Solved Need help with XP machine that won't run in normal mode

BillB · 2010/09/23

Here are the new logs.

OTL Extras logfile created on: 9/23/2010 8:43:14 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 205.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.96 Gb Total Space | 131.74 Gb Free Space | 90.88% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.60 Gb Free Space | 14.62% Space Free | Partition Type: FAT32
Drive E: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-C8BH3JAGLT
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard
"13066:TCP" = 13066:TCP:*:Enabled:spport
"23208:TCP" = 23208:TCP:*:Enabled:spport
"14064:TCP" = 14064:TCP:*:Enabled:spport
"5688:TCP" = 5688:TCP:*:Enabled:spport
"26854:TCP" = 26854:TCP:*:Enabled:spport
"19089:TCP" = 19089:TCP:*:Enabled:spport
"24565:TCP" = 24565:TCP:*:Enabled:spport
"29918:TCP" = 29918:TCP:*:Enabled:spport
"27867:TCP" = 27867:TCP:*:Enabled:spport
"17731:TCP" = 17731:TCP:*:Enabled:spport
"18641:TCP" = 18641:TCP:*:Enabled:spport
"24206:TCP" = 24206:TCP:*:Enabled:spport
"9883:TCP" = 9883:TCP:*:Enabled:spport
"19177:TCP" = 19177:TCP:*:Enabled:spport
"15239:TCP" = 15239:TCP:*:Enabled:spport

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\WINDOWS\Temp\us10077.exe" = C:\WINDOWS\Temp\us10077.exe:*:Enabledxpsp2res.dll,-22019 -- File not found
"%windir%\system32\winav.exe" = %windir%\system32\winav.exe:*:Enabledxpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe" = C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe:*:Enabled:WildTangent Host Executable -- (WildTangent)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*isabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{084689AC-70EE-46F9-A48C-411BAEEBFD43}" = D6100_D7100_D7300_Help
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3004FB81-7B9E-4808-BD13-BC5A530BA60B}" = cp_PrintOnCDConfig
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{423BF8AD-90B1-4D22-9151-B601D808BC04}" = D7300
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{49140327-BEBF-43dd-B386-43311A065609}" = hph_ProductContext
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5D9C3FCE-A8BA-42F0-9019-769A1CF9A7A9}" = hph_software
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76BEC1D7-8A9F-472D-84C7-014BB155E4B2}" = HP Photosmart and Deskjet 7.0 Software
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{83AA7444-96B0-439F-ADCA-9DA75D18BA4F}" = RPS CRT
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{893429F2-083B-4F82-92DC-DFDC45E8503C}" = hph_readme
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{97AFE669-5F73-4159-A8D6-777778AFBE6A}" = Philips Firmware Manager
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BA63612E-0458-416A-ADCD-B2349194F20F}" = Creative Zen Nano Plus
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBBF3122-9A09-40B2-A065-CD684059FB19}" = hph_software_req
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4C261A-B915-4F23-BD23-7E1AE5713B4E}" = Vz In Home Agent
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE7C3A14-1D20-49F6-B903-491561076F0F}" = ArcSoft Software Suite
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"0254DF9A-618A-4A2C-A5ED-FA7115988B02" = Word Symphony from Compaq (remove only)
"05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only)
"26DC0ED6-93A7-43C1-8DC5-EC16079580F9" = Orbital from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only)
"2FDCC229-354D-4279-ABEF-CE17E355BFFA" = Five Card Frenzy from Compaq (remove only)
"66195170-D19D-46C5-8FB7-8A4630071ADC" = Tradewinds from Compaq (remove only)
"7263423D-C72B-400B-B6E8-C24A9F75CCDC" = Polar Golfer Pineapple Cup from Compaq (remove only)
"75528D5F-DD82-402E-BA7C-045B7DC6A712" = Blasterball 2 from Compaq (remove only)
"8A225900-C06D-41DD-B66C-43840D472758" = Otto from Compaq (remove only)
"8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E" = Slyder from Compaq (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"America Online us" = America Online (Choose which version to remove)
"AudibleManager" = AudibleManager
"avast5" = avast! Free Antivirus
"BackWeb-1940576 Uninstaller" = Compaq Connections
"C43D84CD-EBFC-48D3-A330-7868C8AD415A" = Crystal Maze from Compaq (remove only)
"Compaq Instant Support" = Compaq Instant Support
"Creative Mass Storage Drivers" = Creative Mass Storage Drivers
"FA7F5211-C629-4711-BD82-7DFFB08CB518" = Overball from Compaq (remove only)
"GoToAssist" = GoToAssist 8.0.0.508
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"InfraRecorder" = InfraRecorder
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MuVo Driver" = Creative Mass Storage Drivers
"Neoteris_Secure_Application_Manager" = Secure Application Manager
"Neoteris_Term_Services" = Juniper Terminal Services Client
"NVIDIA" =
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.24
"RealPlayer 6.0" = RealPlayer
"S3" = VIA/S3G Display Driver
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysInfo" = Creative System Information
"ToggleEN Toolbar" = ToggleEN Toolbar
"Verizon Help and Support" = Verizon Help and Support Tool
"verizon_broad" = Verizon Broadband Toolbar (IE only)
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Neoteris_Cache_Cleaner 5.1.0" = Cache Cleaner 5.1.0
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/19/2010 12:42:22 AM | Computer Name = YOUR-C8BH3JAGLT | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 9/19/2010 12:44:23 AM | Computer Name = YOUR-C8BH3JAGLT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/19/2010 12:44:23 AM | Computer Name = YOUR-C8BH3JAGLT | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 9/19/2010 12:46:24 AM | Computer Name = YOUR-C8BH3JAGLT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/19/2010 12:46:24 AM | Computer Name = YOUR-C8BH3JAGLT | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 9/19/2010 12:48:25 AM | Computer Name = YOUR-C8BH3JAGLT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/19/2010 12:48:25 AM | Computer Name = YOUR-C8BH3JAGLT | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 9/19/2010 12:50:26 AM | Computer Name = YOUR-C8BH3JAGLT | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/19/2010 12:50:26 AM | Computer Name = YOUR-C8BH3JAGLT | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 9/19/2010 9:24:13 AM | Computer Name = YOUR-C8BH3JAGLT | Source = Application Error | ID = 1000
Description = Faulting application cune.exe, version 2.1.0.5, faulting module cune.exe,
version 2.1.0.5, fault address 0x0003f222.

[ System Events ]
Error - 9/22/2010 6:18:02 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/22/2010 6:18:02 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 9/22/2010 6:18:02 PM | Computer Name = YOUR-C8BH3JAGLT | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 9/23/2010 8:40:16 AM | Computer Name = YOUR-C8BH3JAGLT | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 9/23/2010 8:40:16 AM | Computer Name = YOUR-C8BH3JAGLT | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 9/23/2010 8:40:16 AM | Computer Name = YOUR-C8BH3JAGLT | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\AvastSvc.exe.
Reference
error message: The operation completed successfully. .

Error - 9/23/2010 8:40:25 AM | Computer Name = YOUR-C8BH3JAGLT | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%14001

Error - 9/23/2010 8:40:25 AM | Computer Name = YOUR-C8BH3JAGLT | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/23/2010 8:40:25 AM | Computer Name = YOUR-C8BH3JAGLT | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 9/23/2010 8:40:25 AM | Computer Name = YOUR-C8BH3JAGLT | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

< End of report >

BillB · 2010/09/23

OTL logfile created on: 9/23/2010 8:43:14 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 205.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.96 Gb Total Space | 131.74 Gb Free Space | 90.88% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 0.60 Gb Free Space | 14.62% Space Free | Partition Type: FAT32
Drive E: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-C8BH3JAGLT
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/23 08:42:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/08/01 18:03:28 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/03/12 12:31:54 | 002,303,216 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/22 21:58:48 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/11/19 20:02:46 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/04/21 15:16:02 | 001,434,848 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/08/27 13:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/09/23 08:42:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/07/29 19:47:38 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 02:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 12:45:12 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe -- (GoToAssist)
SRV - [2005/11/22 21:58:48 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/04/21 15:16:02 | 001,434,848 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/08/27 13:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/18 18:53:00 | 000,037,376 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2006/04/18 04:08:39 | 000,057,063 | ---- | M] (Neoteris) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_510_10575.sys -- (NEOFLTR_510_10575) Juniper Networks TDI Filter Driver (NEOFLTR_510_10575)
DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/01/03 00:05:48 | 000,011,520 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/01/02 23:20:40 | 000,432,000 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/12/12 10:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/02 22:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/09/19 16:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/07/18 20:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 15:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/01/10 20:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/04 21:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 01:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/08/17 15:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin File not found

[2009/09/11 13:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2009/09/11 13:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2010/09/22 16:25:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Reg Error: Value error. File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Neoteris\Secure Application Manager\samnsp.dll (Neoteris)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {971127BB-259F-48C2-BD75-5F97A3331551} https://wcac.magellanhealth.com/+CSCO+0075676763663A2F2F2E637968747661662E++/rdp/-CSCO-3h--msrdp.cab (Reg Error: Key error.)
O16 - DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} https://wcac.magellanhealth.com/+CSCOL+/cscopf.cab (CISCO Portforwarder Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/02 04:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/23 08:42:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/09/22 17:47:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/21 13:08:56 | 000,000,000 | ---D | C] -- C:\found.000
[2010/09/20 21:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb
[2010/09/18 19:34:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/18 18:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdskiller
[2010/09/18 15:33:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/18 15:33:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/18 15:33:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/18 15:33:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/18 15:33:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/18 15:33:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/17 12:45:16 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/17 12:45:15 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/17 12:45:14 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/17 12:45:13 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/17 12:45:11 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/17 12:45:11 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/17 12:45:09 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/17 12:45:05 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/17 12:45:05 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/09/17 12:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/09/17 12:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/17 11:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/09/17 11:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/09/17 11:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/17 10:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/09/17 10:38:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/17 10:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/17 10:38:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/17 10:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/17 10:36:31 | 000,000,000 | ---D | C] -- C:\tmp
[2010/09/17 10:30:17 | 000,000,000 | ---D | C] -- C:\log
[2010/07/21 17:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\RMNetwork
[2010/07/21 17:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\getfire
[2010/07/19 16:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\riva
[2010/07/19 16:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/07/12 16:12:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/07/09 21:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/09 20:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/09 20:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/03 10:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/23 08:42:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/09/23 08:40:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/23 08:40:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/09/23 08:40:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/23 08:40:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/23 08:40:13 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/22 23:06:49 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/09/22 23:06:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/09/22 16:25:08 | 000,000,254 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/22 16:25:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/22 16:16:31 | 003,849,687 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/09/21 13:01:48 | 000,511,861 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DrWeb.csv
[2010/09/20 20:46:50 | 049,703,992 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\drweb-cureit.exe
[2010/09/19 00:04:32 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2010/09/19 00:04:20 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.scr
[2010/09/19 00:04:14 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2010/09/18 19:34:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/18 18:53:00 | 000,037,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\amdk7.sys
[2010/09/18 15:28:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\psu7ewt5.exe
[2010/09/18 13:29:06 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/09/17 12:50:46 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/09/17 12:45:16 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/09/17 12:45:11 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/17 11:22:17 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/17 10:38:40 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/16 20:10:17 | 001,148,960 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/09/16 20:10:17 | 000,099,908 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/09/16 20:10:13 | 000,324,764 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/09/16 20:10:12 | 024,607,776 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/08/12 17:54:58 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/08/07 10:19:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/04 06:50:01 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\August 3.doc
[2010/07/05 11:11:06 | 000,001,192 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\Default.rdp
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/21 21:33:53 | 003,849,687 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/09/21 13:09:41 | 469,291,008 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/21 13:01:48 | 000,511,861 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DrWeb.csv
[2010/09/20 21:17:12 | 049,703,992 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\drweb-cureit.exe
[2010/09/20 17:49:41 | 000,002,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\xp_exe_fix.reg
[2010/09/19 00:09:03 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.scr
[2010/09/19 00:09:03 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2010/09/19 00:09:03 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2010/09/18 19:34:34 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/09/18 19:34:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/18 15:33:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/18 15:33:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/18 15:33:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/18 15:33:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/18 15:33:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/18 13:09:22 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\psu7ewt5.exe
[2010/09/18 13:09:22 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/09/17 12:52:31 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/09/17 12:45:16 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/09/17 11:22:17 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/17 10:38:40 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/17 10:30:24 | 000,003,800 | ---- | C] () -- C:\Documents and Settings\Owner\udinstaller.log
[2010/08/12 17:54:58 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/08/12 17:54:58 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/08/04 06:50:01 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\August 3.doc
[2007/11/16 21:52:16 | 000,001,832 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/10/22 13:30:44 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/10/22 13:25:56 | 000,001,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/10/07 13:36:11 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/10/07 13:36:10 | 000,000,522 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2006/09/04 21:29:57 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/12/27 17:22:02 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2005/10/03 19:14:28 | 000,001,373 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/06/22 18:21:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/06/22 18:21:34 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/06/22 18:21:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/06/22 18:21:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/06/22 18:21:34 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/06/22 18:21:34 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/04/03 04:18:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/03 03:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/04/03 03:36:39 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/04/02 20:15:40 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/04/02 20:00:40 | 000,027,752 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/04/02 20:00:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/04/02 06:01:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/02 05:52:33 | 000,001,012 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/04/02 05:14:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/04/02 04:43:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/02 04:34:53 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/04/02 04:34:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/04/02 04:34:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/04/02 04:08:11 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/02 02:52:53 | 000,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 04:05:08 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\amdk7.sys

========== LOP Check ==========

[2010/09/17 12:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/10/17 17:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2004/11/25 10:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2007/12/31 17:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/01/23 18:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2010/04/12 21:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InfraRecorder
[2010/01/10 20:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2008/10/17 13:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Juniper Networks
[2007/09/28 14:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Othyam
[2008/11/09 11:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2008/01/20 19:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2008/11/12 18:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2004/04/02 04:03:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/01/19 11:37:37 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/09/18 19:34:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/22 17:46:58 | 000,050,975 | ---- | M] () -- C:\ComboFix.txt
[2004/04/02 04:03:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/23 08:40:13 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2004/04/02 04:03:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/07/22 11:04:35 | 000,001,107 | -H-- | M] () -- C:\IPH.PH
[2004/04/02 04:03:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/05/27 16:22:31 | 000,001,142 | ---- | M] () -- C:\NTDClient.log
[2004/09/09 20:40:49 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/09/09 20:40:49 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/09/23 08:40:12 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2010/09/19 12:51:04 | 000,000,392 | ---- | M] () -- C:\rkill.log
[2008/11/16 17:19:01 | 000,000,215 | ---- | M] () -- C:\Shortcut to CD Drive.lnk
[2010/09/18 18:52:28 | 000,041,042 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_18.09.2010_18.49.11_log.txt
[2007/06/18 22:42:03 | 000,276,573 | -HS- | M] () -- C:\vm404.log

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >
[2006/02/19 03:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2004/04/02 04:03:09 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/03/22 21:08:20 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp463.dll
[2003/06/19 04:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/04/01 19:55:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/04/01 19:55:44 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/04/01 19:55:44 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2004/09/09 20:46:14 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2004/04/02 04:31:02 | 000,014,727 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ml1.srt
[2004/04/02 04:31:02 | 000,014,785 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ml2.srt
[2004/04/02 04:31:02 | 000,003,568 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\tempdiff.txt

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/09/11 19:22:28 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/04/02 04:07:58 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/22 16:16:31 | 003,849,687 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/09/20 20:46:50 | 049,703,992 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\drweb-cureit.exe
[2010/09/18 13:29:06 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/09/23 08:42:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/09/18 15:28:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\psu7ewt5.exe
[2010/09/19 00:04:32 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/02/11 23:53:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/09/11 19:22:28 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini
[2009/05/27 15:24:08 | 000,001,224 | ---- | M] () -- C:\Documents and Settings\Owner\Favorites\Verizon Central

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/23 08:40:18 | 000,163,840 | ---- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2005/01/28 13:44:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/04 03:56:42 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/02/12 21:10:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 23:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 23:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 10:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 03:56:14 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2010/07/19 16:26:14 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/21 02:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2004/02/11 23:33:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/02/11 23:33:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/02/12 21:11:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 23:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 14:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/05/07 20:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2009/05/27 15:33:52 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/05/27 15:33:52 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2007/10/23 18:18:59 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?icrosoft) -- C:\Documents and Settings\Owner\My Documents\Мicrosoft
[2007/10/23 18:18:59 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?icrosoft) -- C:\Documents and Settings\Owner\My Documents\Мicrosoft
[2007/05/22 07:24:21 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\??mantec) -- C:\Documents and Settings\Owner\My Documents\Ѕуmantec
[2007/05/22 07:24:21 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\??mantec) -- C:\Documents and Settings\Owner\My Documents\Ѕуmantec

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
< End of report >

broni · 2010/09/23

This computer would greatly benefit from adding another 512MB of RAM.

==================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

=================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Value error. File not found
O16 - DPF: {971127BB-259F-48C2-BD75-5F97A3331551} https://wcac.magellanhealth.com/+CSC...-3h--msrdp.cab (Reg Error: Key error.)
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2008/11/12 18:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/05/27 15:33:52 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/05/27 15:33:52 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2007/05/22 07:24:21 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\??mantec) -- C:\Documents and Settings\Owner\My Documents\Ѕуmantec
[2007/05/22 07:24:21 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\??mantec) -- C:\Documents and Settings\Owner\My Documents\Ѕуmantec
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

IMOPRTANT! UN-check Remove found threats

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

BillB · 2010/09/24

I advised the owner that this machine really needed a memory boost, they are going to upgrade it after the cleanup is complete.

I updated Java and removed the older versions. Here are the new logs.

All processes killed
========== OTL ==========
Error: No service named RPSKT) Security Services Driver (x86 was found to stop!
Service\Driver key RPSKT) Security Services Driver (x86 not found.
File C:\WINDOWS\System32\DRIVERS\rp_skt32.sys not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Starting removal of ActiveX control {971127BB-259F-48C2-BD75-5F97A3331551}
C:\WINDOWS\Downloaded Program Files\msrdp.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{971127BB-259F-48C2-BD75-5F97A3331551}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{971127BB-259F-48C2-BD75-5F97A3331551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{971127BB-259F-48C2-BD75-5F97A3331551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{971127BB-259F-48C2-BD75-5F97A3331551}\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET23.tmp deleted successfully.
C:\WINDOWS\System32\SET25.tmp deleted successfully.
C:\WINDOWS\System32\SET9B.tmp deleted successfully.
C:\WINDOWS\System32\SETAD.tmp deleted successfully.
C:\WINDOWS\System32\SETC7.tmp deleted successfully.
C:\WINDOWS\002245_.tmp deleted successfully.
C:\WINDOWS\CC4C261AB9154F23BD237E1AE5713B4E.TMP\WiseData.ini deleted successfully.
C:\WINDOWS\CC4C261AB9154F23BD237E1AE5713B4E.TMP folder deleted successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Viewpoint folder moved successfully.
C:\WINDOWS\system32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩 moved successfully.
File C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩 not found.
C:\Documents and Settings\Owner\My Documents\Ѕуmantec folder moved successfully.
Folder C:\Documents and Settings\Owner\My Documents\Ѕуmantec\ not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Documents and Settings\Owner\My Documents\Мicrosoft folder moved successfully.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 25117 bytes

User: Owner
->Temp folder emptied: 9633867 bytes
->Temporary Internet Files folder emptied: 4294523 bytes
->Java cache emptied: 2028160 bytes
->Flash cache emptied: 1888933 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 752 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32969 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 17.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 09242010_090149

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player
Adobe Reader 6.0.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

BillB · 2010/09/24

I've added the Eset online scan results as a text file attachment.

broni · 2010/09/24

Upgrade IE to at least version 7.

==================================================================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe	
C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\invhome.htm
C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe	
C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe	
C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe
C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe
C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe	
C:\hp\recovery\wizard\fscommand\RunLink_ret.exe
C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe
C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe
C:\Program Files\Microsoft Works\wksdb.htm	
C:\Program Files\Microsoft Works\wksss.htm	
C:\Program Files\Microsoft Works\wkswp.htm	
C:\Program Files\Quicken\inet\common\qlive.htm	
C:\Program Files\Quicken\Qnue\custom\license.htm	
C:\Program Files\Verizon\OCB\59f0a839-d94f-4728-ba23-c4b92a683d26\OfflineDispatcher.htm
C:\WINDOWS\system32\hlp.dat

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including Service Pack 3 installation)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

BillB · 2010/09/25

The machine seems to be doing a whole lot better than it was when I first booted it. I'm going to update IE to V7 and update Adobe reader. Will be cleaning up the tools used also. I'm going to check on the memory upgrades available and advise the owner what paths are available. Here are the logs from OTL, let me know if there is anything further to do;

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\invhome.htm moved successfully.
C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe moved successfully.
C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe moved successfully.
C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe moved successfully.
C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe moved successfully.
C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe moved successfully.
C:\hp\recovery\wizard\fscommand\RunLink_ret.exe moved successfully.
C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe moved successfully.
C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe moved successfully.
C:\Program Files\Microsoft Works\wksdb.htm moved successfully.
C:\Program Files\Microsoft Works\wksss.htm moved successfully.
C:\Program Files\Microsoft Works\wkswp.htm moved successfully.
C:\Program Files\Quicken\inet\common\qlive.htm moved successfully.
C:\Program Files\Quicken\Qnue\custom\license.htm moved successfully.
C:\Program Files\Verizon\OCB\59f0a839-d94f-4728-ba23-c4b92a683d26\OfflineDispatcher.htm moved successfully.
C:\WINDOWS\system32\hlp.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 356346 bytes
->Temporary Internet Files folder emptied: 5441769 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17136 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 09252010_130032

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 355133 bytes
->Temporary Internet Files folder emptied: 770868 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 708 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.14.1 log created on 09252010_130423

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2010/09/25

That's about it, unless you have some other questions....

BillB · 2010/09/25

I had to uninstall Avast antivirus and reinstall it, as I had originally installed it in safe mode but it apparently wasn't working. It popped up messages about these files;

C:\PROGRAM FILES\RMNETWORK\WEBAGENT.DLL Win32:Malware-gen
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL Win32:Quolko
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL Win32:Quolko

It said it moved the files to the chest. I'm more concerned about the superantispyware files than the other one, any ideas why it flagged them?

broni · 2010/09/25

Most likely, false positive.
You can upload all three files here: http://www.virustotal.com/ to double check.
If everything checks out, create an exception in Avast for those files.

BillB · 2010/09/26

Will do, thanks very much for the help. This machine is much better than it was when I originally saw it.

broni · 2010/09/26

Cool

Good luck

Log in or Sign up

Solved Need help with XP machine that won't run in normal mode

BillB Well-Known Member Thread Starter

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

BillB Well-Known Member Thread Starter

Attached Files:

Eset online scan.txt

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Need help with XP machine that won't run in normal mode

BillB Well-Known Member Thread Starter

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

BillB Well-Known Member Thread Starter

Attached Files:

Eset online scan.txt

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches