Immediate Help Requested - Think Point

View previous topic View next topic Go down

Immediate Help Requested - Think Point

Post by Mary gardener on Mon 06 Dec 2010, 10:06 am

I turned on the computer and got this Think Point window. I figured it was something fishy, but I did click "continue unprotected" or something to that nature. I've tried many things and my computer is still in a state of chaos. I ran Malware Bytes and it came up with 2 items. I did the OTL and have the logs but cannot get them from the infected computer to copy them here. I cannot access the internet from that computer. Email is not working there either. I was running a free version of Avast on that computer. My printer is attached to that computer and won't work. The scanner is also attached to that computer. I have an external hard drive and I was able to copy photos and a couple other documents to that. The modem and router are also attached to that computer.

Mary gardener

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2010-09-02
Operating System : 7

View user profile

Back to top Go down

Re: Immediate Help Requested - Think Point

Post by Belahzur on Mon 06 Dec 2010, 10:26 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Immediate Help Requested - Think Point

Post by Mary gardener on Mon 06 Dec 2010, 10:34 am

I have done that, but I cannot get the logs here to post them. I cannot open the internet and it appears that my drives are disabled.

Mary gardener

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2010-09-02
Operating System : 7

View user profile

Back to top Go down

Log File

Post by Mary gardener on Mon 06 Dec 2010, 10:37 am

OTL logfile created on: 12/5/2010 4:46:48 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.71 Gb Total Space | 451.47 Gb Free Space | 96.94% Space Free | Partition Type: NTFS
Drive E: | 149.01 Gb Total Space | 136.67 Gb Free Space | 91.71% Space Free | Partition Type: FAT32
Drive F: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

Computer Name: MARY | User Name: lokken | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/05 16:33:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2008/04/25 12:07:28 | 002,669,040 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/05 16:33:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/01/29 22:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV - [2010/07/27 04:48:30 | 000,331,992 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2010/07/27 04:48:30 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2010/07/27 04:48:30 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2010/04/15 18:35:02 | 000,068,696 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2010/04/15 18:35:02 | 000,068,696 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2008/04/14 06:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 06:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 06:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/19 23:10:10 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/07/19 19:26:24 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/07/16 20:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/16 20:45:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2001/08/17 20:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 20:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 20:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 20:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 20:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 19:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 19:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 19:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 19:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 19:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 19:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 19:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 19:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 19:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 19:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.baldwin-telecom.net/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {B3A0A1E1-9082-445A-82DA-9D3BEC3EBA87}:1.9.1
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\{B3A0A1E1-9082-445A-82DA-9D3BEC3EBA87}: C:\Documents and Settings\lokken\Local Settings\Application Data\{B3A0A1E1-9082-445A-82DA-9D3BEC3EBA87} [2010/12/02 01:15:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/27 21:43:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/27 21:43:01 | 000,000,000 | ---D | M]

[2010/09/11 01:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lokken\Application Data\Mozilla\Extensions
[2010/12/05 13:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lokken\Application Data\Mozilla\Firefox\Profiles\zwzqeqh9.default\extensions
[2010/10/24 11:16:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\lokken\Application Data\Mozilla\Firefox\Profiles\zwzqeqh9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/31 16:26:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Auto Auto EPSON Stylus C88 Series on NEWERDELL on LOKKEN-B96A199A] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Auto EPSON Stylus C88 Series on CARLY] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Auto EPSON Stylus C88 Series on LOKKEN-B96A199A] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus C88 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus C88 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [Wmimogocelozu] C:\WINDOWS\aworaqesa.DLL (VoLT, 2010)
O4 - HKCU..\Run: [Kmukage] C:\WINDOWS\mcorpr.DLL File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\lokken\Application Data\hotfix.exe) - C:\Documents and Settings\lokken\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\lokken\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\lokken\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/04/08 05:20:38 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2005/11/15 11:08:04 | 000,000,036 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/05 13:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lokken\Application Data\Sunbelt
[2010/12/05 13:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2010/12/05 13:02:22 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbhips.sys
[2010/12/05 13:02:21 | 000,212,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2010/12/05 13:02:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/12/05 13:02:15 | 000,068,696 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2010/12/05 13:02:14 | 000,331,992 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2010/12/05 13:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2010/12/02 01:15:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lokken\Local Settings\Application Data\{B3A0A1E1-9082-445A-82DA-9D3BEC3EBA87}
[2010/12/02 01:05:59 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\lokken\Desktop\YCemSCi.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/05 16:46:58 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\lokken\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/12/05 16:45:56 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\lokken\My Documents\OTL Extras logfile created on.doc
[2010/12/05 16:14:30 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\lokken\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2010/12/05 16:03:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/05 16:00:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/05 15:29:00 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2010/12/05 15:27:11 | 000,000,309 | ---- | M] () -- C:\Documents and Settings\lokken\Desktop\Shortcut to kav_rescue_10.lnk
[2010/12/05 13:10:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/05 13:02:13 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2010/12/05 12:57:50 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Karen payments.xls
[2010/12/05 12:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/05 12:42:12 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\lokken\Application Data\completescan
[2010/12/05 12:40:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/02 01:36:14 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/12/02 01:15:16 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Jnaqipada.dat
[2010/12/02 01:15:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lrunofaxacumiru.bin
[2010/12/02 01:13:18 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\lokken\Application Data\start
[2010/12/02 01:08:00 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\lokken\Application Data\install
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/28 14:29:27 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\lokken\My Documents\View Koosmann Family Photos.doc
[2010/11/28 12:19:13 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\lokken\Desktop\christmas card labels.doc
[2010/11/10 19:23:37 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\lokken\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2010/11/08 01:22:22 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/08 01:22:22 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 01:48:50 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/05 16:45:55 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\lokken\My Documents\OTL Extras logfile created on.doc
[2010/12/05 15:27:11 | 000,000,309 | ---- | C] () -- C:\Documents and Settings\lokken\Desktop\Shortcut to kav_rescue_10.lnk
[2010/12/05 13:02:13 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk
[2010/12/02 01:15:16 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jnaqipada.dat
[2010/12/02 01:15:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lrunofaxacumiru.bin
[2010/12/02 01:13:18 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\lokken\Application Data\start
[2010/12/02 01:12:31 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\lokken\Application Data\completescan
[2010/12/02 01:08:00 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\lokken\Application Data\install
[2010/12/02 01:06:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/12/02 01:06:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/28 14:29:27 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\lokken\My Documents\View Koosmann Family Photos.doc
[2010/11/10 19:23:37 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\lokken\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2010/09/16 13:07:42 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/01 15:53:33 | 000,143,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/24 13:53:27 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/03/14 13:10:48 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/01/30 13:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/01/24 12:50:32 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV30V300.ini
[2010/01/18 19:48:43 | 000,000,058 | ---- | C] () -- C:\WINDOWS\EPSONSC88+.ini
[2009/05/12 18:26:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/10 16:11:49 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/05/10 16:11:15 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2009/05/04 13:32:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2009/05/04 13:31:34 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/05/04 10:01:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/25 03:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

< End of report >

Mary gardener

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2010-09-02
Operating System : 7

View user profile

Back to top Go down

Extra

Post by Mary gardener on Mon 06 Dec 2010, 10:38 am

OTL Extras logfile created on: 12/5/2010 4:38:54 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.71 Gb Total Space | 451.47 Gb Free Space | 96.94% Space Free | Partition Type: NTFS
Drive E: | 149.01 Gb Total Space | 136.67 Gb Free Space | 91.71% Space Free | Partition Type: FAT32
Drive F: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

Computer Name: MARY | User Name: lokken | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\DOCUME~1\lokken\LOCALS~1\Temp\0.44079567928947616.exe" = [String data over 1000 bytes]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2305B203-951F-4D88-B366-6E86F524390D}" = VIPRE Antivirus Premium
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V30/V300 Photo Scanner Driver Update
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.4
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"Snood_is1" = Snood for Windows version 3.52-W
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2010 3:12:40 PM | Computer Name = MARY | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: Unable
to connect to the remote server ---> System.Net.Sockets.SocketException: No connection
could be made because the target machine actively refused it 127.0.0.1:5643 at
System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)

at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP) at System.Net.ServicePoint.ConnectSocketInternal(Boolean
connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState
state, IAsyncResult asyncResult, Int32 timeout, Exception& exception) --- End
of inner exception stack trace --- at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 7/24/2010 3:22:45 PM | Computer Name = MARY | Source = ESENT | ID = 490
Description = svchost (1520) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 7/24/2010 3:22:45 PM | Computer Name = MARY | Source = ESENT | ID = 454
Description = Catalog Database (1520) Database recovery/restore failed with unexpected
error -1032.

Error - 7/24/2010 3:27:25 PM | Computer Name = MARY | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: Unable
to connect to the remote server ---> System.Net.Sockets.SocketException: No connection
could be made because the target machine actively refused it 127.0.0.1:5643 at
System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)

at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP) at System.Net.ServicePoint.ConnectSocketInternal(Boolean
connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState
state, IAsyncResult asyncResult, Int32 timeout, Exception& exception) --- End
of inner exception stack trace --- at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 7/24/2010 3:40:15 PM | Computer Name = MARY | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 5.0.375.99, fault address 0x0039cd07.

Error - 7/24/2010 3:40:25 PM | Computer Name = MARY | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 5.0.375.99, fault address 0x0039cd07.

Error - 7/24/2010 3:42:58 PM | Computer Name = MARY | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: Unable
to connect to the remote server ---> System.Net.Sockets.SocketException: No connection
could be made because the target machine actively refused it 127.0.0.1:5643 at
System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)

at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP) at System.Net.ServicePoint.ConnectSocketInternal(Boolean
connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState
state, IAsyncResult asyncResult, Int32 timeout, Exception& exception) --- End
of inner exception stack trace --- at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 7/24/2010 3:53:49 PM | Computer Name = MARY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/24/2010 3:53:49 PM | Computer Name = MARY | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/26/2010 8:01:04 PM | Computer Name = MARY | Source = Application Error | ID = 1000
Description = Faulting application SfCtlCom.exe, version 17.50.0.1647, faulting
module msvcr80.dll, version 8.0.50727.3053, fault address 0x00008aa0.

[ System Events ]
Error - 12/5/2010 6:23:35 PM | Computer Name = MARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/5/2010 6:24:40 PM | Computer Name = MARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 12/5/2010 6:25:19 PM | Computer Name = MARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/5/2010 6:25:26 PM | Computer Name = MARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/5/2010 6:36:08 PM | Computer Name = MARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/5/2010 6:36:10 PM | Computer Name = MARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/5/2010 6:36:52 PM | Computer Name = MARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/5/2010 6:37:19 PM | Computer Name = MARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/5/2010 6:37:36 PM | Computer Name = MARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/5/2010 6:38:20 PM | Computer Name = MARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

Mary gardener

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2010-09-02
Operating System : 7

View user profile

Back to top Go down

Re: Immediate Help Requested - Think Point

Post by Belahzur on Mon 06 Dec 2010, 11:00 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [Wmimogocelozu] C:\WINDOWS\aworaqesa.DLL (VoLT, 2010)
    O4 - HKCU..\Run: [Kmukage] C:\WINDOWS\mcorpr.DLL File not found
    O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\lokken\Application Data\hotfix.exe) - C:\Documents and Settings\lokken\Application Data\hotfix.exe File not found
    [2010/12/02 01:15:16 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Jnaqipada.dat
    [2010/12/02 01:15:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lrunofaxacumiru.bin
    [2010/12/02 01:13:18 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\lokken\Application Data\start
    [2010/12/02 01:08:00 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\lokken\Application Data\install
    [2010/12/05 12:42:12 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\lokken\Application Data\completescan

    :files
    C:\WINDOWS\tasks\At*.job


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Immediate Help Requested - Think Point

Post by Mary gardener on Mon 06 Dec 2010, 11:14 am

It came back with "error creating log file."

Mary gardener

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2010-09-02
Operating System : 7

View user profile

Back to top Go down

Re: Immediate Help Requested - Think Point

Post by Mary gardener on Mon 06 Dec 2010, 1:01 pm

I did it again and this time it ran:

Error: Unable to interpret <OTL logfile created on: 12/5/2010 7:55:59 PM - Run 2> in the current context!
Error: Unable to interpret ~[Filtered]~ in the current context!
Error: Unable to interpret <Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 7.0.5730.13)> in the current context!
Error: Unable to interpret <Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free> in the current context!
Error: Unable to interpret <5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files> in the current context!
Error: Unable to interpret <Drive C: | 465.71 Gb Total Space | 452.31 Gb Free Space | 97.12% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive E: | 149.01 Gb Total Space | 136.67 Gb Free Space | 91.71% Space Free | Partition Type: FAT32> in the current context!
Error: Unable to interpret <Drive F: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.95% Space Free | Partition Type: FAT32> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: MARY | User Name: lokken | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: SafeMode | Scan Mode: Current user> in the current context!
Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <PRC - [2010/12/05 16:33:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\OTL.exe> in the current context!
Error: Unable to interpret <PRC - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe> in the current context!
Error: Unable to interpret <PRC - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe> in the current context!
Error: Unable to interpret <PRC - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe> in the current context!
Error: Unable to interpret <PRC - [2008/04/25 12:07:28 | 002,669,040 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe> in the current context!
Error: Unable to interpret <PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe> in the current context!
Error: Unable to interpret <PRC - [2008/04/14 06:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe> in the current context!
Error: Unable to interpret <PRC - [2007/08/13 17:32:30 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\lokken\Desktop\YCemSCi.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Modules (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <MOD - [2010/12/05 16:33:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\OTL.exe> in the current context!
Error: Unable to interpret <MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SRV - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)> in the current context!
Error: Unable to interpret <SRV - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)> in the current context!
Error: Unable to interpret <SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)> in the current context!
Error: Unable to interpret <SRV - [2009/01/29 22:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <DRV - [2010/07/27 04:48:30 | 000,331,992 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)> in the current context!
Error: Unable to interpret <DRV - [2010/07/27 04:48:30 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)> in the current context!
Error: Unable to interpret <DRV - [2010/07/27 04:48:30 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)> in the current context!
Error: Unable to interpret <DRV - [2010/04/15 18:35:02 | 000,068,696 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)> in the current context!
Error: Unable to interpret <DRV - [2010/04/15 18:35:02 | 000,068,696 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)> in the current context!
Error: Unable to interpret <DRV - [2008/04/14 06:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)> in the current context!
Error: Unable to interpret <DRV - [2008/04/14 06:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)> in the current context!
Error: Unable to interpret <DRV - [2008/04/14 06:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)> in the current context!
Error: Unable to interpret <DRV - [2007/07/19 23:10:10 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)> in the current context!
Error: Unable to interpret <DRV - [2007/07/19 19:26:24 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)> in the current context!
Error: Unable to interpret <DRV - [2007/07/16 20:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)> in the current context!
Error: Unable to interpret <DRV - [2007/07/16 20:45:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)> in the current context!
Error: Unable to interpret <DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)> in the current context!
Error: Unable to interpret <DRV - [2001/08/17 20:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)> in the current context!
Error: Unable to interpret <DRV - [2001/08/17 20:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)> in the current context!
Error: Unable to interpret <DRV - [2001/08/17 20:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)> in the current context!
Error: Unable to interpret <DRV - [2001/08/17 20:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)> in the current context!
Error: Unable to interpret <DRV - [2001/08/17 20:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)> in the current context!
Error: Unable to interpret <DRV - [2001/08/17 19:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)> in the current context!
Error: Unable to interpret <DRV - [2001/08/17 19:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)> in the current context!
Error: Unable to interpret <DRV - [2001/08/17 19:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)> in the current context!
Error: Unable to interpret <DRV - [2001/08/17 19:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)> in the current context!
Error: Unable to interpret <DRV - [2001/08/17 19:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)> in the current context!
Error: Unable to interpret <DRV - [2001/08/17 19:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)> in the current context!
Error: Unable to interpret <DRV - [2001/08/17 19:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)> in the current context!
Error: Unable to interpret <DRV - [2001/08/17 19:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)> in the current context!
Error: Unable to interpret <DRV - [2001/08/17 19:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)> in the current context!
Error: Unable to interpret <DRV - [2001/08/17 19:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm> in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.] in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.] in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.] in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.] in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.] in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.] in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== FireFox ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "http://www.baldwin-telecom.net/"> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {B3A0A1E1-9082-445A-82DA-9D3BEC3EBA87}:1.9.1> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.type: 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKLM\software\mozilla\Firefox\extensions\\{B3A0A1E1-9082-445A-82DA-9D3BEC3EBA87}: C:\Documents and Settings\lokken\Local Settings\Application Data\{B3A0A1E1-9082-445A-82DA-9D3BEC3EBA87} [2010/12/02 01:15:12 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/27 21:43:01 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/27 21:43:01 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010/09/11 01:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lokken\Application Data\Mozilla\Extensions> in the current context!
Error: Unable to interpret <[2010/12/05 13:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lokken\Application Data\Mozilla\Firefox\Profiles\zwzqeqh9.default\extensions> in the current context!
Error: Unable to interpret <[2010/10/24 11:16:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\lokken\Application Data\Mozilla\Firefox\Profiles\zwzqeqh9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}> in the current context!
Error: Unable to interpret <[2010/10/31 16:26:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts> in the current context!
Error: Unable to interpret <O1 - Hosts: 127.0.0.1 localhost> in the current context!
Error: Unable to interpret <O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Auto Auto EPSON Stylus C88 Series on NEWERDELL on LOKKEN-B96A199A] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Auto EPSON Stylus C88 Series on CARLY] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Auto EPSON Stylus C88 Series on LOKKEN-B96A199A] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [EPSON Stylus C88 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [EPSON Stylus C88 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Wmimogocelozu] C:\WINDOWS\aworaqesa.DLL (VoLT, 2010)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Kmukage] C:\WINDOWS\mcorpr.DLL File not found> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0> in the current context!
Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context!
Error: Unable to interpret <O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)> in the current context!
Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\lokken\Application Data\hotfix.exe) - C:\Documents and Settings\lokken\Application Data\hotfix.exe File not found> in the current context!
Error: Unable to interpret <O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)> in the current context!
Error: Unable to interpret <O24 - Desktop WallPaper: C:\Documents and Settings\lokken\Local Settings\Application Data\Microsoft\Wallpaper1.bmp> in the current context!
Error: Unable to interpret <O24 - Desktop BackupWallPaper: C:\Documents and Settings\lokken\Local Settings\Application Data\Microsoft\Wallpaper1.bmp> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2006/04/08 05:20:38 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2005/11/15 11:08:04 | 000,000,036 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *) - File not found> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010/12/05 13:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lokken\Application Data\Sunbelt> in the current context!
Error: Unable to interpret <[2010/12/05 13:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt> in the current context!
Error: Unable to interpret <[2010/12/05 13:02:22 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbhips.sys> in the current context!
Error: Unable to interpret <[2010/12/05 13:02:21 | 000,212,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbtis.sys> in the current context!
Error: Unable to interpret <[2010/12/05 13:02:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood> in the current context!
Error: Unable to interpret <[2010/12/05 13:02:15 | 000,068,696 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys> in the current context!
Error: Unable to interpret <[2010/12/05 13:02:14 | 000,331,992 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys> in the current context!
Error: Unable to interpret <[2010/12/05 13:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software> in the current context!
Error: Unable to interpret <[2010/12/02 01:15:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lokken\Local Settings\Application Data\{B3A0A1E1-9082-445A-82DA-9D3BEC3EBA87}> in the current context!
Error: Unable to interpret <[2010/12/02 01:05:59 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\lokken\Desktop\YCemSCi.exe> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010/12/05 18:12:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\lokken\My Documents\~$L logfile created on.doc> in the current context!
Error: Unable to interpret <[2010/12/05 18:12:24 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\lokken\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk> in the current context!
Error: Unable to interpret <[2010/12/05 16:47:54 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\lokken\My Documents\OTL logfile created on.doc> in the current context!
Error: Unable to interpret <[2010/12/05 16:45:56 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\lokken\My Documents\OTL Extras logfile created on.doc> in the current context!
Error: Unable to interpret <[2010/12/05 16:14:30 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\lokken\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk> in the current context!
Error: Unable to interpret <[2010/12/05 16:03:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl> in the current context!
Error: Unable to interpret <[2010/12/05 16:00:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat> in the current context!
Error: Unable to interpret <[2010/12/05 15:29:00 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk> in the current context!
Error: Unable to interpret <[2010/12/05 15:27:11 | 000,000,309 | ---- | M] () -- C:\Documents and Settings\lokken\Desktop\Shortcut to kav_rescue_10.lnk> in the current context!
Error: Unable to interpret <[2010/12/05 13:10:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT> in the current context!
Error: Unable to interpret <[2010/12/05 13:02:13 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk> in the current context!
Error: Unable to interpret <[2010/12/05 12:57:50 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Karen payments.xls> in the current context!
Error: Unable to interpret <[2010/12/05 12:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job> in the current context!
Error: Unable to interpret <[2010/12/05 12:42:12 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\lokken\Application Data\completescan> in the current context!
Error: Unable to interpret <[2010/12/05 12:40:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:36:14 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At2.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:15:16 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Jnaqipada.dat> in the current context!
Error: Unable to interpret <[2010/12/02 01:15:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lrunofaxacumiru.bin> in the current context!
Error: Unable to interpret <[2010/12/02 01:13:18 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\lokken\Application Data\start> in the current context!
Error: Unable to interpret <[2010/12/02 01:08:00 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\lokken\Application Data\install> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At9.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At8.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At7.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At6.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At5.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At4.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At3.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At24.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At23.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At22.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At21.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At20.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At19.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At18.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At17.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At16.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At15.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At14.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At13.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At12.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At11.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At10.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At1.job> in the current context!
Error: Unable to interpret <[2010/11/28 14:29:27 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\lokken\My Documents\View Koosmann Family Photos.doc> in the current context!
Error: Unable to interpret <[2010/11/28 12:19:13 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\lokken\Desktop\christmas card labels.doc> in the current context!
Error: Unable to interpret <[2010/11/10 19:23:37 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\lokken\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk> in the current context!
Error: Unable to interpret <[2010/11/08 01:22:22 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat> in the current context!
Error: Unable to interpret <[2010/11/08 01:22:22 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat> in the current context!
Error: Unable to interpret <[2010/11/06 01:48:50 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010/12/05 18:12:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\lokken\My Documents\~$L logfile created on.doc> in the current context!
Error: Unable to interpret <[2010/12/05 16:47:53 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\lokken\My Documents\OTL logfile created on.doc> in the current context!
Error: Unable to interpret <[2010/12/05 16:45:55 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\lokken\My Documents\OTL Extras logfile created on.doc> in the current context!
Error: Unable to interpret <[2010/12/05 15:27:11 | 000,000,309 | ---- | C] () -- C:\Documents and Settings\lokken\Desktop\Shortcut to kav_rescue_10.lnk> in the current context!
Error: Unable to interpret <[2010/12/05 13:02:13 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk> in the current context!
Error: Unable to interpret <[2010/12/02 01:15:16 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jnaqipada.dat> in the current context!
Error: Unable to interpret <[2010/12/02 01:15:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lrunofaxacumiru.bin> in the current context!
Error: Unable to interpret <[2010/12/02 01:13:18 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\lokken\Application Data\start> in the current context!
Error: Unable to interpret <[2010/12/02 01:12:31 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\lokken\Application Data\completescan> in the current context!
Error: Unable to interpret <[2010/12/02 01:08:00 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\lokken\Application Data\install> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At24.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At23.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At22.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At21.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At20.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At19.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At18.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:37 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At17.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At9.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At8.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At7.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At6.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At5.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At4.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At3.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At2.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At16.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At15.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At14.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At13.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At12.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At11.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At10.job> in the current context!
Error: Unable to interpret <[2010/12/02 01:06:36 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At1.job> in the current context!
Error: Unable to interpret <[2010/11/28 14:29:27 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\lokken\My Documents\View Koosmann Family Photos.doc> in the current context!
Error: Unable to interpret <[2010/11/10 19:23:37 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\lokken\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk> in the current context!
Error: Unable to interpret <[2010/09/16 13:07:42 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI> in the current context!
Error: Unable to interpret <[2010/08/01 15:53:33 | 000,143,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat> in the current context!
Error: Unable to interpret <[2010/07/24 13:53:27 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys> in the current context!
Error: Unable to interpret <[2010/03/14 13:10:48 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI> in the current context!
Error: Unable to interpret <[2010/01/30 13:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI> in the current context!
Error: Unable to interpret <[2010/01/24 12:50:32 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV30V300.ini> in the current context!
Error: Unable to interpret <[2010/01/18 19:48:43 | 000,000,058 | ---- | C] () -- C:\WINDOWS\EPSONSC88+.ini> in the current context!
Error: Unable to interpret <[2009/05/12 18:26:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI> in the current context!
Error: Unable to interpret <[2009/05/10 16:11:49 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini> in the current context!
Error: Unable to interpret <[2009/05/10 16:11:15 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI> in the current context!
Error: Unable to interpret <[2009/05/04 13:32:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll> in the current context!
Error: Unable to interpret <[2009/05/04 13:31:34 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI> in the current context!
Error: Unable to interpret <[2009/05/04 10:01:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini> in the current context!
Error: Unable to interpret <[2008/04/25 03:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI> in the current context!
Error: Unable to interpret << End of report >> in the current context!

OTL by OldTimer - Version 3.2.17.3 log created on 12052010_195636

Mary gardener

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2010-09-02
Operating System : 7

View user profile

Back to top Go down

Re: Immediate Help Requested - Think Point

Post by Mary gardener on Tue 07 Dec 2010, 2:45 am

Still infected. When I reboot and let it go normally, I get this lovely blue screen. I can take a photo of it and attache it to a post, maybe. I'm at work now, and will be home at 6:00 p.m. (Central).

Mary gardener

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2010-09-02
Operating System : 7

View user profile

Back to top Go down

Re: Immediate Help Requested - Think Point

Post by Belahzur on Tue 07 Dec 2010, 7:55 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Immediate Help Requested - Think Point

Post by Mary gardener on Tue 07 Dec 2010, 1:14 pm

It asked if I wanted to install the recovery console and I answered yes, but it would not proceed as the computer cannot connect to the internet. That has been disabled.

Mary gardener

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2010-09-02
Operating System : 7

View user profile

Back to top Go down

Re: Immediate Help Requested - Think Point

Post by Mary gardener on Wed 08 Dec 2010, 5:47 am

No further help needed at this time. I used my recovery disk and it appears things are doing well.

Mary gardener

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2010-09-02
Operating System : 7

View user profile

Back to top Go down

Re: Immediate Help Requested - Think Point

Post by Sponsored content Today at 7:44 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum