files 2\palmOne\Hotsync.exe
D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\HPZipm12.exe
D:\Program Files 2\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files 2\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - D:\Program Files 2\DataVault\ie.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\Program Files 2\palmOne\Hotsync.exe
O4 - Global Startup: hp psc 2000 Series.lnk = D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Save to DataVault - file://D:\Program Files 2\DataVault\iemenuext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - F:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
--
End of file - 10082 bytes
Hello,
Its been four days and I am still having problems and I still haven't had any respones to my original request. This is my new updated Hijackthis log just in case somethings have changed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:35 PM, on 3/26/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
D:\Program Files 2\palmOne\Hotsync.exe
D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\WINDOWS\system32\HPZipm12.exe
D:\Program Files 2\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files 2\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - D:\Program Files 2\DataVault\ie.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\Program Files 2\palmOne\Hotsync.exe
O4 - Global Startup: hp psc 2000 Series.lnk = D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Save to DataVault - file://D:\Program Files 2\DataVault\iemenuext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1269584490093
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269583947859
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - F:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
--
End of file - 10729 bytes
shinybeast
2010-03-27, 01:20
Hello and welcome to Safer Networking Forums
My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.
Please follow these guidelines as we work to clean your computer.
Read through the instructions before you perform them and if you have questions please ask before you perform them. Please do not guess. I will be happy to clarify or explain.
Perform all instructions in the order given.
Stick with the process until I give you an "all clean." If the symptoms are gone, it does not necessarily mean your computer is safe and secure.
Do not run any other tools to remove malware while we are working.
If your security software throws up warnings about some of these tools, please allow these tools to run.
If you have not done so, please take time to read the "BEFORE you POST" (http://forums.spybot.info/showthread.php?t=288) sticky where the preliminary tasks and conditions for receiving help at this forum are explained.
Scan with OTL
Click here (http://oldtimer.geekstogo.com/OTL.exe) to download OTL by OldTimer and save it to your Desktop
Close all other open windows, then double-click OTL http://i607.photobucket.com/albums/tt159/bnl68/cannedimages/otl.png to start the tool.
Under Output, ensure that Minimal Output is selected
Copy the text in the code box below and paste it into the Custom Scans/Fixes box (under the cyan line at the bottom of the window)
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
Click Run Scan in upper left of window.
When the scan is finished, two logs will open:
OTL.Txt <-- Will be opened
Extras.Txt <-- Will be minimized
Please post the contents of the two logs in your next reply.
Here are the OTL and Extras files.
OTL logfile created on: 3/26/2010 8:40:50 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 75.00 Gb Total Space | 62.38 Gb Free Space | 83.17% Space Free | Partition Type: NTFS
Drive D: | 100.00 Gb Total Space | 84.79 Gb Free Space | 84.79% Space Free | Partition Type: NTFS
Drive E: | 123.09 Gb Total Space | 80.87 Gb Free Space | 65.70% Space Free | Partition Type: NTFS
Drive F: | 5.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 698.64 Gb Total Space | 420.67 Gb Free Space | 60.21% Space Free | Partition Type: NTFS
Drive H: | 3.81 Gb Total Space | 0.13 Gb Free Space | 3.28% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: AMD
Current User Name: Emmett & Roz
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe (Teleca)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe (Teleca Sweden AB)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe (Teleca Sweden AB)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe (TODO: <Company name>)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe (Teleca AB)
PRC - C:\Program Files\Common Files\Teleca Shared\logger.exe (Popwire AB)
PRC - C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
PRC - C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Sweden AB)
PRC - C:\Program Files\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio)
PRC - D:\Program Files 2\palmOne\Hotsync.exe (PalmSource, Inc)
PRC - D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hposts08.exe (Hewlett-Packard Co.)
PRC - D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)
PRC - D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
PRC - D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Modules (SafeList) ==========
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (JavaQuickStarterService) -- File not found
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
SRV - (nSvcLog) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (SimpTcp) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (ForcewareWebInterface) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC1124 Inc)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys ()
DRV - (FXDrv32) -- D:\Program Files 2\Fox LiveUpdate\FXDrv32.sys (Your Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (NVTCP) -- C:\WINDOWS\system32\drivers\nvtcp.sys (NVIDIA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (cdudf_xp) -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\system32\drivers\dvd_2k.sys (Roxio)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys (Windows (R) 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\system32\drivers\Udfreadr.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\system32\drivers\mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\system32\drivers\Pwd_2k.sys (Roxio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: F:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Firefox\extensions\\datavault@ascendo.inc: D:\Program Files 2\DataVault\firefox [2009/07/26 20:29:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/23 16:13:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/25 22:37:47 | 000,000,000 | ---D | M]
[2008/08/26 23:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emmett & Roz\Application Data\Mozilla\Extensions
[2010/03/25 23:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emmett & Roz\Application Data\Mozilla\Firefox\Profiles\hlyrl83w.default\extensions
[2010/03/25 21:34:30 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Emmett & Roz\Application Data\Mozilla\Firefox\Profiles\hlyrl83w.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/03/21 20:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Emmett & Roz\Application Data\Mozilla\Firefox\Profiles\hlyrl83w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/10/04 05:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emmett & Roz\Application Data\Mozilla\Firefox\Profiles\hlyrl83w.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/03/25 23:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (DataVault Bar) - {0D792CB2-2654-4E99-A597-7FC317F04D61} - D:\Program Files 2\DataVault\ie.dll (Ascendo Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = D:\Program Files 2\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files 2\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Save to DataVault - D:\Program Files 2\DataVault\iemenuext.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1269584490093 (MUCatalogWebControl Class)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab (CPlayFirstDinerDash2Control Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269583947859 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/01 20:46:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/04 17:02:54 | 000,000,279 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{04aa6c64-5b9a-11de-ab9f-001558454c84}\Shell\AutoRun\command - "" = slacker.synclauncher.exe
O33 - MountPoints2\{04aa6c64-5b9a-11de-ab9f-001558454c84}\Shell\slacker\command - "" = slacker.synclauncher.exe
O33 - MountPoints2\{05767302-3157-11df-abe4-001558454c84}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{18d78fee-a334-11db-82b0-001558454c84}\Shell - "" = AutoRun
O33 - MountPoints2\{18d78fee-a334-11db-82b0-001558454c84}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{18d78fee-a334-11db-82b0-001558454c84}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2006/09/19 21:00:25 | 001,114,112 | R--- | M] ()
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/01/11 14:43:07 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)
========== Files/Folders - Created Within 30 Days ==========
[2010/03/26 02:10:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/21 21:20:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Emmett & Roz\Recent
[2010/03/21 20:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emmett & Roz\Application Data\QuickScan
[2010/03/21 09:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emmett & Roz\My Documents\Downloads
[2010/03/20 18:21:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/18 23:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/18 23:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/03/16 20:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/16 20:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/16 20:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/03/16 20:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emmett & Roz\Application Data\vlc
[2010/03/16 19:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/03/16 17:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/03 17:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/07/26 19:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/26 11:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/06/18 21:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/02/19 20:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/09/24 19:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/01/01 20:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/01/01 20:46:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/03/26 19:58:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/26 19:02:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cac6ee7160a75a.job
[2010/03/26 16:49:57 | 000,040,091 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/26 02:10:16 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/26 02:10:16 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/26 02:10:16 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/26 02:08:16 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/26 02:06:23 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/26 02:05:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/26 02:05:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/26 02:05:56 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/26 01:51:37 | 000,012,952 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3060145843
[2010/03/26 01:51:36 | 000,012,952 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\3121143946
[2010/03/26 01:51:25 | 000,012,940 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3121143946
[2010/03/26 01:51:25 | 000,012,940 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\2Q757bFxJ7S
[2010/03/26 01:42:03 | 000,012,940 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2Q757bFxJ7S
[2010/03/25 23:40:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/25 23:16:52 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Emmett & Roz\ntuser.dat
[2010/03/25 23:16:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\ntuser.ini
[2010/03/25 08:48:23 | 000,105,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvata.sys
[2010/03/24 19:44:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/23 16:13:16 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/23 05:51:01 | 000,014,514 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\1365645513
[2010/03/23 05:51:01 | 000,014,514 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1365645513
[2010/03/23 05:48:07 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Emmett & Roz\Desktop\Shortcut to rkill(2).com.pif
[2010/03/23 05:47:24 | 000,014,522 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\1489984059
[2010/03/23 05:47:24 | 000,014,522 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1489984059
[2010/03/23 05:47:13 | 000,014,522 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\Mh3jm32txN
[2010/03/23 05:47:12 | 000,014,518 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Mh3jm32txN
[2010/03/23 05:46:14 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/22 21:43:20 | 000,200,704 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\128822158.dll
[2010/03/21 11:02:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/21 10:39:44 | 022,061,994 | ---- | M] () -- C:\Documents and Settings\Emmett & Roz\Desktop\YouTube- Michael Jackson - Bad.mp4
[2010/03/20 18:21:13 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/03/16 20:19:26 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/03/16 20:08:16 | 018,499,623 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.5-win32.exe
[2010/03/16 16:51:09 | 000,010,500 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\p4RkMAQM
[2010/03/16 16:51:09 | 000,010,500 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\p4RkMAQM
[2010/03/15 01:00:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/03/13 18:16:06 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\Emmett & Roz\Desktop\Microsoft Streets & Trips.lnk
[2010/03/13 17:36:55 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/13 06:38:08 | 000,013,250 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\Ofp41Kak
[2010/03/07 07:18:26 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\Emmett & Roz\Desktop\CCleaner.lnk
[2010/03/01 02:00:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/03/26 01:51:33 | 000,012,952 | -HS- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\3121143946
[2010/03/26 01:51:33 | 000,012,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3060145843
[2010/03/26 01:50:14 | 000,012,940 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3121143946
[2010/03/26 01:50:14 | 000,012,940 | -HS- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\2Q757bFxJ7S
[2010/03/25 23:40:38 | 000,012,940 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\2Q757bFxJ7S
[2010/03/25 23:40:38 | 000,012,940 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2Q757bFxJ7S
[2010/03/23 05:49:08 | 000,014,514 | -HS- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\1365645513
[2010/03/23 05:49:08 | 000,014,514 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1365645513
[2010/03/23 05:48:23 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Emmett & Roz\Desktop\Shortcut to rkill(2).com.pif
[2010/03/23 05:47:23 | 000,014,522 | -HS- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\1489984059
[2010/03/23 05:47:23 | 000,014,522 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1489984059
[2010/03/23 05:46:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/23 05:46:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/23 05:46:10 | 000,014,518 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mh3jm32txN
[2010/03/22 21:53:30 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/22 21:37:20 | 000,200,704 | -HS- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\128822158.dll
[2010/03/22 21:36:59 | 000,014,522 | -HS- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\Mh3jm32txN
[2010/03/22 21:36:59 | 000,014,518 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Mh3jm32txN
[2010/03/21 10:39:43 | 022,061,994 | ---- | C] () -- C:\Documents and Settings\Emmett & Roz\Desktop\YouTube- Michael Jackson - Bad.mp4
[2010/03/18 18:57:54 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cac6ee7160a75a.job
[2010/03/16 20:19:26 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/03/16 19:56:37 | 018,499,623 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.5-win32.exe
[2010/03/16 16:46:39 | 000,010,500 | -HS- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\p4RkMAQM
[2010/03/16 16:46:39 | 000,010,500 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\p4RkMAQM
[2010/03/13 00:55:25 | 000,013,250 | -HS- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\Ofp41Kak
[2010/01/02 20:55:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
[2009/11/17 20:36:46 | 001,408,800 | ---- | C] () -- C:\Program Files\MoveMediaPlayerWin_071505000011.exe
[2009/09/06 09:44:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/05/16 19:22:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 17:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/13 19:30:19 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameZ.txt
[2007/07/02 20:21:36 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/07/02 20:21:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2007/06/26 22:03:43 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Emmett & Roz\Application Data\usb.dat.bin
[2007/04/08 16:14:12 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/26 22:32:31 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/03/18 16:31:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/02/02 19:53:01 | 000,111,376 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2007/02/02 19:53:01 | 000,040,752 | ---- | C] () -- C:\WINDOWS\System32\agcrypto.dll
[2007/01/28 22:21:31 | 000,000,158 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2007/01/28 22:21:30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2007/01/25 21:11:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/01/25 05:59:51 | 000,000,167 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/06 19:15:36 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/03 22:11:36 | 000,000,114 | ---- | C] () -- C:\WINDOWS\NVProfileManager.INI
[2007/01/03 22:11:19 | 000,000,108 | ---- | C] () -- C:\WINDOWS\NVMonitor.INI
[2007/01/02 00:32:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/01 22:36:40 | 000,000,080 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/01/01 22:35:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/13 01:48:18 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006/03/09 03:29:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/09 03:29:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/09 03:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/09 03:29:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/09 03:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/09 03:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/09 03:29:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/28 08:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2005/08/31 12:43:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2002/05/29 09:50:02 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2006/02/28 08:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2006/02/28 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2006/02/28 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2006/02/28 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2006/02/28 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NVATA.SYS >
[2010/03/25 08:48:23 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=DC1F9954B5EDDD147AF7E5C420BE7B93 -- C:\WINDOWS\system32\drivers\nvata.sys
< MD5 for: SCECLI.DLL >
[2006/02/28 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2006/02/28 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2007/08/22 09:12:16 | 000,357,888 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2007/08/22 09:12:16 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[16 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2007/01/11 14:47:42 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/01/11 19:12:16 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2007/01/11 14:47:42 | 018,612,224 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/01/11 14:47:42 | 007,077,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
========== Alternate Data Streams ==========
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BA6D322
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDBBA690
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E799D7F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73828A71
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDCEE6BF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948
< End of report >
OTL Extras logfile created on: 3/26/2010 8:40:50 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 75.00 Gb Total Space | 62.38 Gb Free Space | 83.17% Space Free | Partition Type: NTFS
Drive D: | 100.00 Gb Total Space | 84.79 Gb Free Space | 84.79% Space Free | Partition Type: NTFS
Drive E: | 123.09 Gb Total Space | 80.87 Gb Free Space | 65.70% Space Free | Partition Type: NTFS
Drive F: | 5.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 698.64 Gb Total Space | 420.67 Gb Free Space | 60.21% Space Free | Partition Type: NTFS
Drive H: | 3.81 Gb Total Space | 0.13 Gb Free Space | 3.28% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: AMD
Current User Name: Emmett & Roz
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files 2\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files 2\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files 2\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files 2\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"D:\Program Files 2\Veoh Networks\Veoh\VeohClient.exe" = D:\Program Files 2\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client -- (Veoh Networks)
"C:\Documents and Settings\Emmett & Roz\Application Data\U3\0000060421109868\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe" = C:\Documents and Settings\Emmett & Roz\Application Data\U3\0000060421109868\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:Skype -- File not found
"C:\Documents and Settings\Emmett & Roz\Application Data\U3\0000186F6A60CEB7\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe" = C:\Documents and Settings\Emmett & Roz\Application Data\U3\0000186F6A60CEB7\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype -- File not found
"D:\Program Files 2\iTunes\iTunes.exe" = D:\Program Files 2\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"F:\Program Files\BitTorrent\bittorrent.exe" = F:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"G:\Program Files\BitTorrent\bittorrent.exe" = G:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1C220811-048F-4D60-B42E-B86027C57372}" = LightScribe 1.4.119.1
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41369F9D-FF51-464F-9FFB-33198BA24CC9}" = USB Modem Driver
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{62880A3B-2F9C-4C58-8FFA-1DA280262B5E}" = BlackBerry Device Software Updater
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver
"{747D1B34-A1FC-4EF3-A6AE-E86F39CEFDE5}" = Roxio Easy Media Creator 7 Basic DVD Edition
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7EC9E7A1-A576-43C8-9CBB-31BD5625EBCA}" = LiveUpdate
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = HP Photo and Imaging 1.0 - PSC 2000 Series
"{8867CEBD-E6C0-4C7A-83B3-9E45669A1033}" = Nero 7 Essentials
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{94F6AE6D-3339-4FC9-9BD2-C6B82D975DBF}" = HTC Sync
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A96172-A963-4A37-9FFB-DA6805BB915A}" = VeohTV BETA
"{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}" = Readiris 7.5
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}" = AvantGo Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{DA80700F-068D-11DF-9686-005056806466}" = Google Earth Plug-in
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{ED93995E-8BF2-480F-8EA4-7D29E29A7052}" = HP Photo and Imaging 1.0 - PSC 2000 Series Drivers
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"3DGroove" = 3D Groove Playback Engine
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.47 beta
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"CCleaner" = CCleaner
"Core FTP LE 2.0" = Core FTP LE 2.0
"DataVault" = Ascendo DataVault 4.4.5
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"HijackThis" = HijackThis 2.0.2
"hp psc 2200 series_Driver" = hp psc 2200 series
"ImgBurn" = ImgBurn (Remove Only)
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{41369F9D-FF51-464F-9FFB-33198BA24CC9}" = USB Modem Driver
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{97A96172-A963-4A37-9FFB-DA6805BB915A}" = VeohTV BETA
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Pocket Quicken 2.5 for Palm OS" = Pocket Quicken 2.5 for Palm OS
"PSC 2000 Series" = HP Photo and Imaging 1.0 - PSC 2000 Series
"SereneScene Marine Aquarium 2" = SereneScene Marine Aquarium 2
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Test My Hardware_is1" = Test My Hardware 3.0
"UnityWebPlayer" = Unity Web Player
"VLC media player" = VLC media player 1.0.5
"Vuze" = Vuze
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/26/2010 7:15:25 AM | Computer Name = AMD | Source = Google Update | ID = 20
Description =
Error - 3/26/2010 8:15:25 AM | Computer Name = AMD | Source = Google Update | ID = 20
Description =
Error - 3/26/2010 9:15:25 AM | Computer Name = AMD | Source = Google Update | ID = 20
Description =
Error - 3/26/2010 10:15:25 AM | Computer Name = AMD | Source = Google Update | ID = 20
Description =
Error - 3/26/2010 11:15:25 AM | Computer Name = AMD | Source = Google Update | ID = 20
Description =
Error - 3/26/2010 12:15:25 PM | Computer Name = AMD | Source = Google Update | ID = 20
Description =
Error - 3/26/2010 1:15:25 PM | Computer Name = AMD | Source = Google Update | ID = 20
Description =
Error - 3/26/2010 2:15:25 PM | Computer Name = AMD | Source = Google Update | ID = 20
Description =
Error - 3/26/2010 3:15:25 PM | Computer Name = AMD | Source = Google Update | ID = 20
Description =
Error - 3/26/2010 4:15:25 PM | Computer Name = AMD | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 3/25/2010 11:19:33 PM | Computer Name = AMD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.
Error - 3/25/2010 11:23:59 PM | Computer Name = AMD | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
Error - 3/26/2010 1:52:45 AM | Computer Name = AMD | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 3/26/2010 1:52:45 AM | Computer Name = AMD | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).
Error - 3/26/2010 2:06:06 AM | Computer Name = AMD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 3/26/2010 2:06:06 AM | Computer Name = AMD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 3/26/2010 2:07:35 AM | Computer Name = AMD | Source = Service Control Manager | ID = 7024
Description = The Forceware Web Interface service terminated with service-specific
error 1 (0x1).
Error - 3/26/2010 2:07:35 AM | Computer Name = AMD | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%3
Error - 3/26/2010 2:07:35 AM | Computer Name = AMD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.
Error - 3/26/2010 2:12:38 AM | Computer Name = AMD | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
< End of report >
shinybeast
2010-03-27, 06:24
Hello soar3,
P2P Software
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
BitTorrent
DNA
Vuze
I'd like you to read File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282) where this forum's policy is explained.
P2P is the main source of malware. If you continue to use P2P, your computer will be infected again.
If you would like to continue, you must go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Warning: Any existing remnants of the program may be removed during cleaning.
Scan with GMER
Click here (http://www.gmer.net/download.php) to download GMER Rootkit Scanner and save it to your desktop.
Disconnect your computer from the internet and disable all security software before starting the scan.
NOTE: To disable McAfee SecurityCenter
Locate McAfee http://i607.photobucket.com/albums/tt159/bnl68/cannedimages/mcafeesc.png icon in the system tray and double-click it to open McAfee SecurityCenter
Click Advanced Menu or Basic Menu in the lower left of the window.
Click Computer & Files, then click http://i607.photobucket.com/albums/tt159/bnl68/cannedimages/mcarrow.png in the right pane.
Under Virus Protection is enabled, select (tick) Off
In the popup window, select Never in the drop-down menu, then click OK
Select (tick) Off for all other modules installed (Spyware, SystemGuard, etc.)
Click Advanced Menu or Basic Menu in the lower left of the window.
Click Internet & Network, then click http://i607.photobucket.com/albums/tt159/bnl68/cannedimages/mcarrow.png in the right pane.
Under Firewall Protection is enabled, select (tick) Off
In the popup window, select Never in the drop-down menu, then click OK
Close McAfee SecurityCenter
Double click the randomly named GMER file. If asked to allow gmer to run, please allow it.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
http://i266.photobucket.com/albums/ii277/sUBs_/th_Gmer_initScan.gif (http://i266.photobucket.com/albums/ii277/sUBs_/Gmer_initScan.gif)
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following boxes:
Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All
Then click the Scan button and wait for it to finish
Once done click on the Save.. button at lower right, and in the File name area, type in "ark.txt" (include the quotes or it will save as a .log file)
Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.
IMPORTANT: After tools have run and any necessary reboots have occurred, open McAfee SecurityCenter and click the http://i607.photobucket.com/albums/tt159/bnl68/cannedimages/mcfix.png button in the upper right of the window to enable protection.
Please reply with the GMER log (ark.txt).
Here is the result of the GMER scan (ark.txt):
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-27 08:02:41
Windows 5.1.2600 Service Pack 2
Running: xoswrl09.exe; Driver: C:\DOCUME~1\EMMETT~1\LOCALS~1\Temp\pxtdrpow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAC76578A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAC765738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAC76574C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAC7657CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAC765710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAC765724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAC76579E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAC765776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAC765762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAC7657F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAC7657E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAC7657B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device -> \Driver\nvata \Device\Harddisk0\DR0 8A601CA1
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\nvata.sys suspicious modification
---- EOF - GMER 1.0.15 ----
shinybeast
2010-03-27, 17:26
Hi soar3,
Do you have or can you locate chipset drivers for your computer?
Would that be on my XP CD? If so, I do have that disk.
shinybeast
2010-03-27, 18:22
You have an infection in nvata.sys. OTL says you do not have a replacement on-board. The best thing to do is reinstall chipset drivers which can be acquired from the manufacturer of the computer (or motherboard if you built the computer yourself). What is the make model of your computer (or motherboard)?
Yes, I built my computer myself and I have a Foxconn CS1xEM2AA motherboard powered by Nvidia and do have all of the drivers. Should I just simply reload the one driver in question?
shinybeast
2010-03-27, 19:55
You should have a CD with drivers for your motherboard. Load it up and reinstall the chipset drivers. Then scan with OTL.
Scan with OTL
Click here (http://oldtimer.geekstogo.com/OTL.exe) to download OTL by OldTimer and save it to your Desktop
Close all other open windows, then double-click OTL http://i607.photobucket.com/albums/tt159/bnl68/cannedimages/otl.png to start the tool.
Under Output, ensure that Minimal Output is selected
Copy the text in the code box below and paste it into the Custom Scans/Fixes box (under the cyan line at the bottom of the window)
/md5start
nvata.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
Click Run Scan in upper left of window.
When the scan is finished, one log will open
Please post the contents of the OTL.txt in your next reply.
OTL logfile created on: 3/27/2010 4:05:12 PM - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 75.00 Gb Total Space | 61.98 Gb Free Space | 82.63% Space Free | Partition Type: NTFS
Drive D: | 100.00 Gb Total Space | 84.79 Gb Free Space | 84.79% Space Free | Partition Type: NTFS
Drive E: | 123.09 Gb Total Space | 80.87 Gb Free Space | 65.70% Space Free | Partition Type: NTFS
Drive F: | 5.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 698.64 Gb Total Space | 425.03 Gb Free Space | 60.84% Space Free | Partition Type: NTFS
Drive H: | 3.81 Gb Total Space | 0.13 Gb Free Space | 3.28% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive Y: | 468.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: AMD
Current User Name: Emmett & Roz
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - D:\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe (Teleca)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe (Teleca Sweden AB)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe (Teleca Sweden AB)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe (TODO: <Company name>)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe (Teleca AB)
PRC - C:\Program Files\Common Files\Teleca Shared\logger.exe (Popwire AB)
PRC - C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
PRC - C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Sweden AB)
PRC - C:\Program Files\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio)
PRC - D:\Program Files 2\palmOne\Hotsync.exe (PalmSource, Inc)
PRC - D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hposts08.exe (Hewlett-Packard Co.)
PRC - D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)
PRC - D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
PRC - D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Modules (SafeList) ==========
MOD - D:\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (JavaQuickStarterService) -- File not found
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
SRV - (nSvcLog) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (SimpTcp) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (ForcewareWebInterface) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC1124 Inc)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys ()
DRV - (FXDrv32) -- D:\Program Files 2\Fox LiveUpdate\FXDrv32.sys (Your Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (NVTCP) -- C:\WINDOWS\system32\drivers\nvtcp.sys (NVIDIA Corporation)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (cdudf_xp) -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\system32\drivers\dvd_2k.sys (Roxio)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys (Windows (R) 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\system32\drivers\Udfreadr.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\system32\drivers\mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\system32\drivers\Pwd_2k.sys (Roxio)
DRV - (FXDRV) -- Y:\Fxdrv.sys (Foxconn)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: F:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Firefox\extensions\\datavault@ascendo.inc: D:\Program Files 2\DataVault\firefox [2009/07/26 20:29:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/23 16:13:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/27 00:32:34 | 000,000,000 | ---D | M]
[2008/08/26 23:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emmett & Roz\Application Data\Mozilla\Extensions
[2010/03/27 13:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emmett & Roz\Application Data\Mozilla\Firefox\Profiles\hlyrl83w.default\extensions
[2010/03/25 21:34:30 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Emmett & Roz\Application Data\Mozilla\Firefox\Profiles\hlyrl83w.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/03/21 20:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Emmett & Roz\Application Data\Mozilla\Firefox\Profiles\hlyrl83w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/10/04 05:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emmett & Roz\Application Data\Mozilla\Firefox\Profiles\hlyrl83w.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/03/27 08:17:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (DataVault Bar) - {0D792CB2-2654-4E99-A597-7FC317F04D61} - D:\Program Files 2\DataVault\ie.dll (Ascendo Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = D:\Program Files 2\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = D:\Program Files 2\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files 2\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Save to DataVault - D:\Program Files 2\DataVault\iemenuext.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1269584490093 (MUCatalogWebControl Class)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab (CPlayFirstDinerDash2Control Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269583947859 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/01 20:46:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/04 17:02:54 | 000,000,279 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/07/31 02:55:00 | 000,000,043 | R--- | M] () - Y:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{04aa6c64-5b9a-11de-ab9f-001558454c84}\Shell\AutoRun\command - "" = slacker.synclauncher.exe
O33 - MountPoints2\{04aa6c64-5b9a-11de-ab9f-001558454c84}\Shell\slacker\command - "" = slacker.synclauncher.exe
O33 - MountPoints2\{05767302-3157-11df-abe4-001558454c84}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{18d78fee-a334-11db-82b0-001558454c84}\Shell - "" = AutoRun
O33 - MountPoints2\{18d78fee-a334-11db-82b0-001558454c84}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{18d78fee-a334-11db-82b0-001558454c84}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2d4f18c2-99cf-11db-826a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{2d4f18c2-99cf-11db-826a-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d4f18c2-99cf-11db-826a-806d6172696f}\Shell\AutoRun\command - "" = Y:\setup.exe -- [2006/04/18 05:02:10 | 000,229,376 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2006/09/19 21:00:25 | 001,114,112 | R--- | M] ()
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16610416650092544)
========== Files/Folders - Created Within 30 Days ==========
[2010/03/27 16:01:44 | 000,000,000 | ---D | C] -- C:\NV24963488.TMP
[2010/03/27 16:01:44 | 000,000,000 | ---D | C] -- C:\NV17522816.TMP
[2010/03/27 16:01:19 | 000,208,384 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\fdco1ins.dll
[2010/03/27 16:01:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV36443720.TMP
[2010/03/27 16:01:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/27 15:35:52 | 000,442,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\CapabilityTable.exe
[2010/03/27 15:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV4706445548.TMP
[2010/03/27 09:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emmett & Roz\Application Data\InstallShield
[2010/03/21 21:20:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Emmett & Roz\Recent
[2010/03/21 20:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emmett & Roz\Application Data\QuickScan
[2010/03/21 09:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emmett & Roz\My Documents\Downloads
[2010/03/20 18:21:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/18 23:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/18 23:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/03/16 20:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/16 20:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/16 20:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/03/16 20:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emmett & Roz\Application Data\vlc
[2010/03/16 19:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/03/16 17:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/03 17:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/07/26 19:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/26 11:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/06/18 21:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/02/19 20:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/09/24 19:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/01/01 20:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/01/01 20:46:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[23 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/03/27 16:01:43 | 000,040,233 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/27 15:58:32 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/27 15:58:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/27 15:57:34 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/27 15:57:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cac6ee7160a75a.job
[2010/03/27 15:57:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/27 15:57:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/27 15:57:23 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/27 15:54:25 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Emmett & Roz\ntuser.dat
[2010/03/27 15:54:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\ntuser.ini
[2010/03/27 15:41:47 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/27 15:41:47 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/27 15:41:47 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/27 00:36:06 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Emmett & Roz\Desktop\xoswrl09.exe
[2010/03/26 01:51:37 | 000,012,952 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3060145843
[2010/03/26 01:51:36 | 000,012,952 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\3121143946
[2010/03/26 01:51:25 | 000,012,940 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3121143946
[2010/03/26 01:51:25 | 000,012,940 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\2Q757bFxJ7S
[2010/03/26 01:42:03 | 000,012,940 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2Q757bFxJ7S
[2010/03/25 23:40:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/24 19:44:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/23 16:13:16 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/23 05:51:01 | 000,014,514 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\1365645513
[2010/03/23 05:51:01 | 000,014,514 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1365645513
[2010/03/23 05:48:07 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Emmett & Roz\Desktop\Shortcut to rkill(2).com.pif
[2010/03/23 05:47:24 | 000,014,522 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\1489984059
[2010/03/23 05:47:24 | 000,014,522 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1489984059
[2010/03/23 05:47:13 | 000,014,522 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\Mh3jm32txN
[2010/03/23 05:47:12 | 000,014,518 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Mh3jm32txN
[2010/03/23 05:46:14 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/22 21:43:20 | 000,200,704 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\128822158.dll
[2010/03/21 11:02:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/21 10:39:44 | 022,061,994 | ---- | M] () -- C:\Documents and Settings\Emmett & Roz\Desktop\YouTube- Michael Jackson - Bad.mp4
[2010/03/20 18:21:13 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/03/16 20:19:26 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/03/16 20:08:16 | 018,499,623 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.5-win32.exe
[2010/03/16 16:51:09 | 000,010,500 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\p4RkMAQM
[2010/03/16 16:51:09 | 000,010,500 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\p4RkMAQM
[2010/03/15 01:00:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/03/13 18:16:06 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\Emmett & Roz\Desktop\Microsoft Streets & Trips.lnk
[2010/03/13 17:36:55 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/13 06:38:08 | 000,013,250 | -HS- | M] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\Ofp41Kak
[2010/03/07 07:18:26 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\Emmett & Roz\Desktop\CCleaner.lnk
[2010/03/01 02:00:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[23 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/03/27 00:38:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Emmett & Roz\Desktop\xoswrl09.exe
[2010/03/26 01:51:33 | 000,012,952 | -HS- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\3121143946
[2010/03/26 01:51:33 | 000,012,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3060145843
[2010/03/26 01:50:14 | 000,012,940 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3121143946
[2010/03/26 01:50:14 | 000,012,940 | -HS- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\2Q757bFxJ7S
[2010/03/25 23:40:38 | 000,012,940 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\2Q757bFxJ7S
[2010/03/25 23:40:38 | 000,012,940 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2Q757bFxJ7S
[2010/03/23 05:49:08 | 000,014,514 | -HS- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\1365645513
[2010/03/23 05:49:08 | 000,014,514 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1365645513
[2010/03/23 05:48:23 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Emmett & Roz\Desktop\Shortcut to rkill(2).com.pif
[2010/03/23 05:47:23 | 000,014,522 | -HS- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\1489984059
[2010/03/23 05:47:23 | 000,014,522 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1489984059
[2010/03/23 05:46:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/23 05:46:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/23 05:46:10 | 000,014,518 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mh3jm32txN
[2010/03/22 21:53:30 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/22 21:37:20 | 000,200,704 | -HS- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\128822158.dll
[2010/03/22 21:36:59 | 000,014,522 | -HS- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\Mh3jm32txN
[2010/03/22 21:36:59 | 000,014,518 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Mh3jm32txN
[2010/03/21 10:39:43 | 022,061,994 | ---- | C] () -- C:\Documents and Settings\Emmett & Roz\Desktop\YouTube- Michael Jackson - Bad.mp4
[2010/03/18 18:57:54 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cac6ee7160a75a.job
[2010/03/16 20:19:26 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/03/16 19:56:37 | 018,499,623 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-1.0.5-win32.exe
[2010/03/16 16:46:39 | 000,010,500 | -HS- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\p4RkMAQM
[2010/03/16 16:46:39 | 000,010,500 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\p4RkMAQM
[2010/03/13 00:55:25 | 000,013,250 | -HS- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\Ofp41Kak
[2010/01/02 20:55:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
[2009/11/17 20:36:46 | 001,408,800 | ---- | C] () -- C:\Program Files\MoveMediaPlayerWin_071505000011.exe
[2009/09/06 09:44:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/05/16 19:22:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 17:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/13 19:30:19 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameZ.txt
[2007/07/02 20:21:36 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/07/02 20:21:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2007/06/26 22:03:43 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Emmett & Roz\Application Data\usb.dat.bin
[2007/04/08 16:14:12 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/26 22:32:31 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/03/18 16:31:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/02/02 19:53:01 | 000,111,376 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2007/02/02 19:53:01 | 000,040,752 | ---- | C] () -- C:\WINDOWS\System32\agcrypto.dll
[2007/01/28 22:21:31 | 000,000,158 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2007/01/28 22:21:30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2007/01/25 21:11:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/01/25 05:59:51 | 000,000,167 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/06 19:15:36 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/03 22:11:36 | 000,000,114 | ---- | C] () -- C:\WINDOWS\NVProfileManager.INI
[2007/01/03 22:11:19 | 000,000,108 | ---- | C] () -- C:\WINDOWS\NVMonitor.INI
[2007/01/02 00:32:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/01 22:36:40 | 000,000,080 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/01/01 22:35:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/13 01:48:18 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006/03/09 03:29:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/09 03:29:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/09 03:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/09 03:29:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/09 03:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/09 03:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/09 03:29:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/02/28 08:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2005/08/31 12:43:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2002/05/29 09:50:02 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
========== Custom Scans ==========
< MD5 for: NVATA.SYS >
[2006/03/16 06:51:32 | 000,099,840 | R--- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\LastGood\system32\DRIVERS\nvata.sys
[2006/03/16 06:51:32 | 000,099,840 | R--- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\system32\drivers\nvata.sys
[2006/03/16 06:51:32 | 000,099,840 | R--- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\nvata.sys
[2010/03/25 08:48:23 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=DC1F9954B5EDDD147AF7E5C420BE7B93 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvata.sys
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[23 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2007/01/11 14:47:42 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/01/11 19:12:16 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2007/01/11 14:47:42 | 018,612,224 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/01/11 14:47:42 | 007,077,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
========== Alternate Data Streams ==========
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BA6D322
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDBBA690
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E799D7F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73828A71
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDCEE6BF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948
< End of report >
shinybeast
2010-03-28, 00:30
Hi soar3,
OTL
Close all other open windows, then double-click OTL.exe to start OTL
Copy all of the text in the code box below and paste it in the white area under Custom Scans/Fixes (under the cyan line at the bottom of the window)
:otl
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[23 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BA6D322
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDBBA690
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E799D7F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73828A71
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDCEE6BF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948
:files
C:\Documents and Settings\All Users\Application Data\3060145843
C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\3121143946
C:\Documents and Settings\All Users\Application Data\3121143946
C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\2Q757bFxJ7S
C:\Documents and Settings\All Users\Application Data\2Q757bFxJ7S
C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\1365645513
C:\Documents and Settings\All Users\Application Data\1365645513
C:\Documents and Settings\Emmett & Roz\Desktop\Shortcut to rkill(2).com.pif
C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\1489984059
C:\Documents and Settings\All Users\Application Data\1489984059
C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\Mh3jm32txN
C:\Documents and Settings\All Users\Application Data\Mh3jm32txN
C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\128822158.dll
C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\p4RkMAQM
C:\Documents and Settings\All Users\Application Data\p4RkMAQM
C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\Ofp41Kak
:commands
[emptytemp]
Close all running programs except for OTL, including all browser windows.
Then click Run Fix at the top of the window.
Once done, OTL will require a reboot. Please allow it.
After reboot, the log should open. Please save the log and post it in your next reply.
ESET Online Scan
Before you begin:
Please use Internet Explorer for this scan.
Disable your anti-virus to avoid conflicts. Click here (http://www.bleepingcomputer.com/forums/topic114351.html) for instructions.
The scan will take quite some time. I suggest you run it when you do not need the computer for awhile.
Click here (http://www.eset.com/onlinescan/) to visit ESET Online Scanner then click http://i607.photobucket.com/albums/tt159/bnl68/cannedimages/esetos.png
In the new tab/window that opens, check YES, I accept the Terms of Use then click the green Start button
When prompted, allow the Add-On/Active X to install.
Under Computer Scan Settings do the following:
Ensure that Remove found threats is NOT checked
Ensure that Scan archives is checked.
Then click Advanced settings and ensure the following are checked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Click Start button.
The signature database will then be downloaded and the scan will start.
NOTE: Then scan will take quite some time; the more data to be scanned, the longer it will take. Please be patient.
When it is finished, ensure the Uninstall application on close box is NOT checked and click Finish button.
If you wish, you may uninstall the scanner through Add/Remove Progams after we are finished.
Copy the whole line in the code box below.
"%PROGRAMFILES%\ESET\ESET Online Scanner\log.txt"
Click Start, click Run... and paste the above line in the Open: field, then click OK
The log should open, if not, navigate to C:\Program Files\ESET\ESET Online Scanner\ and open the text file named log.
Copy and paste the log in your next reply.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
Still getting redirects?
Please reply with OTL log and ESET log.
I'm replying to you by way of cell phone now because since I did the last OTL fix, my computer is stuck in a continuous loop of blue screen of deaths. I cannot even boot into safe mode because when that screen comes up, I can't even select safe mode cuz my keyboard won't work for some reason. Sometimes the computer will try to boot to the desktop, but there is an OTL security prompt that comes up asking to either run or cancel. I have tried to check both and it would show me s OTL log for a second and then go to a memory dump BSOD. I tried to boot off of the Xp disk to but that is unsuccessful since my keyboard is being rendered useless. Please HELP!!!
shinybeast
2010-03-28, 04:46
I need to know if the computer was rebooted at any time after installing the chipset drivers but before OTL fix. I suspect the OTL fix is not responsible and the chipset driver might be. I'll come up with a plan after I get an answer from you. Also, does safe mode work or safe mode with command prompt work?
shinybeast
2010-03-28, 05:07
Sorry, I missed the safe mode info. Is the keyboard wireless?
Well, I made it back!! :) I don't really know what is going on, but I do believe that you are
right in saying that it may be something wrong with the chipset drivers. The way that I was able
to get the computer to finally boot into windows was to unplug my keyboard (which I told you was
not responding) and also disconnecting my modem from my computer. I then proceeded to plug both
devices back in and see what happened. The computer ran for about 10 minutes and I was able to
surf the internet and everything until I got another memory dump screen and BSOD. During the
reboot I unpluged both devices until Windows came back up and this time only replugged in my
keyboard. I haven't received any BSOD so something might be wrong with the chipset drivers for my
network adapters. Does this make sense? What should I do sense I never finished the OTL
procedure? However, when I was on the internet for the short period that I was allowed, I seem to
no longer be getting the redirections
This was the last OTL file that was posted after my reboot and when the problems started happening, also.
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\REN12BD.tmp deleted successfully.
C:\WINDOWS\System32\REN12BE.tmp deleted successfully.
C:\WINDOWS\System32\REN12BF.tmp deleted successfully.
C:\WINDOWS\System32\REN12C7.tmp deleted successfully.
C:\WINDOWS\System32\REN12C8.tmp deleted successfully.
C:\WINDOWS\System32\REN12C9.tmp deleted successfully.
C:\WINDOWS\System32\REN12EA.tmp deleted successfully.
C:\WINDOWS\System32\REN12EB.tmp deleted successfully.
C:\WINDOWS\System32\REN12EC.tmp deleted successfully.
C:\WINDOWS\System32\REN12F8.tmp deleted successfully.
C:\WINDOWS\System32\REN12F9.tmp deleted successfully.
C:\WINDOWS\System32\REN12FA.tmp deleted successfully.
C:\WINDOWS\System32\REN131C.tmp deleted successfully.
C:\WINDOWS\System32\REN131D.tmp deleted successfully.
C:\WINDOWS\System32\REN131E.tmp deleted successfully.
C:\WINDOWS\System32\SET1F.tmp deleted successfully.
C:\WINDOWS\System32\SET20B.tmp deleted successfully.
C:\WINDOWS\System32\SET20F.tmp deleted successfully.
C:\WINDOWS\System32\SET21B.tmp deleted successfully.
C:\WINDOWS\System32\SET21F.tmp deleted successfully.
C:\WINDOWS\System32\SET223.tmp deleted successfully.
C:\WINDOWS\System32\SET227.tmp deleted successfully.
C:\NV17522816.TMP folder deleted successfully.
C:\NV24963488.TMP folder deleted successfully.
C:\WINDOWS\NV11401156.TMP\nvtcp.sys deleted successfully.
C:\WINDOWS\NV11401156.TMP folder deleted successfully.
C:\WINDOWS\NV17001652.TMP\nvtcp.sys deleted successfully.
C:\WINDOWS\NV17001652.TMP folder deleted successfully.
C:\WINDOWS\NV36443720.TMP\nvtcp.sys deleted successfully.
C:\WINDOWS\NV36443720.TMP folder deleted successfully.
C:\WINDOWS\NV4706445548.TMP\nvtcp.sys deleted successfully.
C:\WINDOWS\NV4706445548.TMP folder deleted successfully.
C:\WINDOWS\SET29.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET37.tmp deleted successfully.
C:\WINDOWS\SET3A.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET46.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\SET81.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7BA6D322 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BDBBA690 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E799D7F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:73828A71 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CDCEE6BF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948 deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\3060145843 moved successfully.
C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\3121143946 moved successfully.
C:\Documents and Settings\All Users\Application Data\3121143946 moved successfully.
C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\2Q757bFxJ7S moved successfully.
C:\Documents and Settings\All Users\Application Data\2Q757bFxJ7S moved successfully.
C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\1365645513 moved successfully.
C:\Documents and Settings\All Users\Application Data\1365645513 moved successfully.
C:\Documents and Settings\Emmett & Roz\Desktop\Shortcut to rkill(2).com.pif moved successfully.
C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\1489984059 moved successfully.
C:\Documents and Settings\All Users\Application Data\1489984059 moved successfully.
C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\Mh3jm32txN moved successfully.
C:\Documents and Settings\All Users\Application Data\Mh3jm32txN moved successfully.
C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\128822158.dll moved successfully.
C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\p4RkMAQM moved successfully.
C:\Documents and Settings\All Users\Application Data\p4RkMAQM moved successfully.
C:\Documents and Settings\Emmett & Roz\Local Settings\Application Data\Ofp41Kak moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 2512612 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Emmett & Roz
->Temp folder emptied: 211632588 bytes
->Temporary Internet Files folder emptied: 10212013 bytes
->Java cache emptied: 963 bytes
->FireFox cache emptied: 90972474 bytes
->Flash cache emptied: 29159 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9947059 bytes
->Flash cache emptied: 1450 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57481267 bytes
->Java cache emptied: 70 bytes
->Flash cache emptied: 36886 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82117930 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 444.00 mb
OTL by OldTimer - Version 3.1.37.3 log created on 03272010_193248
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX6J4P6R\abcat0401000;dcopt=ist;id=abcat0401000;type=cat;brand=;sku=;subzone1=undefined;subzone2=undefined;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;ord=[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX6J4P6R\CA2RGX2F.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX6J4P6R\CAU866L5.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX6J4P6R\CAWIST87.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX6J4P6R\CAWPEBGJ.gsp%3Fcat%3D1060825&id=3458524882&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX6J4P6R\e-d-FT-d-PT-j-PERM-j-CONT%3Fsort%255Btype%255D%3Ddate%26api%26aggregateIndustry%3Dnull%26t%3D1260923378949%26iframe%26scrollTop&r=0&SIG=10vkhglr6;x-cookie=7bv5ir95vn335&o=4&f=36 not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX6J4P6R\fres_music_everywhere;sec0=playtime;sec1=shows;sec2=freshbeatband;sec3=games;sec4=fres_music_everywhere;pos=atf;flashName=fres_music_everywhere;tag=adj;mtype=standard;sz[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX6J4P6R\index;sec0=playtime;sec1=shows;sec2=umizoomi;sec3=index;pos=atf;flashName=pt_umiz;!category=team-umizoomi_showid;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-atf_flash[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\abcat0401000;dcopt=ist;id=abcat0401000;type=cat;brand=;sku=;subzone1=undefined;subzone2=undefined;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;ord=[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\abcat0401000;dcopt=ist;id=abcat0401004;type=cat;brand=;sku=;subzone1=abcat0401001;subzone2=abcat0401004;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\CA6RGDEJ.gsp%3Fcat%3D1060825&id=3458524882&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\dearprudence;dir=arts;dir=dearprudence;ad=336x90;del=js;ajax=n;heavy=n;pageId=slate-id-2237851;poe=yes;fromrss=n;rss=n;front=n;msn_refer=y;articleId=2237851;pos=336x90_2[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\index;sec0=playtime;sec1=cats;sec2=games;sec3=index;pos=atf;flashName=pt_games;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-atf_flashName-pt_games_tag-adj_mtype-standa[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\index;sec0=playtime;sec1=shows;sec2=backyardigans;sec3=index;pos=atf;flashName=pt_back;!category=back_showid;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-atf_flashName[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\index;sec0=playtime;sec1=shows;sec2=umizoomi;sec3=index;pos=atf;flashName=pt_umiz;!category=team-umizoomi_showid;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-atf_flash[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\leaderboard;dir=arts;dir=dearprudence;dir=leaderboard;ad=lb;del=js;ajax=n;heavy=n;pageId=slate-id-2237851;poe=yes;fromrss=n;rss=n;front=n;msn_refer=y;articleId=2237851;p[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\ll%26fromPageCatId%3D62055%26catNavId%3D62055&id=5463194158&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\umiz_milli_mini;sec0=playtime;sec1=shows;sec2=umizoomi;sec3=games;sec4=umiz_milli_mini;pos=atf;flashName=umiz_milli_mini;!category=team-umizoomi_showid;tag=adj;mtype=sta[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\abcat0401000;dcopt=ist;id=abcat0401001;type=cat;brand=;sku=;subzone1=abcat0401001;subzone2=undefined;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;o[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\CA0X4NIJ.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\CAJQRM7L.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\CASFQFIR.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\CASPQZOD.gsp%3Fcat%3D1060825&id=3458524882&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\chat_it_up;sec0=pc;sec1=connect;sec2=boards;sec3=bootcamp;sec4=family_holiday_ideas;sec5=chat_it_up;pos=atf;tag=adj;mtype=standard;sz=120x60;tile=3;u=pos-atf_tag-adj_mty[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\dearprudence;dir=arts;dir=dearprudence;ad=bb;del=js;ajax=n;heavy=n;pageId=slate-id-2237851;poe=yes;fromrss=n;rss=n;front=n;msn_refer=y;articleId=2237851;pos=bigbox_2;sz=[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\index;sec0=playtime;sec1=shows;sec2=freshbeatband;sec3=index;pos=atf;flashName=pt_fres;!category=fresh-beat-band_showid;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-at[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\rightflex;dir=arts;dir=dearprudence;dir=rightflex;ad=ss;ad=hp;ad=bb;del=js;ajax=n;heavy=n;pageId=slate-id-2237851;poe=yes;fromrss=n;rss=n;front=n;msn_refer=y;articleId=2[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\terms_of_use;sec0=about;sec1=terms_of_use;pos=btf;activity=terms-of-use;tile=13;node=survey;tag=adj;mtype=standard;sz=1x2;u=pos-btf_activity-terms-of-use_tile-13_node-su[1] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\U385MJ.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true&PV%21visitorActive=0 not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\_hp;sec0=_hp;pos=atf;category=home;activity=homepage;tile=2;tag=adj;mtype=standard;sz=300x250;u=pos-atf_category-home_activity-homepage_tile-2_tag-adj_mtype-standard_sz-[1] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\S563G5AF\back_mighty_knights;sec0=playtime;sec1=shows;sec2=backyardigans;sec3=games;sec4=back_mighty_knights;pos=atf;flashName=back_mighty_knights;tag=adj;mtype=standard;sz=728x9[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\S563G5AF\CAK163GX.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\S563G5AF\CAKT4NCB.gsp%3Fcat%3D1060825&id=3458524882&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\S563G5AF\chat_it_up;sec0=pc;sec1=connect;sec2=boards;sec3=bootcamp;sec4=family_holiday_ideas;sec5=chat_it_up;node=survey;pos=atf;tag=adj;mtype=standard;sz=1x2;tile=2;u=node-surve[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\S563G5AF\interstitial;sec0=playtime;sec1=interstitial;pos=atf;tag=adj;mtype=standard;sz=300x250;tile=1;;u=pos-atf_tag-adj_mtype-standard_sz-300x250_tile-1;ord=387092418847053950[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\S563G5AF\umiz_bot_mini;sec0=playtime;sec1=shows;sec2=umizoomi;sec3=games;sec4=umiz_bot_mini;pos=atf;flashName=umiz_bot_mini;!category=team-umizoomi_showid;tag=adj;mtype=standard;[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\M7GP6TM9\abcat0401000;dcopt=ist;id=abcat0401001;type=cat;brand=;sku=;subzone1=abcat0401001;subzone2=undefined;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;o[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\M7GP6TM9\CABIT8DP.gsp%3Fcat%3D1060825&id=3458524882&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\M7GP6TM9\midarticleflex;dir=arts;dir=dearprudence;dir=midarticleflex;ad=fb;ad=bb;del=js;ajax=n;dcopt=ist;ad=pop;heavy=n;pageId=slate-id-2237851;poe=yes;fromrss=n;rss=n;front=n;ms[1] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\M7GP6TM9\RM%26jobtype%3DCONT%26commitment%3DFT%26commitment%3DPT%26locations%3DMacomb%252C%2BMI%26country%3DUSA%26industry%3DFIN%26kw%3D&r=0&SIG=10vkhglr6;x-cookie=7bv5ir95vn335&o=4&f=36 not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\M7GP6TM9\terms_of_use;sec0=about;sec1=terms_of_use;pos=atf;activity=terms-of-use;tile=2;tag=adj;mtype=standard;sz=300x250;u=pos-atf_activity-terms-of-use_tile-2_tag-adj_mtype-sta[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\abcat0401000;dcopt=ist;id=abcat0401000;type=cat;brand=;sku=;subzone1=undefined;subzone2=undefined;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;ord=[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\abcat0401000;dcopt=ist;id=abcat0401001;type=cat;brand=;sku=;subzone1=abcat0401001;subzone2=undefined;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;o[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\abcat0401000;dcopt=ist;id=abcat0401004;type=cat;brand=;sku=;subzone1=abcat0401001;subzone2=abcat0401004;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\abcat0410000;dcopt=ist;id=abcat0410000;type=cat;brand=;sku=;subzone1=undefined;subzone2=undefined;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;ord=[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\CA8LANGH.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\CAOHQF67.gsp%3Fcat%3D1060825&id=3458524882&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\CAV7946H.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\dearprudence;dir=arts;dir=dearprudence;ad=mostread;del=js;ajax=n;heavy=n;pageId=slate-id-2237851;poe=yes;fromrss=n;rss=n;front=n;msn_refer=y;articleId=2237851;pos=mostre[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\index;sec0=games;sec1=backyardigans;sec2=all-themes;sec3=all-ages;sec4=index;activity=the-backyardigans-games;pos=atf;tag=adj;mtype=standard;sz=160x600;tile=2;;u=activit[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\index;sec0=playtime;sec1=shows;sec2=backyardigans;sec3=index;pos=atf;flashName=pt_back;!category=back_showid;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-atf_flashName[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\index;sec0=playtime;sec1=shows;sec2=umizoomi;sec3=index;pos=atf;flashName=pt_umiz;!category=team-umizoomi_showid;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-atf_flash[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\ll%26fromPageCatId%3D62055%26catNavId%3D62055&id=5463194158&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\terms_of_use;sec0=about;sec1=terms_of_use;pos=atf;activity=terms-of-use;tile=1;tag=adj;mtype=standard;sz=728x90;dcopt=ist;u=pos-atf_activity-terms-of-use_tile-1_tag-adj_[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\back_adventure;sec0=playtime;sec1=shows;sec2=backyardigans;sec3=games;sec4=back_adventure;pos=atf;flashName=back_adventure;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\CAC1A3UR.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\CAI5C30B.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\CAJDD7AQ.gsp%3Fcat%3D1060825&id=3458524882&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\CARIDOX7.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\chat_it_up;sec0=pc;sec1=connect;sec2=boards;sec3=bootcamp;sec4=family_holiday_ideas;sec5=chat_it_up;pos=atf;tag=adj;mtype=standard;sz=728x90;tile=1;u=pos-atf_tag-adj_mty[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\chat_it_up;sec0=pc;sec1=connect;sec2=boards;sec3=bootcamp;sec4=family_holiday_ideas;sec5=chat_it_up;pos=btf;tag=adj;mtype=standard;sz=300x250;tile=4;u=pos-btf_tag-adj_mt[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\dearprudence;dir=arts;dir=dearprudence;ad=lb;del=js;ajax=n;heavy=n;pageId=slate-id-2237851;poe=yes;fromrss=n;rss=n;front=n;msn_refer=y;articleId=2237851;pos=leaderboard_[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\index;sec0=games;sec1=backyardigans;sec2=all-themes;sec3=all-ages;sec4=index;activity=the-backyardigans-games;pos=atf;tag=adj;mtype=standard;sz=728x90;tile=1;dcopt=ist;;[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\index;sec0=playtime;sec1=shows;sec2=umizoomi;sec3=index;pos=atf;flashName=pt_umiz;!category=team-umizoomi_showid;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-atf_flash[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\ll%26fromPageCatId%3D62055%26catNavId%3D62055&id=5463194158&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDMBKTAV\abcat0400000;dcopt=ist;id=abcat0400000;type=cat;brand=;sku=;subzone1=undefined;subzone2=undefined;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;ord=[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDMBKTAV\abcat0401000;dcopt=ist;id=cat13504;type=cat;brand=;sku=;subzone1=abcat0401001;subzone2=abcat0401004;subzone3=cat13504;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;ord[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDMBKTAV\CAUYZRL0.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDMBKTAV\index;sec0=playtime;sec1=shows;sec2=umizoomi;sec3=index;pos=atf;flashName=pt_umiz;!category=team-umizoomi_showid;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-atf_flash[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDMBKTAV\terms_of_use;sec0=about;sec1=terms_of_use;pos=btf;activity=terms-of-use;tile=12;research=survey;tag=adj;mtype=standard;sz=1x2;u=pos-btf_activity-terms-of-use_tile-12_res[1] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDMBKTAV\umiz_bot_mini;sec0=playtime;sec1=shows;sec2=umizoomi;sec3=games;sec4=umiz_bot_mini;pos=atf;flashName=umiz_bot_mini;!category=team-umizoomi_showid;tag=adj;mtype=standard;[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDMBKTAV\_hp;sec0=_hp;pos=atf;category=home;activity=homepage;tile=1;tag=adj;mtype=standard;sz=728x90;dcopt=off;u=pos-atf_category-home_activity-homepage_tile-1_tag-adj_mtype-sta[2] not found!
Registry entries deleted on Reboot...
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX6J4P6R\abcat0401000;dcopt=ist;id=abcat0401000;type=cat;brand=;sku=;subzone1=undefined;subzone2=undefined;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;ord=[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX6J4P6R\CA2RGX2F.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX6J4P6R\CAU866L5.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX6J4P6R\CAWIST87.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX6J4P6R\CAWPEBGJ.gsp%3Fcat%3D1060825&id=3458524882&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX6J4P6R\e-d-FT-d-PT-j-PERM-j-CONT%3Fsort%255Btype%255D%3Ddate%26api%26aggregateIndustry%3Dnull%26t%3D1260923378949%26iframe%26scrollTop&r=0&SIG=10vkhglr6;x-cookie=7bv5ir95vn335&o=4&f=36 not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX6J4P6R\fres_music_everywhere;sec0=playtime;sec1=shows;sec2=freshbeatband;sec3=games;sec4=fres_music_everywhere;pos=atf;flashName=fres_music_everywhere;tag=adj;mtype=standard;sz[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX6J4P6R\index;sec0=playtime;sec1=shows;sec2=umizoomi;sec3=index;pos=atf;flashName=pt_umiz;!category=team-umizoomi_showid;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-atf_flash[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\abcat0401000;dcopt=ist;id=abcat0401000;type=cat;brand=;sku=;subzone1=undefined;subzone2=undefined;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;ord=[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\abcat0401000;dcopt=ist;id=abcat0401004;type=cat;brand=;sku=;subzone1=abcat0401001;subzone2=abcat0401004;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\CA6RGDEJ.gsp%3Fcat%3D1060825&id=3458524882&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\dearprudence;dir=arts;dir=dearprudence;ad=336x90;del=js;ajax=n;heavy=n;pageId=slate-id-2237851;poe=yes;fromrss=n;rss=n;front=n;msn_refer=y;articleId=2237851;pos=336x90_2[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\index;sec0=playtime;sec1=cats;sec2=games;sec3=index;pos=atf;flashName=pt_games;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-atf_flashName-pt_games_tag-adj_mtype-standa[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\index;sec0=playtime;sec1=shows;sec2=backyardigans;sec3=index;pos=atf;flashName=pt_back;!category=back_showid;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-atf_flashName[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\index;sec0=playtime;sec1=shows;sec2=umizoomi;sec3=index;pos=atf;flashName=pt_umiz;!category=team-umizoomi_showid;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-atf_flash[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\leaderboard;dir=arts;dir=dearprudence;dir=leaderboard;ad=lb;del=js;ajax=n;heavy=n;pageId=slate-id-2237851;poe=yes;fromrss=n;rss=n;front=n;msn_refer=y;articleId=2237851;p[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\ll%26fromPageCatId%3D62055%26catNavId%3D62055&id=5463194158&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\UXCXW78Z\umiz_milli_mini;sec0=playtime;sec1=shows;sec2=umizoomi;sec3=games;sec4=umiz_milli_mini;pos=atf;flashName=umiz_milli_mini;!category=team-umizoomi_showid;tag=adj;mtype=sta[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\abcat0401000;dcopt=ist;id=abcat0401001;type=cat;brand=;sku=;subzone1=abcat0401001;subzone2=undefined;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;o[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\CA0X4NIJ.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\CAJQRM7L.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\CASFQFIR.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\CASPQZOD.gsp%3Fcat%3D1060825&id=3458524882&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\chat_it_up;sec0=pc;sec1=connect;sec2=boards;sec3=bootcamp;sec4=family_holiday_ideas;sec5=chat_it_up;pos=atf;tag=adj;mtype=standard;sz=120x60;tile=3;u=pos-atf_tag-adj_mty[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\dearprudence;dir=arts;dir=dearprudence;ad=bb;del=js;ajax=n;heavy=n;pageId=slate-id-2237851;poe=yes;fromrss=n;rss=n;front=n;msn_refer=y;articleId=2237851;pos=bigbox_2;sz=[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\index;sec0=playtime;sec1=shows;sec2=freshbeatband;sec3=index;pos=atf;flashName=pt_fres;!category=fresh-beat-band_showid;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-at[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\rightflex;dir=arts;dir=dearprudence;dir=rightflex;ad=ss;ad=hp;ad=bb;del=js;ajax=n;heavy=n;pageId=slate-id-2237851;poe=yes;fromrss=n;rss=n;front=n;msn_refer=y;articleId=2[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\terms_of_use;sec0=about;sec1=terms_of_use;pos=btf;activity=terms-of-use;tile=13;node=survey;tag=adj;mtype=standard;sz=1x2;u=pos-btf_activity-terms-of-use_tile-13_node-su[1] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\U385MJ.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true&PV%21visitorActive=0 not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\SP23SPAN\_hp;sec0=_hp;pos=atf;category=home;activity=homepage;tile=2;tag=adj;mtype=standard;sz=300x250;u=pos-atf_category-home_activity-homepage_tile-2_tag-adj_mtype-standard_sz-[1] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\S563G5AF\back_mighty_knights;sec0=playtime;sec1=shows;sec2=backyardigans;sec3=games;sec4=back_mighty_knights;pos=atf;flashName=back_mighty_knights;tag=adj;mtype=standard;sz=728x9[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\S563G5AF\CAK163GX.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\S563G5AF\CAKT4NCB.gsp%3Fcat%3D1060825&id=3458524882&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\S563G5AF\chat_it_up;sec0=pc;sec1=connect;sec2=boards;sec3=bootcamp;sec4=family_holiday_ideas;sec5=chat_it_up;node=survey;pos=atf;tag=adj;mtype=standard;sz=1x2;tile=2;u=node-surve[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\S563G5AF\interstitial;sec0=playtime;sec1=interstitial;pos=atf;tag=adj;mtype=standard;sz=300x250;tile=1;;u=pos-atf_tag-adj_mtype-standard_sz-300x250_tile-1;ord=387092418847053950[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\S563G5AF\umiz_bot_mini;sec0=playtime;sec1=shows;sec2=umizoomi;sec3=games;sec4=umiz_bot_mini;pos=atf;flashName=umiz_bot_mini;!category=team-umizoomi_showid;tag=adj;mtype=standard;[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\M7GP6TM9\abcat0401000;dcopt=ist;id=abcat0401001;type=cat;brand=;sku=;subzone1=abcat0401001;subzone2=undefined;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;o[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\M7GP6TM9\CABIT8DP.gsp%3Fcat%3D1060825&id=3458524882&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\M7GP6TM9\midarticleflex;dir=arts;dir=dearprudence;dir=midarticleflex;ad=fb;ad=bb;del=js;ajax=n;dcopt=ist;ad=pop;heavy=n;pageId=slate-id-2237851;poe=yes;fromrss=n;rss=n;front=n;ms[1] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\M7GP6TM9\RM%26jobtype%3DCONT%26commitment%3DFT%26commitment%3DPT%26locations%3DMacomb%252C%2BMI%26country%3DUSA%26industry%3DFIN%26kw%3D&r=0&SIG=10vkhglr6;x-cookie=7bv5ir95vn335&o=4&f=36 not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\M7GP6TM9\terms_of_use;sec0=about;sec1=terms_of_use;pos=atf;activity=terms-of-use;tile=2;tag=adj;mtype=standard;sz=300x250;u=pos-atf_activity-terms-of-use_tile-2_tag-adj_mtype-sta[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\abcat0401000;dcopt=ist;id=abcat0401000;type=cat;brand=;sku=;subzone1=undefined;subzone2=undefined;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;ord=[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\abcat0401000;dcopt=ist;id=abcat0401001;type=cat;brand=;sku=;subzone1=abcat0401001;subzone2=undefined;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;o[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\abcat0401000;dcopt=ist;id=abcat0401004;type=cat;brand=;sku=;subzone1=abcat0401001;subzone2=abcat0401004;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\abcat0410000;dcopt=ist;id=abcat0410000;type=cat;brand=;sku=;subzone1=undefined;subzone2=undefined;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;ord=[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\CA8LANGH.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\CAOHQF67.gsp%3Fcat%3D1060825&id=3458524882&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\CAV7946H.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\dearprudence;dir=arts;dir=dearprudence;ad=mostread;del=js;ajax=n;heavy=n;pageId=slate-id-2237851;poe=yes;fromrss=n;rss=n;front=n;msn_refer=y;articleId=2237851;pos=mostre[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\index;sec0=games;sec1=backyardigans;sec2=all-themes;sec3=all-ages;sec4=index;activity=the-backyardigans-games;pos=atf;tag=adj;mtype=standard;sz=160x600;tile=2;;u=activit[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\index;sec0=playtime;sec1=shows;sec2=backyardigans;sec3=index;pos=atf;flashName=pt_back;!category=back_showid;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-atf_flashName[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\index;sec0=playtime;sec1=shows;sec2=umizoomi;sec3=index;pos=atf;flashName=pt_umiz;!category=team-umizoomi_showid;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-atf_flash[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\ll%26fromPageCatId%3D62055%26catNavId%3D62055&id=5463194158&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\IJ4B2LEX\terms_of_use;sec0=about;sec1=terms_of_use;pos=atf;activity=terms-of-use;tile=1;tag=adj;mtype=standard;sz=728x90;dcopt=ist;u=pos-atf_activity-terms-of-use_tile-1_tag-adj_[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\back_adventure;sec0=playtime;sec1=shows;sec2=backyardigans;sec3=games;sec4=back_adventure;pos=atf;flashName=back_adventure;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\CAC1A3UR.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\CAI5C30B.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\CAJDD7AQ.gsp%3Fcat%3D1060825&id=3458524882&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\CARIDOX7.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\chat_it_up;sec0=pc;sec1=connect;sec2=boards;sec3=bootcamp;sec4=family_holiday_ideas;sec5=chat_it_up;pos=atf;tag=adj;mtype=standard;sz=728x90;tile=1;u=pos-atf_tag-adj_mty[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\chat_it_up;sec0=pc;sec1=connect;sec2=boards;sec3=bootcamp;sec4=family_holiday_ideas;sec5=chat_it_up;pos=btf;tag=adj;mtype=standard;sz=300x250;tile=4;u=pos-btf_tag-adj_mt[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\dearprudence;dir=arts;dir=dearprudence;ad=lb;del=js;ajax=n;heavy=n;pageId=slate-id-2237851;poe=yes;fromrss=n;rss=n;front=n;msn_refer=y;articleId=2237851;pos=leaderboard_[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\index;sec0=games;sec1=backyardigans;sec2=all-themes;sec3=all-ages;sec4=index;activity=the-backyardigans-games;pos=atf;tag=adj;mtype=standard;sz=728x90;tile=1;dcopt=ist;;[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\index;sec0=playtime;sec1=shows;sec2=umizoomi;sec3=index;pos=atf;flashName=pt_umiz;!category=team-umizoomi_showid;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-atf_flash[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\ID4ZMDCX\ll%26fromPageCatId%3D62055%26catNavId%3D62055&id=5463194158&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDMBKTAV\abcat0400000;dcopt=ist;id=abcat0400000;type=cat;brand=;sku=;subzone1=undefined;subzone2=undefined;subzone3=undefined;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;ord=[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDMBKTAV\abcat0401000;dcopt=ist;id=cat13504;type=cat;brand=;sku=;subzone1=abcat0401001;subzone2=abcat0401004;subzone3=cat13504;subzone4=undefined;pos=top;tile=1;sz=728x90,1x1;ord[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDMBKTAV\CAUYZRL0.gsp%3Fcat%3D62055&id=4985630401&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-electronics-sales-english&activePlugin=none&cobrowse=true not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDMBKTAV\index;sec0=playtime;sec1=shows;sec2=umizoomi;sec3=index;pos=atf;flashName=pt_umiz;!category=team-umizoomi_showid;tag=adj;mtype=standard;sz=728x90;tile=1;;u=pos-atf_flash[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDMBKTAV\terms_of_use;sec0=about;sec1=terms_of_use;pos=btf;activity=terms-of-use;tile=12;research=survey;tag=adj;mtype=standard;sz=1x2;u=pos-btf_activity-terms-of-use_tile-12_res[1] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDMBKTAV\umiz_bot_mini;sec0=playtime;sec1=shows;sec2=umizoomi;sec3=games;sec4=umiz_bot_mini;pos=atf;flashName=umiz_bot_mini;!category=team-umizoomi_showid;tag=adj;mtype=standard;[2] not found!
File\Folder C:\Documents and Settings\Emmett & Roz\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDMBKTAV\_hp;sec0=_hp;pos=atf;category=home;activity=homepage;tile=1;tag=adj;mtype=standard;sz=728x90;dcopt=off;u=pos-atf_category-home_activity-homepage_tile-1_tag-adj_mtype-sta[2] not found!
Registry entries deleted on Reboot...
shinybeast
2010-03-28, 07:32
Hi soar3,
Sorry for the strife. :sad:
Forget about the OTL fix for now. We'll get back to that after we get the computer stable.
The replaced drivers seem to be conflicting with drivers on the computer.
I recommend uninstalling drivers for all devices on the motherboard in Device Manager (click Start, click Run..., type devmgmt.msc and press Enter) and then reinstall them (drivers for all devices that are on that driver disc - chipset, network, sound, etc.) after getting latest drivers for your motherboard from here (http://www.foxconnchannel.com/product/Motherboards/detail_overview.aspx?ID=en-us0000172) (if that is indeed your motherboard). If you have the option, install chipset first, then the others.
I suggest you back up important data before going any further, just in case.
How do I delete just the drivers for the motherboard? I've never done that and I don't want to delete something that I don't have to. In device manager, what am I looking for specifically?
shinybeast
2010-03-28, 07:51
Good question.
Before I can answer, I need to confirm that link to Foxconn in my previous post is your motherboard.
http://www.foxconnchannel.com/product/Motherboards/detail_overview.aspx?ID=en-us0000172
It's hard for me to download the drivers now since my computer keeps wanting to reboot after only a few minutes of being online. I'm managing responding to you with continually getting the BSOD and then logging in a response before I get disconnected. Do you really think I need to download the drivers or just loss them off of the disk I have that came with the motherboard? I just need to know which ones to delete.
shinybeast
2010-03-28, 09:03
OK
I want to pause here and seek a second opinion before you do anything else. I do not want the situation to become worse.
In the mean time, I have some questions.
What drivers did you install from the disc? What drivers are available to install from the disc?
Do you get BSODs if you run the computer without connecting the modem?
Do you have access to a PS/2 keyboard?
The drivers I installed are the NVIDIA nforce drivers and it asks to " Install these drivers sequentially, from top to bottom. NVIDIA nforce drivers (ethernet, IDE, RAID, and more) " That is the only option it has to select from and that is the one I selected.
The computer stays running as long as I don't plug into my modem without a problem. When I first did the reinstall of the nsvsds file I did hv an issue with getting online, but I deleted the network adapter and reinstated that driver and everything was fine. No BSOD and no keyboard malfunctions until I ran the OTL fix. However, it seems like the networking aspect of my computer is at question, but my keyboard is non responsive when I boot my computer up and try to select safe mode or to try and boot from a disk. I have never had this problem before. Also, the keyboard will function and let me get in to modify my BIOS, though. WEIRD!
No, I do not have a Ps/2 keyboard, just a Usb on.
shinybeast
2010-03-28, 17:54
If you can get the computer to work normally with modem disconnected, I strongly suggest you back up any important data on C: drive.
I'll post again once I get some more opinions.
I ran a backup on my computer all night without any problems with the modem disconnected. I deleted and reinstalled my network adapters this morning and my computer stayed online and functioning until I decided to try and reboot and see what happens. After rebooting, the computer would only stay online for 10-15 mins and sometimes even shorter. I still do not have the option to get into Safe Mode which I'm starting to believe is not a keyboard issue since my keyboard is working fine. Maybe there was a file corrupted or deleted that has changed my boot.ini file of some sort.
shinybeast
2010-03-28, 18:32
Hi soar3,
See if you can stay online long enough to download TDSSKiller. Then disconnect the modem and run it. Post back with the log.
TDSSKiller
Click here (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) to download TDSSKiller to your desktop.
Extract TDSSKiller.zip to your desktop so that TDSSKiller.exe is on your desktop (not in a folder).
NOTE: Close all running programs as a reboot may be necessary.
Copy the text in code box below.
"%userprofile%\Desktop\TDSSKiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
Click Start, click Run... and paste the above command in the Open: box and click OK.
If TDSSKiller finds something, allow it to delete what it finds.
Once the tool is finished, press any key to continue and allow the computer to reboot if necessary.
Locate the log, tdskiller.txt, on your desktop and post the contents of that log in your next reply.
17:29:21:046 3924 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
17:29:21:046 3924 ================================================================================
17:29:21:046 3924 SystemInfo:
17:29:21:046 3924 OS Version: 5.1.2600 ServicePack: 2.0
17:29:21:046 3924 Product type: Workstation
17:29:21:046 3924 ComputerName: AMD
17:29:21:046 3924 UserName: Emmett & Roz
17:29:21:046 3924 Windows directory: C:\WINDOWS
17:29:21:046 3924 Processor architecture: Intel x86
17:29:21:046 3924 Number of processors: 2
17:29:21:046 3924 Page size: 0x1000
17:29:21:046 3924 Boot type: Normal boot
17:29:21:046 3924 ================================================================================
17:29:21:046 3924 UnloadDriverW: NtUnloadDriver error 2
17:29:21:046 3924 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
17:29:21:156 3924 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
17:29:21:156 3924 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:29:21:156 3924 wfopen_ex: Trying to KLMD file open
17:29:21:156 3924 wfopen_ex: File opened ok (Flags 2)
17:29:21:156 3924 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
17:29:21:156 3924 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:29:21:156 3924 wfopen_ex: Trying to KLMD file open
17:29:21:156 3924 wfopen_ex: File opened ok (Flags 2)
17:29:21:156 3924 Initialize success
17:29:21:156 3924
17:29:21:156 3924 Scanning Services ...
17:29:21:187 3924 Raw services enum returned 344 services
17:29:21:203 3924
17:29:21:203 3924 Scanning Kernel memory ...
17:29:21:203 3924 Devices to scan: 10
17:29:21:203 3924
17:29:21:203 3924 Driver Name: Disk
17:29:21:203 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:203 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:203 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:203 3924 IRP_MJ_READ : BA908D9B
17:29:21:203 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:203 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:203 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:203 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:203 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:203 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:203 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:203 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:203 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:203 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:203 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:203 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:203 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:203 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:203 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:203 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:203 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:203 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:203 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:203 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:203 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:203 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:203 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:203 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:218 3924
17:29:21:218 3924 Driver Name: Disk
17:29:21:218 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:218 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:218 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:218 3924 IRP_MJ_READ : BA908D9B
17:29:21:218 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:218 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:218 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:218 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:218 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:218 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:218 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:218 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:218 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:218 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:218 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:218 3924
17:29:21:218 3924 Driver Name: Disk
17:29:21:218 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:218 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:218 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:218 3924 IRP_MJ_READ : BA908D9B
17:29:21:218 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:218 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:218 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:218 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:218 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:218 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:218 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:218 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:218 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:218 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:218 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:218 3924
17:29:21:218 3924 Driver Name: USBSTOR
17:29:21:218 3924 IRP_MJ_CREATE : ADC63218
17:29:21:218 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:218 3924 IRP_MJ_CLOSE : ADC63218
17:29:21:218 3924 IRP_MJ_READ : ADC6323C
17:29:21:218 3924 IRP_MJ_WRITE : ADC6323C
17:29:21:218 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:218 3924 IRP_MJ_FLUSH_BUFFERS : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:218 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_DEVICE_CONTROL : ADC63180
17:29:21:218 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : ADC5E9E6
17:29:21:218 3924 IRP_MJ_SHUTDOWN : 804F4456
17:29:21:218 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:218 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:218 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:218 3924 IRP_MJ_POWER : ADC625F0
17:29:21:218 3924 IRP_MJ_SYSTEM_CONTROL : ADC60A6E
17:29:21:218 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:218 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:218 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: USBSTOR
17:29:21:234 3924 IRP_MJ_CREATE : ADC63218
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:234 3924 IRP_MJ_CLOSE : ADC63218
17:29:21:234 3924 IRP_MJ_READ : ADC6323C
17:29:21:234 3924 IRP_MJ_WRITE : ADC6323C
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : ADC63180
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : ADC5E9E6
17:29:21:234 3924 IRP_MJ_SHUTDOWN : 804F4456
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_POWER : ADC625F0
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : ADC60A6E
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: USBSTOR
17:29:21:234 3924 IRP_MJ_CREATE : ADC63218
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:234 3924 IRP_MJ_CLOSE : ADC63218
17:29:21:234 3924 IRP_MJ_READ : ADC6323C
17:29:21:234 3924 IRP_MJ_WRITE : ADC6323C
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : ADC63180
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : ADC5E9E6
17:29:21:234 3924 IRP_MJ_SHUTDOWN : 804F4456
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_POWER : ADC625F0
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : ADC60A6E
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: Disk
17:29:21:234 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:234 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:234 3924 IRP_MJ_READ : BA908D9B
17:29:21:234 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:234 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: Disk
17:29:21:234 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:234 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:234 3924 IRP_MJ_READ : BA908D9B
17:29:21:234 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:234 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: Disk
17:29:21:234 3924 IRP_MJ_CREATE : BA90EC30
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : 804F4456
17:29:21:234 3924 IRP_MJ_CLOSE : BA90EC30
17:29:21:234 3924 IRP_MJ_READ : BA908D9B
17:29:21:234 3924 IRP_MJ_WRITE : BA908D9B
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_EA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_EA : 804F4456
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : BA909366
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : 804F4456
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : BA90944D
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CFC3
17:29:21:234 3924 IRP_MJ_SHUTDOWN : BA909366
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : 804F4456
17:29:21:234 3924 IRP_MJ_CLEANUP : 804F4456
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_SET_SECURITY : 804F4456
17:29:21:234 3924 IRP_MJ_POWER : BA90AEF3
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : BA90FA24
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : 804F4456
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : 804F4456
17:29:21:234 3924 IRP_MJ_SET_QUOTA : 804F4456
17:29:21:234 3924 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
17:29:21:234 3924
17:29:21:234 3924 Driver Name: nvata
17:29:21:234 3924 IRP_MJ_CREATE : BA6F2894
17:29:21:234 3924 IRP_MJ_CREATE_NAMED_PIPE : BA6F2874
17:29:21:234 3924 IRP_MJ_CLOSE : BA6F2894
17:29:21:234 3924 IRP_MJ_READ : BA6F2874
17:29:21:234 3924 IRP_MJ_WRITE : BA6F2874
17:29:21:234 3924 IRP_MJ_QUERY_INFORMATION : BA6F2874
17:29:21:234 3924 IRP_MJ_SET_INFORMATION : BA6F2874
17:29:21:234 3924 IRP_MJ_QUERY_EA : BA6F2874
17:29:21:234 3924 IRP_MJ_SET_EA : BA6F2874
17:29:21:234 3924 IRP_MJ_FLUSH_BUFFERS : BA6F2874
17:29:21:234 3924 IRP_MJ_QUERY_VOLUME_INFORMATION : BA6F2874
17:29:21:234 3924 IRP_MJ_SET_VOLUME_INFORMATION : BA6F2874
17:29:21:234 3924 IRP_MJ_DIRECTORY_CONTROL : BA6F2874
17:29:21:234 3924 IRP_MJ_FILE_SYSTEM_CONTROL : BA6F2874
17:29:21:234 3924 IRP_MJ_DEVICE_CONTROL : BA6F28AE
17:29:21:234 3924 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA6F2D4E
17:29:21:234 3924 IRP_MJ_SHUTDOWN : BA6F2874
17:29:21:234 3924 IRP_MJ_LOCK_CONTROL : BA6F2874
17:29:21:234 3924 IRP_MJ_CLEANUP : BA6F2874
17:29:21:234 3924 IRP_MJ_CREATE_MAILSLOT : BA6F2874
17:29:21:234 3924 IRP_MJ_QUERY_SECURITY : BA6F2874
17:29:21:234 3924 IRP_MJ_SET_SECURITY : BA6F2874
17:29:21:234 3924 IRP_MJ_POWER : BA6F2CEE
17:29:21:234 3924 IRP_MJ_SYSTEM_CONTROL : BA6F2A7C
17:29:21:234 3924 IRP_MJ_DEVICE_CHANGE : BA6F2874
17:29:21:234 3924 IRP_MJ_QUERY_QUOTA : BA6F2874
17:29:21:234 3924 IRP_MJ_SET_QUOTA : BA6F2874
17:29:21:250 3924 C:\WINDOWS\system32\DRIVERS\nvata.sys - Verdict: 1
17:29:21:250 3924
17:29:21:250 3924 Completed
17:29:21:250 3924
17:29:21:250 3924 Results:
17:29:21:250 3924 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
17:29:21:250 3924 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:29:21:250 3924 File objects infected / cured / cured on reboot: 0 / 0 / 0
17:29:21:250 3924
17:29:21:250 3924 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
17:29:21:250 3924 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
17:29:21:250 3924 KLMD(ARK) unloaded successfully
shinybeast
2010-03-29, 02:01
Boot.ini Check
We can check the current state of the Boot.ini file to check if it is corrupted or not as follows:
Open Notepad.
Copy and Paste everything from the Code Box below into Notepad: <----Start >> Run... type in notepad and select OK
@Echo off
xcopy C:\boot.ini "%userprofile%\desktop\" /h
attrib -s -h "%userprofile%\desktop\boot.ini"
ren "%userprofile%\desktop\boot.ini" bootini.txt
Del %0
Go to File >> Save As
Save File name as "Look.bat" <-- Make sure to include the apostrophes.
Change Save as Type to All Files and save the file to your Desktop.
It should look like this: http://i223.photobucket.com/albums/dd202/Dakeyras_album/LookBat.gif
Now double click on the desktop Look.bat to run the batch file. It will self-delete when completed and produce a notepad text file named bootini on your desktop.
Please post bootini.txt and answer the following question.
Can you remember if the computer was rebooted at any time after the driver install but before the OTL fix? I asked this earlier but did not get an answer.
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
Sorry for not answering, but yes the computer was rebooted after the drivers were installed.
shinybeast
2010-03-29, 03:01
OK, that looks good.
I notice you have NVIDIA ForceWare Network Access Manager installed. It is known to be buggy and cause issues. It is also unnecessary. I recommend you uninstall it and see if that helps. If that does not help, then try reinstalling motherboard drivers but do not install Network Access Manager.
Otherwise, I think I may be out of ideas. I can recommend a forum to seek further assistance or you can reformat and reinstall Windows or take the computer to a shop.
Let me know the outcome and/or what you decide to do.
I went into msconfig and changed the way my computer boots and was able to then get to the Safe Mode screen and safe mode itself. Safe mode worked fine and then I rebooted into Safe Mode with networking to see what would happen with my modem plugged in. I once again got the BSOD page displaying " unknown hard error. Beginning dump of physical memory" .
Well, all I can say is I wish I didn't do that last OTL run because I didn't have these issues with my computer ever before. If you do have a good forum to suggest for help, I'm open for suggestions. Thanks for your patience.
shinybeast
2010-03-29, 04:31
OK, we can undo the OTL fix and see what that does.
Please run this command.
Copy the text in the codebox below.
dir /s C:\_OTL >> "%userprofile%\Desktop\files.txt"
Click Start, click Run..., paste the above command in the Open: field and press Enter.
A text file named files should appear on the desktop. Post the contents of that file in your next reply.
I'm getting an error saying....Wiindows cannot find file dir. Make sure you typed the name correctly
shinybeast
2010-03-29, 05:13
Hi soar3,
Try this
cmd /c dir /s C:\_OTL >> "%userprofile%\Desktop\files.txt"
Volume in drive C has no label.
Volume Serial Number is B429-ECEA
shinybeast
2010-03-29, 05:32
You didn't save OTL to the desktop.
Try this.
cmd /c dir /s D:\_OTL >> "%userprofile%\Desktop\files.txt"
Volume in drive C has no label.
Volume Serial Number is B429-ECEA
Volume in drive D is Programs
Volume Serial Number is 0477-52EC
Directory of D:\_OTL
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> MovedFiles
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> 03272010_193248
03/28/2010 09:35 PM 142,526 03272010_193248.log
1 File(s) 142,526 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> C_Documents and Settings
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> All Users
03/27/2010 07:32 PM <DIR> Emmett & Roz
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\All Users
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Application Data
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\All Users\Application Data
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Desktop
03/27/2010 07:32 PM <DIR> Local Settings
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Desktop
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/23/2010 05:48 AM 2,855 Shortcut to rkill(2).com.pif
1 File(s) 2,855 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Local Settings
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Application Data
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Local Settings\Application Data
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
2 File(s) 145,381 bytes
29 Dir(s) 91,043,721,216 bytes free
Volume in drive D is Programs
Volume Serial Number is 0477-52EC
Directory of D:\_OTL
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> MovedFiles
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> 03272010_193248
03/28/2010 09:35 PM 142,526 03272010_193248.log
1 File(s) 142,526 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> C_Documents and Settings
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> All Users
03/27/2010 07:32 PM <DIR> Emmett & Roz
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\All Users
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Application Data
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\All Users\Application Data
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Desktop
03/27/2010 07:32 PM <DIR> Local Settings
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Desktop
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/23/2010 05:48 AM 2,855 Shortcut to rkill(2).com.pif
1 File(s) 2,855 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Local Settings
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
03/27/2010 07:32 PM <DIR> Application Data
0 File(s) 0 bytes
Directory of D:\_OTL\MovedFiles\03272010_193248\C_Documents and Settings\Emmett & Roz\Local Settings\Application Data
03/27/2010 07:32 PM <DIR> .
03/27/2010 07:32 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
2 File(s) 145,381 bytes
29 Dir(s) 91,043,581,952 bytes free
shinybeast
2010-03-29, 05:57
Nothing much there but empty folders. We can try System Restore to before the drivers were installed and OTL fix run. This may or may not fix things and could restore the infection as well. Before we try that...
I went into msconfig and changed the way my computer boots and was able to then get to the Safe Mode screen and safe mode itself. Safe mode worked fine and then I rebooted into Safe Mode with networking to see what would happen with my modem plugged in.
What did you do in MSCONFIG to allow safe mode to boot?
I deselected Selective Startup and then selected Diagnostic setup. I have now been booting into plain normal startup.
However, I had already looked into using System Restore, but for some reason my restore was turned off and the restore points that I had this morning are gone. I was p#@@ed off!!!!
shinybeast
2010-03-29, 06:53
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16610416650092544)
OTL successfully created a restore point when you first ran it.
Did you turn off System Restore?
Also, System Restore will probably not run under diagnostic startup as the services needed for it will probably not be running.
What do you think about this?
I notice you have NVIDIA ForceWare Network Access Manager installed. It is known to be buggy and cause issues. It is also unnecessary. I recommend you uninstall it and see if that helps. If that does not help, then try reinstalling motherboard drivers but do not install Network Access Manager.
Sorry for the delayed reply, but its hard using my phone to talk like this.
No, I did not turn off system restore and I did try to delete the NVIDIA software that u suggested, but it still shows up in the add/remove program listing and seems to never finish uninstalling.
shinybeast
2010-03-30, 07:14
Hello soar3,
I'm sorry that the computer is in such a bad state. Did you try to uninstall while in diagnostic startup? You would need to do that after changing back to Selective or Normal startup.
I wish those restore points were there. Once System Restore is turned off, all restore points are deleted.
If, at this point, reinstalling the motherboard's drivers like you did originally (in selective or normal startup mode) does not work, my best advice is to reformat and reinstall Windows. You had a rootkit infection and it could have made changes that jeopardize the computer's security going forward even if you were to solve the current issue.
You said you could get into BIOS setup, correct?
Yes, I can get into my BIOS without any problem. Why do you ask? Is there something I should look for or change?
shinybeast
2010-03-30, 17:07
I asked because if you can get into BIOS setup, you can reformat and reinstall Windows. That's probably the best option at this point. The only other thing to do is diagnose the blue screen and find out what is causing it, which I cannot do.
If you are against reformatting and re-installing Windows, I suggest you try one of these sites and post in the appropriate forum.
Registration is free and so is the help.
BleepingComputer.com (http://www.bleepingcomputer.com/forums/)
What The Tech (http://forums.whatthetech.com/forums.html)
Techguy.org (http://forums.techguy.org/)
The Elder Geek on Windows (http://www.theeldergeek.com/forum/)
You said you built the computer yourself, so you should have experience installing Windows.
A tutorial on re-formatting and re-installing Windows can be found at http://forums.whatthetech.com/How_Reformat_Reinstall_your_Operating_System_t91962.html
Implementing the following suggestions will greatly reduce your chances of malware problems in the future.
Update Windows
It is important to keep Windows and Microsoft programs updated to close vulnerabilities as they are discovered.
I suggest that you occasionally visit Microsoft Update and install all important updates. Please visit Microsoft Update as soon as possible as described below.
Close all windows and temporarily disable your anti-virus (usually through a tray icon)
Use Internet Explorer to visit this site: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-US
Once the page loads follow instructions to install all critical updates. You may need to repeat this process until fully updated.
Keep installed programs up to date
Anti-virus
Most important is keeping your anti-virus software up to date. An out of date anti-virus is not much better than no anti-virus. If your anti-virus is not set to update automatically (preferred), it is imperative that you occasionally update it manually. You usually can accomplish this through a tray icon.
Update Other Vulnerable Software
Malware writers are increasingly targeting vulnerabilities in commonly used applications. There are several online sites which will scan your computer for outdated software. I've listed two below. I recommend occasionally visiting and scanning your computer to detect vulnerable software that should be updated.
Secunia Online Software Inspector (http://secunia.com/vulnerability_scanning/online/)
F-Secure Health Check (http://www.f-secure.com/healthcheck/)
Mozilla Firefox Plug-in Check
If using Firefox, Click here (http://www.mozilla.com/en-US/plugincheck/) to visit Mozilla, check your plug-ins and update them as necessary.
Best Practices for Email and Downloaded Files.
Do not read emails from unknown sources.
Make it a habit to never open email attachments from anyone, including people you know, unless you absolutely have to. If you need to open an attachment, scan it with your anti-virus before you open it.
Do not use Peer to Peer software to "share" media and software. You will get more than you expected and the "bonus" will not be something you want and will bring you back seeking help.
Do not use keygens or hacked software. First, it is stealing. Second, it is almost always infected with something. If you cannot afford to buy something, there is likely a free alternative that will be a good substitute. Search around and seek out advice from a trusted forum. Most will be glad to tell you of their favorite free program that performs the job you want done.
Additional Protection Programs
The programs listed below are excellent for improving your computer's security.
WinPatrol (http://www.winpatrol.com/) by Bill Pytlovany - "WinPatrol is a multi-purpose utility designed to increase performance and protect against unwanted changes." Information on it's many features can be found here (http://www.winpatrol.com/features.html)
MVPS Hosts file (http://www.mvps.org/winhelp2002/hosts.htm) - A replacement HOSTS file that redirects known malicious and ad serving sites to the localhost, thus preventing connection to them.
Note: MVPS Hosts file can sometimes slow down the computer so read the information on the site to mitigate this effect.
I encourage you to check out miekiemoes' article "How to prevent Malware:" (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
If you have any questions about these suggestions, I would be happy to answer them.
Regards,
shinybeast
Thank you for help and your suggestions. I have been doing some research on my BSOD and still have some other things I would like to do before I result to a reinstallation. I have downloaded the latest drivers for my motherboard from work and will try to install them when I get home. I still believe that my computer can hopefully be fixed without doing a clean wipe since everything else on my computer is running primo except for my internet connectivity. I'm still just not ready to give up even though I may be able to do a reinstall on my C: partition and still salvage my other two partitions that I had dedicated to holding my programs and my data. We'll see what happens. I may just decide to upgrade to Windows 7 or either go back to running Linux.
shinybeast
2010-03-30, 18:46
OK.
You should definitely be able to salvage your data and program installers if you choose to format/reinstall on C:. The programs installed to D:\Program Files 2\, F:, and G: will probably have to be re-installed, however. I advise you to avoid P2P use in the future.
You can delete TDSSKiller.zip, TDSSKiller.exe, OTL and the randomly named GMER file if you haven't.
Best of luck with those newer drivers!
i just picked up Service Pack 3 for XP from my network admin at work and will give that a shot since I was only running SP2. Thx again for being patient with me and I'll definitely reply with my results if they turn out to be favorable.
shinybeast
2010-04-01, 18:27
Hello soar3,
Any luck?
Luck? Yeah......nothing but BAD luck! I don't know if that was one nasty Trojan that I caught(but I doubt it) but now I can't even turn my computer ON!! I did a defrag of my C: drive and rebooted and was up and running and then tried the internet and it crapped out on me after about 15 minutes and rebooted. Next, I got a screen saying "windows system32 config system error" and to try and boot from the CD to repair. NOT!!!!! It won't let me boot from the CD or even boot from the floppy drive after I made some XP boot disk. Then, after researching some more and wanting to try another XP boot disk, I went to go turn my computer on and then nothing happened. My power supply is glowing, so I know I have power, and my USB flash stick lights when I push the power button put no action from my fans or hard drive. I think you may have been right and I think let alone from catching a Trojan that my dear motherboard might have died on me. Very weird as to the timing of it all, but I am at a lost for explanation. They say timing is everything. I'm looking into another motherboard right now and maybe even just getting a new PC. My computer is only 3 and a half years old, but that may be old to some.
shinybeast
2010-04-01, 20:24
That's rough.
So you cannot get into BIOS setup?
If you cannot, I would dig out the manual for the motherboard. Reset the CMOS and see what happens. It appears that the motherboard may have a 2 digit LED readout on it that may help in diagnosis.
Yes, I can get into my BIOS without any problem, that is when the computer turned on. The only thing I wld change in the BIOS was the book order. I have never down any resetting of the cmos. I do have my manual for my motherboard and will look into ur suggestion.
shinybeast
2010-04-02, 22:00
Hi soar3,
As there is most likely nothing else we can do for you, I am going to request that this thread be closed.
All the best,
shinybeast