WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infection: "system-check.com" [Solved]

Started by Dean N , Dec 27 2011 10:34 PM

Page 6 of 9
4
5
6
7
8

This topic is locked

133 replies to this topic

#76 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 04 January 2012 - 05:23 PM

There was a typo on the batch file, lets run it again, drag expand.bat that you have on your desktop now to the trash

Copy all the Quoted text inside the Quote box and paste it into Notepad, save it as expand.bat , on the drop down list change it to All Files, save it to your desktop, then click on expand.bat to execute it. Then reboot

expand C:\WINDOWS\I386\winlogon.ex_ c:\windows\system32\dllcache\winlogon.exe
expand C:\WINDOWS\I386\svchost.ex_ c:\windows\system32\dllcache\svchost.exe
expand C:\WINDOWS\I386\explorer.ex_ c:\windows\system32\dllcache\explorer.exe

Do not reboot

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above FCopy::

FCopy::
c:\windows\system32\dllcache\winlogon.exe | c:\windows\system32\winlogon.exe
c:\windows\system32\dllcache\svchost.exe | c:\windows\system32\svchost.exe
c:\windows\system32\dllcache\explorer.exe | c:\windows\explorer.exe

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#77 Dean N

Authentic Member

Authentic Member
152 posts

Posted 04 January 2012 - 08:22 PM

I ran expand.bat again from the desktop with pretty much the same result.. a cmd window with text flying from top to bottom... should I close it via taskmgr and proceed with CF?

#78 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 04 January 2012 - 08:25 PM

Yes, please do

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#79 Dean N

Authentic Member

Authentic Member
152 posts

Posted 04 January 2012 - 09:55 PM

ComboFix 12-01-04.03 - Dean Nicholson 01/04/2012 22:02:26.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2479 [GMT -5:00]
Running from: c:\documents and settings\Dean Nicholson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dean Nicholson\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\DEANNI~1\LOCALS~1\Temp\win2.tmp
c:\docume~1\DEANNI~1\LOCALS~1\Temp\win4.tmp
c:\documents and settings\Dean Nicholson\Desktop\System Check.lnk
c:\documents and settings\Dean Nicholson\Local Settings\temp\win2.tmp
c:\documents and settings\Dean Nicholson\Local Settings\temp\win4.tmp
c:\documents and settings\Dean Nicholson\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Dean Nicholson\Start Menu\Programs\System Check\Uninstall System Check.lnk
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\svchost.exe
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-04 02:16 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-01-04 02:16 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-02 22:55 . 2012-01-01 17:17 4702720 ----a-w- C:\aswMBR.exe
2012-01-01 03:06 . 2012-01-01 03:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-01-01 03:06 . 2012-01-01 03:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-01-01 00:31 . 2012-01-01 00:31 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-01-01 00:29 . 2012-01-01 00:29 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-12-30 19:28 . 2011-12-30 19:28 -------- d-----w- c:\program files\ESET
2011-12-30 12:21 . 2012-01-01 06:39 -------- d-----w- c:\windows\system32\LogFiles
2011-12-30 01:16 . 2011-12-30 01:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-12-21 00:36 . 2011-12-29 01:52 -------- d-----w- c:\documents and settings\Dean Nicholson\Application Data\Skype
2011-12-21 00:36 . 2011-12-29 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-12-18 21:32 . 2011-12-18 21:32 -------- d-----w- c:\documents and settings\Dean Nicholson\Application Data\Yahoo!
2011-12-18 21:29 . 2011-12-23 05:00 -------- d-----w- c:\program files\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 00:42 . 2010-08-30 18:15 1058816 ----a-w- c:\windows\explorer.exe
2011-12-28 00:19 . 2011-07-01 01:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2011-07-01 02:22 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2010-08-30 18:15 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2010-08-30 18:15 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2010-08-30 18:15 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2010-08-30 18:15 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2010-08-30 18:15 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2010-08-30 18:15 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-08-30 18:15 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 00:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2010-08-30 18:15 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-08-30 18:26 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-10 12:31 . 2011-07-02 02:13 17712 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-10-10 12:31 . 2011-07-02 02:13 26416 ----a-w- c:\windows\system32\nitrolocalmon2.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-08-21 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2008-08-21 . 1300F6682BEA386767AE2A7C6C2DDCA7 . 545280 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[7] 2008-08-21 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
[-] 2008-08-21 . ECD453C1AD7D2FF9448C24A65642FE17 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
[-] 2012-01-03 . F92D05B1C0DE946CF66B11479247FBDE . 1058816 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-08-21 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot_2012-01-04_03.04.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-05 03:35 . 2012-01-05 03:35 16384 c:\windows\temp\Perflib_Perfdata_b0c.dat
+ 2012-01-04 21:52 . 2012-01-04 21:52 16384 c:\windows\temp\Perflib_Perfdata_860.dat
+ 2010-08-30 18:15 . 2008-08-21 17:00 14336 c:\windows\system32\svch.dat
- 2012-01-03 00:42 . 2012-01-03 00:42 14336 c:\windows\system32\svch.dat
+ 2012-01-01 03:06 . 2012-01-04 13:17 6356992 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-01 03:06 . 2012-01-04 01:45 6356992 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SODCPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe" [2011-07-03 40960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-05-12 517480]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-22 431464]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-04-22 181608]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"dplaysvr"="c:\documents and settings\Dean Nicholson\Application Data\dplaysvr.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"="c:\documents and settings\Dean Nicholson\Application Data\dplaysvr.exe" [BU]
.
c:\documents and settings\Dean Nicholson\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IBM\\Lotus\\Symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.0.20090505-1200\\win32\\x86\\symphony.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [8/31/2010 12:26 PM 24304]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [9/1/2010 11:16 AM 13480]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [8/31/2010 12:26 PM 132456]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [10/10/2011 7:32 AM 196912]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/31/2010 12:26 PM 53248]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [9/1/2010 11:16 AM 63928]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 2:54 PM 37312]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/30/2011 7:28 PM 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [9/1/2010 11:16 AM 45496]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/30/2011 7:28 PM 136176]
S3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [11/18/2005 3:21 PM 58624]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [8/5/2005 2:42 PM 73600]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-31 00:28]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-31 00:28]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1741676890-1038465670-3455570982-1004Core.job
- c:\documents and settings\Dean Nicholson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-27 00:38]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1741676890-1038465670-3455570982-1004UA.job
- c:\documents and settings\Dean Nicholson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-27 00:38]
.
2012-01-05 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-08-31 05:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-04 22:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,50,6e,4d,4a,8d,41,45,b1,36,70,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,50,6e,4d,4a,8d,41,45,b1,36,70,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4016)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxext.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-04 22:51:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-05 03:51
ComboFix2.txt 2012-01-04 22:08
ComboFix3.txt 2012-01-04 03:19
ComboFix4.txt 2012-01-03 18:17
ComboFix5.txt 2012-01-05 02:55
.
Pre-Run: 81,645,522,944 bytes free
Post-Run: 81,628,291,072 bytes free
.
- - End Of File - - 19FFCAC99C5E799284B6F6C61BD4A3E6

#80 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 January 2012 - 03:32 AM

The batch file didn't work, those three files are infected, the backup location that Combofix is trying to replace them with is infected as well. Getting those three files replaced with clean copies is whats needed to get your system back in shape, those three files are crucial windows files.

I want you to download OTL, just leave it on your desktop, I dont need you to run a scan, once its downloaded then we will add a fix to it, lets hope this works.

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:processes
killallprocesses

:OTL

:Files
expand C:\WINDOWS\I386\winlogon.ex_ c:\windows\system32\dllcache\winlogon.exe /c
expand C:\WINDOWS\I386\svchost.ex_ c:\windows\system32\dllcache\svchost.exe /c
expand C:\WINDOWS\I386\explorer.ex_ c:\windows\system32\dllcache\explorer.exe /c

[emptytemp]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#81 Dean N

Authentic Member

Authentic Member
152 posts

Posted 05 January 2012 - 08:44 AM

OTL logfile created on: 1/5/2012 9:35:35 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dean Nicholson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 80.97% Memory free
4.84 Gb Paging File | 4.44 Gb Available in Paging File | 91.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 89.02 Gb Total Space | 75.98 Gb Free Space | 85.36% Space Free | Partition Type: NTFS
Drive E: | 983.72 Mb Total Space | 370.50 Mb Free Space | 37.66% Space Free | Partition Type: FAT

Computer Name: D2 | User Name: Dean Nicholson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dean Nicholson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe ()
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\xerces-depdom_2_6.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\xslt4cMessages_1_7_0.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\udkservice1.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\sal3.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\uwinapi.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\vos3MSC.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\rmcxt3.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\log4pt.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\basicservice.uno.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\reg3.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\emser645mi.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090605-2002\jvmaccess3MSC.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\vcl645mi.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\xcr645mi.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\svt645mi.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\ucpchelp1.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\tk645mi.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\so645mi.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\sb645mi.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\i18npool645mi.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\sax.uno.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090605-2002\go645mi.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20090605-2002\svx645mi.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20090605-2002\sfx645mi.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20090605-2002\ofa645mi.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\oleautobridge.uno.dll ()
MOD - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\desktp645mi.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL ()
MOD - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACAthV2MSVC6.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACNewBiosHelper.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACAthV2ExtDLL.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (acs) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

========== Driver Services (SafeList) ==========

DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (DozeHDD) -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys (Lenovo.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (swmx01) Sierra Wireless USB MUX Driver (#01) -- C:\WINDOWS\system32\drivers\swmx01.sys (Sierra Wireless Corporation)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (SWNC5E01) Sierra Wireless MUX NDIS Driver (#01) -- C:\WINDOWS\system32\drivers\SWNC5E01.sys (Sierra Wireless Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1741676890-1038465670-3455570982-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1741676890-1038465670-3455570982-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1741676890-1038465670-3455570982-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{googl
e:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chro
me&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client
=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/01/04 22:36:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe File not found
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\.DEFAULT..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe File not found
O4 - HKU\S-1-5-18..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe File not found
O4 - HKU\S-1-5-21-1741676890-1038465670-3455570982-1004..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe ()
O4 - Startup: C:\Documents and Settings\Dean Nicholson\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1741676890-1038465670-3455570982-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1741676890-1038465670-3455570982-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1741676890-1038465670-3455570982-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1741676890-1038465670-3455570982-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1741676890-1038465670-3455570982-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/30 13:28:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 09:34:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dean Nicholson\Desktop\OTL.exe
[2012/01/04 21:53:14 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/03 21:16:16 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2012/01/03 13:18:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/03 11:13:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dean Nicholson\Recent
[2012/01/03 08:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dean Nicholson\My Documents\erunt
[2012/01/02 18:06:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/02 17:55:29 | 004,702,720 | ---- | C] (AVAST Software) -- C:\aswMBR.exe
[2012/01/01 12:26:35 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dean Nicholson\My Documents\aswMBR.exe
[2011/12/31 19:42:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/12/30 16:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dean Nicholson\Desktop\Virus 12-2011
[2011/12/30 14:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/30 11:17:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/30 07:26:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/30 07:26:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/30 07:26:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/30 07:26:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/30 07:24:18 | 004,370,643 | R--- | C] (Swearware) -- C:\Documents and Settings\Dean Nicholson\Desktop\ComboFix.exe
[2011/12/30 07:21:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/30 07:21:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/12/30 07:16:21 | 004,360,898 | R--- | C] (Swearware) -- C:\Documents and Settings\Dean Nicholson\My Documents\ComboFix.exe
[2011/12/29 20:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/29 20:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/29 20:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/12/29 20:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/12/29 20:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/12/29 19:39:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dean Nicholson\My Documents\My Videos
[2011/12/29 19:39:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dean Nicholson\Start Menu\Programs\Administrative Tools
[2011/12/27 22:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dean Nicholson\Start Menu\Programs\System Check
[2011/12/20 19:50:30 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2011/12/20 19:50:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2011/12/20 19:50:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2011/12/20 19:50:29 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2011/12/20 19:50:29 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2011/12/20 19:50:28 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2011/12/20 19:50:27 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2011/12/20 19:50:26 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011/12/20 19:50:25 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2011/12/20 19:50:21 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/12/20 19:50:17 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2011/12/20 19:50:17 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011/12/20 19:50:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2011/12/20 19:50:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2011/12/20 19:50:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2011/12/20 19:50:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/12/20 19:50:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2011/12/20 19:50:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2011/12/20 19:50:16 | 000,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2011/12/20 19:50:16 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2011/12/20 19:50:16 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2011/12/20 19:50:16 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2011/12/20 19:50:16 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2011/12/20 19:50:12 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2011/12/20 19:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dean Nicholson\Application Data\Skype
[2011/12/20 19:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/12/18 16:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dean Nicholson\Application Data\Yahoo!
[2011/12/18 16:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

========== Files - Modified Within 30 Days ==========

[2012/01/05 09:32:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dean Nicholson\Desktop\OTL.exe
[2012/01/05 09:29:30 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/01/05 09:23:12 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1741676890-1038465670-3455570982-1004UA.job
[2012/01/05 09:03:39 | 000,008,572 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/05 08:55:18 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/05 08:55:17 | 000,012,658 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/05 08:54:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/04 23:48:01 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/04 22:36:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/04 21:50:07 | 004,370,643 | R--- | M] (Swearware) -- C:\Documents and Settings\Dean Nicholson\Desktop\ComboFix.exe
[2012/01/04 21:03:43 | 000,000,239 | ---- | M] () -- C:\Documents and Settings\Dean Nicholson\Desktop\expand.bat
[2012/01/03 20:33:17 | 000,010,992 | -HS- | M] () -- C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\42if7iml56yyv3a4u4516fq3uu2
[2012/01/03 20:33:17 | 000,010,992 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\42if7iml56yyv3a4u4516fq3uu2
[2012/01/03 13:16:16 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Dean Nicholson\Desktop\unhide.exe
[2012/01/03 11:30:44 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Dean Nicholson\My Documents\SystemLook.exe
[2012/01/03 08:11:19 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Dean Nicholson\My Documents\erunt.zip
[2012/01/03 06:06:27 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Dean Nicholson\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/03 05:33:30 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\19792079
[2012/01/02 19:42:54 | 001,058,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2012/01/02 19:33:20 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Dean Nicholson\Desktop\SystemLook.exe
[2012/01/02 18:00:58 | 004,360,898 | R--- | M] (Swearware) -- C:\Documents and Settings\Dean Nicholson\My Documents\ComboFix.exe
[2012/01/02 18:00:40 | 000,011,028 | -HS- | M] () -- C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\x85f5ml405p8ce05427hdhh05mfv476fg5s2
[2012/01/02 18:00:40 | 000,011,028 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\x85f5ml405p8ce05427hdhh05mfv476fg5s2
[2012/01/01 15:38:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dean Nicholson\My Documents\dump.dat
[2012/01/01 12:17:52 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dean Nicholson\My Documents\aswMBR.exe
[2012/01/01 12:17:52 | 004,702,720 | ---- | M] (AVAST Software) -- C:\aswMBR.exe
[2011/12/30 20:44:22 | 000,011,000 | -HS- | M] () -- C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\213ms54md02a01808426vojooi4k641umf6gp23374q
[2011/12/30 20:44:22 | 000,011,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\213ms54md02a01808426vojooi4k641umf6gp23374q
[2011/12/30 14:24:11 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Dean Nicholson\My Documents\MBRCheck.exe
[2011/12/30 14:23:01 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1741676890-1038465670-3455570982-1004Core.job
[2011/12/30 11:17:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/29 19:53:52 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\Dean Nicholson\My Documents\New Compressed (zipped) Folder.zip
[2011/12/27 19:19:02 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/27 19:16:42 | 000,129,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/10 16:12:59 | 000,346,617 | ---- | M] () -- C:\Documents and Settings\Dean Nicholson\My Documents\DMT.pdf
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/01/04 21:03:43 | 000,000,239 | ---- | C] () -- C:\Documents and Settings\Dean Nicholson\Desktop\expand.bat
[2012/01/03 23:28:56 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Dean Nicholson\Desktop\unhide.exe
[2012/01/03 20:31:16 | 000,010,992 | -HS- | C] () -- C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\42if7iml56yyv3a4u4516fq3uu2
[2012/01/03 20:31:16 | 000,010,992 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\42if7iml56yyv3a4u4516fq3uu2
[2012/01/03 14:39:25 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Dean Nicholson\My Documents\SystemLook.exe
[2012/01/03 08:11:17 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Dean Nicholson\My Documents\erunt.zip
[2012/01/03 05:33:29 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\19792079
[2012/01/02 19:33:19 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Dean Nicholson\Desktop\SystemLook.exe
[2012/01/01 15:38:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dean Nicholson\My Documents\dump.dat
[2012/01/01 11:18:26 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Dean Nicholson\My Documents\gmer.exe
[2011/12/31 21:57:59 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Dean Nicholson\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/31 21:57:32 | 000,011,028 | -HS- | C] () -- C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\x85f5ml405p8ce05427hdhh05mfv476fg5s2
[2011/12/31 21:57:32 | 000,011,028 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x85f5ml405p8ce05427hdhh05mfv476fg5s2
[2011/12/30 16:36:40 | 000,011,000 | -HS- | C] () -- C:\Documents and Settings\Dean Nicholson\Local Settings\Application Data\213ms54md02a01808426vojooi4k641umf6gp23374q
[2011/12/30 16:36:40 | 000,011,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\213ms54md02a01808426vojooi4k641umf6gp23374q
[2011/12/30 14:24:11 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Dean Nicholson\My Documents\MBRCheck.exe
[2011/12/30 11:17:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/30 11:17:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/30 07:26:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/30 07:26:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/30 07:26:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/30 07:26:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/30 07:26:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/29 19:53:52 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Dean Nicholson\My Documents\New Compressed (zipped) Folder.zip
[2011/12/27 19:16:42 | 000,129,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/10 16:12:59 | 000,346,617 | ---- | C] () -- C:\Documents and Settings\Dean Nicholson\My Documents\DMT.pdf
[2011/08/11 20:53:18 | 000,548,952 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/02 08:29:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/09/01 11:17:42 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/09/01 08:15:04 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010/09/01 08:15:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2010/09/01 08:15:04 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010/08/31 14:02:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/08/31 14:00:09 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/08/31 14:00:09 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/08/31 14:00:08 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/08/31 13:54:09 | 000,008,572 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/31 12:41:54 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/08/31 12:26:48 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/08/31 12:26:47 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/08/30 13:36:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/08/30 13:36:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/08/30 13:36:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/08/30 13:36:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/08/30 13:36:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/08/30 13:36:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/08/30 13:30:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/30 13:26:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/30 13:15:52 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\winl.dat
[2010/08/30 13:15:52 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\svch.dat
[2010/08/30 13:15:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/08/30 13:15:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/08/30 13:15:49 | 000,433,372 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/30 13:15:49 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/08/30 13:15:49 | 000,068,162 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/30 13:15:49 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/08/30 13:15:49 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/08/30 13:15:49 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/08/30 13:15:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/08/30 13:15:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/08/30 13:15:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/08/30 13:15:41 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010/08/30 06:24:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/02/15 15:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2006/01/26 15:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2010/09/01 11:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lenovo
[2011/06/30 20:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2011/07/01 21:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/08/30 13:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2011/07/01 21:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/30 20:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dean Nicholson\Application Data\Avaya
[2011/10/16 20:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dean Nicholson\Application Data\Downloaded Installations
[2010/09/01 11:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dean Nicholson\Application Data\Lenovo
[2011/08/21 17:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dean Nicholson\Application Data\Nitro PDF
[2011/07/10 12:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dean Nicholson\Application Data\OpenOffice.org
[2011/10/30 15:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dean Nicholson\Application Data\PhotoScape
[2010/09/01 11:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo
[2012/01/05 09:29:30 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 1/5/2012 9:35:35 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dean Nicholson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 80.97% Memory free
4.84 Gb Paging File | 4.44 Gb Available in Paging File | 91.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 89.02 Gb Total Space | 75.98 Gb Free Space | 85.36% Space Free | Partition Type: NTFS
Drive E: | 983.72 Mb Total Space | 370.50 Mb Free Space | 37.66% Space Free | Partition Type: FAT

Computer Name: D2 | User Name: Dean Nicholson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe" = C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090505-1200\win32\x86\symphony.exe:*:Enabled:Lotus Symphony -- (IBM)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEA4524-0026-439F-9146-7108F440EE96}" = Nitro PDF Reader 2
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{757debef-635e-4076-b82b-dac22feb3c9c}" = IBM Lotus Symphony
"{78E83B4F-7230-4F0B-B1AD-8DDF05473D6F}" = Intel® PROSet/Wireless WiFi Software
"{7DA0C101-5C7C-40C9-A485-68E12780232C}" = Sierra Wireless MC5720 Package for Access Connections
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ATI Display Driver" = ATI Display Driver
"BrewMate_is1" = BrewMate
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"OnScreenDisplay" = On Screen Display
"PhotoScape" = PhotoScape
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1741676890-1038465670-3455570982-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/28/2011 1:04:23 AM | Computer Name = D2 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001dae87.

Error - 12/28/2011 8:54:23 AM | Computer Name = D2 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001dae87.

Error - 12/28/2011 8:06:58 PM | Computer Name = D2 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/28/2011 8:07:02 PM | Computer Name = D2 | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.

Error - 12/28/2011 8:13:29 PM | Computer Name = D2 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001dae87.

Error - 12/28/2011 9:50:48 PM | Computer Name = D2 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001dae87.

Error - 12/28/2011 10:52:53 PM | Computer Name = D2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.

Error - 12/29/2011 9:09:59 PM | Computer Name = D2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.

Error - 12/29/2011 9:45:59 PM | Computer Name = D2 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 12/29/2011 10:37:05 PM | Computer Name = D2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.

[ Application Events ]
Error - 12/28/2011 1:04:23 AM | Computer Name = D2 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001dae87.

Error - 12/28/2011 8:54:23 AM | Computer Name = D2 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001dae87.

Error - 12/28/2011 8:06:58 PM | Computer Name = D2 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/28/2011 8:07:02 PM | Computer Name = D2 | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.

Error - 12/28/2011 8:13:29 PM | Computer Name = D2 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001dae87.

Error - 12/28/2011 9:50:48 PM | Computer Name = D2 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001dae87.

Error - 12/28/2011 10:52:53 PM | Computer Name = D2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.

Error - 12/29/2011 9:09:59 PM | Computer Name = D2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.

Error - 12/29/2011 9:45:59 PM | Computer Name = D2 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 12/29/2011 10:37:05 PM | Computer Name = D2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.

[ System Events ]
Error - 1/3/2012 9:50:02 PM | Computer Name = D2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ANC Fips IBMTPCHK intelppm lenovo.smi TPHKDRV TPPWRIF

Error - 1/3/2012 9:52:52 PM | Computer Name = D2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/3/2012 9:57:18 PM | Computer Name = D2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/3/2012 9:57:32 PM | Computer Name = D2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/3/2012 9:57:35 PM | Computer Name = D2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/3/2012 10:01:34 PM | Computer Name = D2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/3/2012 10:18:58 PM | Computer Name = D2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/5/2012 9:52:18 AM | Computer Name = D2 | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 1/5/2012 9:52:18 AM | Computer Name = D2 | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/5/2012 9:55:06 AM | Computer Name = D2 | Source = PlugPlayManager | ID = 12
Description = The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
disappeared from the system without first being prepared for removal.

< End of report >

#82 Dean N

Authentic Member

Authentic Member
152 posts

Posted 05 January 2012 - 10:18 AM

The Run Fix has been running for >90 min. I'm not seeing any activity in the OTL or C:\ windows.

#83 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 January 2012 - 11:08 AM

Go back to Task Manager and end the program, lets try a different script

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

processes
   killallprocesses
   
   :OTL
   
   :Files
   C:\WINDOWS\I386\sp3.cab:winlogon.exe /e
   c:\windows\system32\winlogon.exe|c:\winlogon.exe /replace
   C:\WINDOWS\I386\sp3.cab:svchost.exe /e
   c:\windows\system32\svchost.exe|c:\svchost.exe /replace
   C:\WINDOWS\I386\sp3.cab:explorer.exe /e
   c:\windows\explorer.exe|c:\explorer.exe /replace
 
   [emptytemp]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#84 Dean N

Authentic Member

Authentic Member
152 posts

Posted 05 January 2012 - 11:14 AM

Am I running OTL with its default settings, or am I applying the same settings I did for the Run Scan?

#85 Dean N

Authentic Member

Authentic Member
152 posts

Posted 05 January 2012 - 11:18 AM

Disregard last post... it's rebooting.

Advertisements

Register to Remove

#86 Dean N

Authentic Member

Authentic Member
152 posts

Posted 05 January 2012 - 11:21 AM

All processes killed ========== PROCESSES ========== No active process named :OTL was found! No active process named :Files was found! No active process named sp3.cab:winlogon.exe /e was found! No active process named winlogon.exe /replace was found! No active process named sp3.cab:svchost.exe /e was found! No active process named svchost.exe /replace was found! No active process named sp3.cab:explorer.exe /e was found! No active process named explorer.exe /replace was found! No active process named [emptytemp] was found! OTL by OldTimer - Version 3.2.31.0 log created on 01052012_121743 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

#87 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 January 2012 - 11:27 AM

Be back soon, I am out of ideas

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#88 Dean N

Authentic Member

Authentic Member
152 posts

Posted 05 January 2012 - 11:30 AM

I totally appreciate all your help Ken.

#89 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 January 2012 - 12:27 PM

Well, dont want to leave you in this state as we have come so far. I am going to have someone else look into this, they may see something I missed. Is there anyway you can borrow a Win XP Pro disk ?

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#90 Dean N

Authentic Member

Authentic Member
152 posts

Posted 05 January 2012 - 12:30 PM

I am currently holding a Microsoft Windows XP Pro Service Pack 3 Reinstallation CD! :banana:

Body Background

skin color theme

Infection: "system-check.com" [Solved]

#76 ken545

Advertisements

Register to Remove

#77 Dean N

#78 ken545

#79 Dean N

#80 ken545

#81 Dean N

#82 Dean N

#83 ken545

#84 Dean N

#85 Dean N

Advertisements

Register to Remove

#86 Dean N

#87 ken545

#88 Dean N

#89 ken545

#90 Dean N

Related Topics

1 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Infection: "system-check.com" [Solved]

#76 ken545

Advertisements Register to Remove

#77 Dean N

#78 ken545

#79 Dean N

#80 ken545

#81 Dean N

#82 Dean N

#83 ken545

#84 Dean N

#85 Dean N

Advertisements Register to Remove

#86 Dean N

#87 ken545

#88 Dean N

#89 ken545

#90 Dean N

Related Topics

1 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove