Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probable Rootkit, Blocked Websites, Can't boot from Disk


  • This topic is locked This topic is locked
43 replies to this topic

#1 3xplicit

3xplicit

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 20 May 2009 - 04:50 PM

I've been wrestling with whatever it is that's on my computer for a little over a week now. I first noticed something was wrong when my internet access seemed very limited. I was getting connection errors to many different sites, primarily anti-virus, tech support, etc. BleepingComputer.com was one of them. I began researching what might be wrong and downloaded a couple highly recommended programs (Malwarebytes, Spybot SD, Avast, AVG, etc.) None of these have been able to find much of anything, and i believe largely it has to do with the fact that i can't update any of them. I get an error that typically goes something like "you are either not connected to the internet or your firewall is blocking this program" I am connected to the internet, and even after specifically granting access to the internet for the programs in the firewall, I continued to get the same error. I was using the trial version of McAfee at the time (still am... kind of) and i turned on my computer the other day and it directed for my attention. It appears that whatever is on my computer has crippled my one complete protection program. McAfee cannot fix itself and recommends a reinstall, but because the installer downloads, it too it blocked. After a few days of frustration with trying to scan, fix, scan, clean, etc. I was ready to give up, back up my media and file, and reformat. Here's the next problem. Even with my boot order set, or commanding it to boot directly from the CD drive, i get an error. My BIOS recognizes my cd drive, but while DOS is loading it gives me an error along the lines of:

"no drives found, aborting installation

device driver not found: 'MSCD001'.
no valid CDROM device drivers selected
Invalid drive specification"

I know my cd drive works, it can read and write perfectly fine once the OS has loaded, the little green LED flashes, and the cd even spins up right before getting that error.

that's about all i can think of off the top of my head. if you need to know anything else, ask away. the easier i can make your job the better. and thanks for your time.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Dan at 14:17:49.54 on Wed 05/20/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2451 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.8.1335 [VPS 090519-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\windows\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Eraser\eraser.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.7\NppBho.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.19.0\gears.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.7\UIBHO.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Eraser] c:\program files\eraser\eraser.exe -hide
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.19.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113523519421
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\3y5fqbau.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-7 144704]
R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [2005-4-14 43512]
R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [2004-8-27 97920]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [2008-11-19 179482]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-18 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-19 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-19 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-19 108552]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-18 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-18 138680]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-19 298776]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-7-17 108904]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-7-17 108904]
R2 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [2005-4-14 5088]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-7 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-7 359952]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-19 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-5-18 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-18 352920]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-11-19 17149]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-7 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-7 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-7 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-7 40552]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090519.034\NAVENG.SYS [2008-1-1 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090519.034\NAVEX15.SYS [2008-1-1 876144]
R3 SunkFilt62;Alcor Micro Corp - 6362;c:\windows\system32\drivers\sunkfilt62.sys [2004-7-23 46536]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-5-18 1251720]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2008-11-19 362944]
S2 0322771241741947mcinstcleanup;McAfee Application Installer Cleanup (0322771241741947);c:\docume~1\dan\locals~1\temp\032277~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\dan\locals~1\temp\032277~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 CXTuner;Conexant TVTuner;c:\windows\system32\drivers\CXTuner.sys [2005-4-14 23264]
S3 CXVideo;Conexant Capture;c:\windows\system32\drivers\CXVCap.sys [2005-4-14 93056]
S3 CXXBar;Conexant Crossbar;c:\windows\system32\drivers\CXXBar.sys [2005-4-14 7200]
S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10910.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10910.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\396.tmp --> c:\windows\system32\396.tmp [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-7 34216]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 SPLFXEQ;SPLFXEQ;c:\docume~1\dan\locals~1\temp\SPLFXEQ.exe [2009-5-19 592768]
S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\system32\drivers\sunkfilt6.sys --> c:\windows\system32\drivers\sunkfilt6.sys [?]
S4 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2008-12-27 68136]
S4 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-2 33752]
S4 gupdate1c9bf10d28710be;Google Update Service (gupdate1c9bf10d28710be);c:\program files\google\update\GoogleUpdate.exe [2009-4-16 133104]

=============== Created Last 30 ================

2009-05-20 12:02 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-05-19 13:39 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-19 13:39 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-19 13:39 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-19 13:39 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-19 13:39 <DIR> --d----- c:\docume~1\dan\applic~1\AVGTOOLBAR
2009-05-19 13:39 <DIR> --d----- c:\program files\AVG
2009-05-19 13:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-05-19 12:40 <DIR> --d----- c:\program files\TouchStoneSoftware
2009-05-18 19:26 <DIR> --d----- C:\N360_BACKUP
2009-05-18 17:52 23,888 a------- c:\windows\system32\drivers\COH_Mon.sys
2009-05-18 17:52 10,537 a------- c:\windows\system32\drivers\COH_Mon.cat
2009-05-18 17:52 706 a------- c:\windows\system32\drivers\COH_Mon.inf
2009-05-18 17:05 <DIR> --d----- c:\program files\Norton 360
2009-05-18 17:04 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-05-18 17:04 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-18 17:04 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-18 17:04 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-18 17:04 <DIR> --d----- c:\program files\Symantec
2009-05-18 17:03 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-05-18 16:39 <DIR> --d----- c:\program files\Sophos
2009-05-17 14:09 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-17 14:09 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-17 14:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-14 17:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware(2)
2009-05-14 15:53 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-14 15:53 <DIR> --d----- c:\docume~1\dan\applic~1\SUPERAntiSpyware.com
2009-05-14 14:51 <DIR> --d----- c:\docume~1\dan\applic~1\Malwarebytes
2009-05-14 14:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-07 18:55 <DIR> --d----- c:\program files\AIM Music Link
2009-05-07 17:36 14,629 a------- c:\windows\system32\Config.MPF
2009-05-07 17:19 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-05-07 17:19 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-05-07 17:19 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-05-07 17:19 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-05-07 17:18 <DIR> --d----- c:\program files\common files\McAfee
2009-05-07 17:18 <DIR> --d----- c:\program files\McAfee.com
2009-05-07 17:17 <DIR> --d----- c:\program files\McAfee
2009-05-07 17:08 34,216 a------- c:\windows\system32\drivers\mferkdk.sys

==================== Find3M ====================

2009-04-02 18:22 103,511 a------- c:\windows\hpoins04.dat
2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-20 12:29 77,754 a------- c:\windows\War3Unin.dat
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 11:09 78,336 a------- c:\windows\system32\ieencode.dll
2008-12-30 00:00 22,328 a------- c:\docume~1\dan\applic~1\PnkBstrK.sys
2008-11-20 15:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112020081121\index.dat

============= FINISH: 14:18:08.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:30 PM

Posted 20 May 2009 - 05:13 PM

Hi 3xplicit,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due the products attempting to access the same file at the same time.

    Therefore please decide on which of the following antiviruses you are going to keep and remove the rest:

    AV: AVG Anti-Virus Free
    AV: avast!
    AV: McAfee
    AV: Norton 360


    * You can remove AVG or Avast by going to Add/Remove Programs in Control Pannel and uninstall them.

    * If you decide to remove McAfee, I recommend you to use McAfee Consumer Product Removal tool (MCPR.exe).

    For download and instruction to use McAfee Consumer Product Removal tool click on majorgeeks.com

    * If you decide to remove Norton 360 please download and run the Norton Removal Tool.

    Note: Norton removal tool is one and the same for all versions named below. It doesn't matter which version you have.

    Warning: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

  • Please download http://OTListIt2 by OldTimer.
  • Save it to your desktop.
  • Double click on the OTListIt2 icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Type or copy and paste in the Custom Scans/Fixes section: drivers32
  • Click Run Scan button.
  • Two reports will open, copy and paste the first log to your reply:
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
[/list]

#3 3xplicit

3xplicit
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 21 May 2009 - 12:18 AM

by first log you mean the OTListIt.Txt and not the Extras.Txt right? if you need the ExtrasTxt i have it saved to my desktop and can post it for you.

OTListIt logfile created on: 5/20/2009 10:13:34 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 164.62 Gb Total Space | 34.51 Gb Free Space | 20.96% Space Free | Partition Type: NTFS
Drive D: | 2.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PUTER
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/05 13:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 13:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/20 14:57:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/11/12 15:54:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\windows\system32\nvsvc32.exe
PRC - [2008/12/29 23:59:49 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2004/09/22 18:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2009/02/05 13:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 13:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/04/16 20:58:49 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\windows\Explorer.EXE
PRC - [2009/02/05 13:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/05/20 14:57:51 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/01/26 16:15:16 | 00,884,838 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WPN111\wpn111.exe
PRC - [2009/02/27 21:54:41 | 00,636,072 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/04/27 16:45:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/20 22:12:45 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0322771241741947mcinstcleanup [Auto | Stopped])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 13:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 13:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 13:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 13:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2008/09/24 18:35:14 | 00,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service [Disabled | Stopped])
SRV - [2008/12/01 11:59:52 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [Disabled | Stopped])
SRV - [2009/04/16 20:58:49 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9bf10d28710be [Disabled | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/05/20 14:57:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/05/02 03:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2008/11/12 15:54:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\windows\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/12/29 23:59:49 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2005/08/02 14:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2009/05/19 18:07:30 | 00,592,768 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Dan\Local Settings\Temp\SPLFXEQ.exe -- (SPLFXEQ [On_Demand | Stopped])
SRV - [2004/09/22 18:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/02/05 13:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\windows\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2008/11/19 17:37:02 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\windows\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2004/12/22 02:07:12 | 02,304,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])
DRV - [2009/02/05 13:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\windows\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 13:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\windows\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 13:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 13:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 13:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2004/09/13 00:36:40 | 00,023,264 | R--- | M] (TelSignal Co., Ltd.) -- C:\windows\system32\drivers\CXTuner.sys -- (CXTuner [On_Demand | Stopped])
DRV - [2004/09/13 00:36:38 | 00,093,056 | R--- | M] (TelSignal Co., Ltd.) -- C:\windows\system32\drivers\CXVCap.sys -- (CXVideo [On_Demand | Stopped])
DRV - [2004/09/13 00:36:40 | 00,007,200 | R--- | M] (TelSignal Co., Ltd.) -- C:\windows\system32\drivers\CXXBar.sys -- (CXXBar [On_Demand | Stopped])
DRV - [2003/07/24 13:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\DNINDIS5.SYS -- (DNINDIS5 [On_Demand | Running])
DRV - [2004/05/18 14:43:54 | 00,005,088 | R--- | M] () -- C:\WINDOWS\system32\drivers\FBAPI.sys -- (FBAPI [Auto | Running])
DRV - [2008/01/01 00:08:56 | 00,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\windows\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
DRV - [2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\windows\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/07/24 03:02:44 | 04,749,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\windows\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/07/30 19:21:08 | 00,079,960 | R--- | M] (JMicron Technology Corp.) -- C:\windows\system32\DRIVERS\jraid.sys -- (JRAID [Boot | Running])
DRV - [2008/02/29 04:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\windows\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2008/02/29 04:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\windows\system32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2008/02/29 04:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\windows\system32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2003/12/12 19:03:10 | 00,652,689 | ---- | M] (Agere Systems) -- C:\windows\system32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Stopped])
DRV - [2008/04/13 11:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2005/08/02 14:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\windows\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2008/11/12 15:54:00 | 06,188,320 | ---- | M] (NVIDIA Corporation) -- C:\windows\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2003/09/19 15:47:24 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\windows\system32\drivers\pfc.sys -- (pfc [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\windows\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/05/18 14:43:58 | 00,043,512 | ---- | M] () -- C:\windows\System32\drivers\RITCPT.SYS -- (RITCPT [Boot | Running])
DRV - [2003/12/30 20:58:46 | 00,069,504 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\windows\system32\DRIVERS\Rtlnic51.sys -- (RTL8023 [On_Demand | Stopped])
DRV - [2004/07/16 14:19:52 | 00,070,400 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\windows\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Stopped])
DRV - [2004/08/03 15:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\windows\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2008/08/07 04:14:56 | 00,111,360 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\windows\system32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Stopped])
DRV - [2008/04/13 09:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\windows\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/27 16:18:50 | 00,097,920 | ---- | M] (Silicon Image, Inc.) -- C:\windows\system32\DRIVERS\SI3112r.sys -- (SI3112r [Boot | Running])
DRV - [2004/05/20 17:35:16 | 00,010,240 | ---- | M] (Silicon Image, Inc.) -- C:\windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter [Boot | Running])
DRV - [2004/07/23 14:55:50 | 00,046,536 | ---- | M] (Alcor Micro, Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt62.sys -- (SunkFilt62 [On_Demand | Running])
DRV - [2008/10/01 14:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2004/05/18 14:44:00 | 00,179,482 | ---- | M] () -- C:\windows\System32\drivers\VVBackd5.sys -- (VVBackd5 [Boot | Running])
DRV - [2005/09/26 17:02:50 | 00,362,944 | ---- | M] (NETGEAR, Inc.) -- C:\windows\system32\DRIVERS\WPN111.sys -- (WPN111 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3804607696-1349384571-403597190-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3804607696-1349384571-403597190-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3804607696-1349384571-403597190-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-3804607696-1349384571-403597190-1005\S-1-5-21-3804607696-1349384571-403597190-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3804607696-1349384571-403597190-1005\S-1-5-21-3804607696-1349384571-403597190-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.myspace.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/05 16:40:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/20 14:58:07 | 00,000,000 | ---D | M]

[2008/11/19 18:51:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Extensions
[2008/11/19 18:51:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/20 16:29:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\3y5fqbau.default\extensions
[2009/05/15 14:21:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\3y5fqbau.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2008/11/19 19:02:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\3y5fqbau.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/05/06 22:04:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\mozilla\Firefox\Profiles\3y5fqbau.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/11/19 19:02:25 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Mozilla\FireFox\Profiles\3y5fqbau.default\searchplugins\aim-search.xml
[2009/05/20 16:29:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/27 16:45:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/21 22:55:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/05/15 14:30:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/27 16:45:10 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/27 16:45:10 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/29 23:00:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/29 23:00:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/29 23:00:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/29 23:00:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/29 23:00:50 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/29 23:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - Reg Error: Key error. File not found
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKU\S-1-5-21-3804607696-1349384571-403597190-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-3804607696-1349384571-403597190-1005..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide (The Eraser Project)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN111\wpn111.exe (NETGEAR)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3804607696-1349384571-403597190-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1113523519421 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/01 04:21:01 | 00,000,044 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{cd515243-b6bb-11dd-925c-00184dddd0ec}\Shell\AutoRun\command - "" = J:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/20 22:12:45 | 00,000,000 | ---D | M]
Drivers32: aux - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux7 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi8 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\windows\system32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer8 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\windows\system32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\windows\system32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\windows\system32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\windows\system32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\windows\system32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\windows\system32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\windows\system32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\system32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\windows\system32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\system32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\windows\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\windows\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\system32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\system32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\windows\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\windows\system32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\windows\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\windows\system32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\windows\system32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\windows\system32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\windows\system32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\windows\system32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\windows\system32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave8 - C:\windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\windows\system32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\windows\*.tmp files]
[1 C:\Documents and Settings\Dan\Desktop\*.tmp files]
[2009/05/20 22:12:45 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTListIt2.exe
[2009/05/20 22:05:22 | 03,063,218 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Dan\Desktop\Norton_Removal_Tool.exe
[2009/05/20 22:02:39 | 00,608,344 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\MCPR.exe
[2009/05/20 14:59:02 | 00,000,000 | ---D | C] -- C:\windows\Sun
[2009/05/20 14:16:57 | 00,359,883 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\dds.scr
[2009/05/19 18:06:10 | 00,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Dan\Desktop\RootkitRevealer.exe
[2009/05/19 18:06:10 | 00,102,160 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\RootkitRevealer.chm
[2009/05/19 18:05:55 | 00,231,390 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\RootkitRevealer.zip
[2009/05/19 13:39:07 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/05/19 12:40:17 | 00,000,000 | ---D | C] -- C:\Program Files\TouchStoneSoftware
[2009/05/18 19:26:47 | 00,000,000 | ---D | C] -- C:\N360_BACKUP
[2009/05/18 17:48:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Symantec
[2009/05/18 17:03:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/05/18 16:39:59 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/05/18 12:00:04 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswRdr.sys
[2009/05/18 12:00:03 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswTdi.sys
[2009/05/18 12:00:01 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aavmker4.sys
[2009/05/18 11:59:56 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\windows\System32\AvastSS.scr
[2009/05/18 11:59:54 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswSP.sys
[2009/05/18 11:59:54 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2009/05/18 11:59:53 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswmon2.sys
[2009/05/18 11:59:53 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswmon.sys
[2009/05/18 11:59:08 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\windows\System32\aswBoot.exe
[2009/05/18 11:59:08 | 00,380,928 | ---- | C] () -- C:\windows\System32\actskin4.ocx
[2009/05/18 11:58:56 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/18 11:52:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\anti bleep
[2009/05/17 14:09:55 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2009/05/17 14:09:53 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/05/17 14:09:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/15 14:01:20 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/05/15 13:59:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Sun
[2009/05/14 17:11:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(2)
[2009/05/14 15:53:04 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/14 15:53:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\SUPERAntiSpyware.com
[2009/05/14 14:51:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Malwarebytes
[2009/05/14 14:51:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/11 22:13:24 | 53,902,344 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\WoW-3.0.3.9183-to-3.0.8.9464-enUS-patch.exe
[2009/05/11 22:13:24 | 01,074,664 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\All Users\Documents\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe
[2009/05/11 22:13:19 | 21,689,232 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\WoW-3.0.2.9056-to-3.0.3.9183-enUS-patch.exe
[2009/05/11 22:13:19 | 01,101,608 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\All Users\Documents\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe
[2009/05/11 22:13:19 | 01,072,200 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\All Users\Documents\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe
[2009/05/11 22:13:17 | 07,357,544 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\WoW-3.1.1.9806-to-3.1.1.9835-enUS-patch.exe
[2009/05/11 22:13:17 | 02,173,808 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\All Users\Documents\WoW-3.1.1.9806-to-3.1.1.9835-enUS-downloader.exe
[2009/05/11 22:13:14 | 10,895,616 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\WoW-3.0.8.9506-to-3.0.9.9551-enUS-patch.exe
[2009/05/11 22:13:14 | 08,396,120 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\WoW-3.1.0.9767-to-3.1.1.9806-enUS-patch.exe
[2009/05/11 22:13:14 | 07,088,248 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\WoW-3.0.8.9464-to-3.0.8.9506-enUS-patch.exe
[2009/05/11 22:13:14 | 02,232,832 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\All Users\Documents\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe
[2009/05/11 22:13:14 | 02,174,064 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\All Users\Documents\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe
[2009/05/11 22:13:14 | 02,173,888 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\All Users\Documents\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe
[2009/05/11 22:13:14 | 02,173,784 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\All Users\Documents\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe
[2009/05/07 18:55:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\AIMMusicLink
[2009/05/07 18:55:11 | 00,000,000 | ---D | C] -- C:\Program Files\AIM Music Link
[2009/05/07 18:54:33 | 00,617,846 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\AIMMusicLink_4100.exe
[2009/05/07 16:23:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Green Day
[2009/04/02 17:48:50 | 00,000,010 | ---- | C] () -- C:\windows\WININIT.INI
[2008/12/30 00:00:05 | 00,022,328 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2008/11/19 19:34:30 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2008/11/19 19:00:49 | 00,000,021 | ---- | C] () -- C:\windows\atid.ini
[2008/11/19 18:52:50 | 00,000,262 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/19 17:35:20 | 00,651,264 | ---- | C] () -- C:\windows\System32\libeay32.dll
[2008/11/19 17:35:20 | 00,147,456 | ---- | C] () -- C:\windows\System32\ssleay32.dll
[2008/11/19 17:21:40 | 00,179,482 | ---- | C] () -- C:\windows\System32\drivers\VVBackd5.sys
[2008/10/07 14:33:00 | 01,703,936 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2008/10/07 14:33:00 | 01,486,848 | ---- | C] () -- C:\windows\System32\nview.dll
[2008/10/07 14:33:00 | 01,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2008/10/07 14:33:00 | 00,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2008/10/07 14:33:00 | 00,286,720 | ---- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll
[2005/08/02 14:24:01 | 00,053,299 | ---- | C] () -- C:\windows\System32\pthreadVC.dll
[2005/04/26 13:17:21 | 00,000,082 | ---- | C] () -- C:\windows\TSWAVE.INI
[2005/04/26 13:11:28 | 00,000,083 | ---- | C] () -- C:\windows\IFOLDER.INI
[2005/04/26 13:08:44 | 00,057,344 | ---- | C] () -- C:\windows\System32\DTVdrv.dll
[2005/04/26 13:08:44 | 00,020,931 | ---- | C] () -- C:\windows\Tsctvfm.ini
[2005/04/26 13:08:44 | 00,012,188 | ---- | C] () -- C:\windows\System32\DTVdrvNT.sys
[2005/04/26 13:08:44 | 00,001,088 | ---- | C] () -- C:\windows\TSCTV.INI
[2005/04/26 13:08:44 | 00,000,012 | ---- | C] () -- C:\windows\GRAPPLER.INI
[2005/04/18 15:52:49 | 00,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2005/04/15 09:15:52 | 00,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2005/04/14 17:55:03 | 00,000,818 | ---- | C] () -- C:\windows\System32\oeminfo.ini
[2005/04/14 17:54:49 | 00,000,772 | ---- | C] () -- C:\windows\win.ini
[2005/04/14 17:54:47 | 00,000,227 | ---- | C] () -- C:\windows\system.ini
[2005/04/14 17:01:45 | 00,043,512 | ---- | C] () -- C:\windows\System32\drivers\RITCPT.SYS
[2005/04/14 17:01:27 | 00,005,088 | R--- | C] () -- C:\windows\System32\drivers\FBAPI.sys
[2005/04/14 16:23:49 | 00,000,109 | ---- | C] () -- C:\windows\TSNV_I2C.INI
[2005/04/14 16:23:19 | 00,020,958 | ---- | C] () -- C:\windows\TSCTVMSG.INI
[2005/04/14 16:23:19 | 00,010,970 | ---- | C] () -- C:\windows\TSCTVDIV.INI
[2005/04/14 16:23:19 | 00,002,336 | ---- | C] () -- C:\windows\TSCTNDBG.INI
[2005/04/14 16:23:19 | 00,000,461 | ---- | C] () -- C:\windows\TSCFM.INI
[2005/04/14 16:16:27 | 00,000,164 | ---- | C] () -- C:\windows\avrack.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2002/10/06 11:42:56 | 00,237,568 | ---- | C] () -- C:\windows\System32\OggDS.dll
[2002/10/04 16:04:24 | 00,921,600 | ---- | C] () -- C:\windows\System32\VorbisEnc.dll
[2002/10/04 16:04:24 | 00,188,416 | ---- | C] () -- C:\windows\System32\vorbis.dll
[2002/10/04 16:04:16 | 00,045,056 | ---- | C] () -- C:\windows\System32\ogg.dll

========== Files - Modified Within 30 Days ==========

[1 C:\windows\System32\*.tmp files]
[1 C:\windows\*.tmp files]
[1 C:\Documents and Settings\Dan\Desktop\*.tmp files]
[2009/05/20 22:12:45 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTListIt2.exe
[2009/05/20 22:11:12 | 00,198,228 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2009/05/20 22:11:00 | 00,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachine.job
[2009/05/20 22:10:55 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Dan\Local Settings\desktop.ini
[2009/05/20 22:10:47 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/05/20 22:10:45 | 00,001,374 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/05/20 22:10:44 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/05/20 22:05:33 | 03,063,218 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Dan\Desktop\Norton_Removal_Tool.exe
[2009/05/20 22:02:40 | 00,608,344 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\MCPR.exe
[2009/05/20 14:16:58 | 00,359,883 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\dds.scr
[2009/05/19 23:46:19 | 00,439,376 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2009/05/19 23:46:19 | 00,380,680 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2009/05/19 23:46:19 | 00,052,968 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2009/05/19 18:06:01 | 00,231,390 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\RootkitRevealer.zip
[2009/05/19 16:50:14 | 00,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2009/05/19 16:12:16 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/05/19 11:37:01 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2009/05/18 11:59:54 | 00,002,626 | ---- | M] () -- C:\windows\System32\CONFIG.NT
[2009/05/07 18:54:37 | 00,617,846 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\AIMMusicLink_4100.exe
[2009/05/07 18:05:34 | 00,294,864 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2009/05/07 00:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MRT.exe
[2009/05/05 20:33:27 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\Microsoft Office Word 2003 (2).lnk
[2009/04/28 15:11:53 | 07,357,544 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\WoW-3.1.1.9806-to-3.1.1.9835-enUS-patch.exe
[2009/04/28 15:09:41 | 02,173,808 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\All Users\Documents\WoW-3.1.1.9806-to-3.1.1.9835-enUS-downloader.exe
[2009/04/23 16:45:33 | 08,396,120 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\WoW-3.1.0.9767-to-3.1.1.9806-enUS-patch.exe
[2009/04/23 16:44:31 | 02,173,888 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\All Users\Documents\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe
< End of report >

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:30 PM

Posted 21 May 2009 - 10:55 AM

Yes I meant OTListIt.Txt, thanks. I see also you have used the removers and removed Norton and McAfee. They themselves are enough to cripple a system.

I don't see anything remotely suspicious except a driver without the manufacturer's name. We will run OTListIt to do some cleaning and run an updated MBAM for a deeper system scan.
  • Optional:Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you uninstall the following program via Add or Remove Programs if your are using it:

    Viewpoint, Viewpoint Manager, Viewpoint Media Player.

    If you uninstalled it also remove the folder in bold: C:\Program Files\Viewpoint

  • Please open OTListTt2.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :Processes
      explorer.exe
      :otli
      SRV - File not found -- -- (0322771241741947mcinstcleanup [Auto | Stopped])
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
      O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - Reg Error: Key error. File not found
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A6
      :commands
      [resethosts]
      [start explorer]
      [emptytemp]
      [Reboot]
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.


  • Open your Malwarebytes' Anti-Malware, first update it. If you can't update within the application you can update MBAM manually. To do that close MBAM, download mbam-rules.exe.
    Double-click mban-rules.exe to run it.
    Then Open MBAM, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note 1: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

  • Tell me if you had to update Malwarebytes manually and update me on the current condition of your computer.
Please include in your next reply:
  • The OTListIt log.
  • The log of MBAM.
  • Any comment or feedback about how it went.


#5 3xplicit

3xplicit
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 21 May 2009 - 06:12 PM

ok, first off, I tried the OTList twice, and both times explorer crashed immediately, followed shortly after by OTList itself. I had to restart both times. so i don't have an OTLISt log for you.
second, I had to do the manual update of MBAM, the scan found nothing.
thirdly, condition of my computer has greatly improved, it has been running sluggish (probably from the 99999999 antivirus program i had on it) we're making progress, but not out of this yet.

here's the MBAM log, again, the OTList didn't run so i don't have the log for that.

Malwarebytes' Anti-Malware 1.36
Database version: 2162
Windows 5.1.2600 Service Pack 3

5/21/2009 4:09:09 PM
mbam-log-2009-05-21 (16-09-09).txt

Scan type: Quick Scan
Objects scanned: 83645
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:30 PM

Posted 21 May 2009 - 06:58 PM

Thanks for the feedback and glad the condition of the computer is improving. But as you rightly pointed out as long as the updating is an issue you are not out of trouble.

Please run ComboFix once as I need to see the log of the first run. But make sure you install Recovery Console first. If ComboFix could not connect to internet to download the Recovery Console tell me about it before proceeding and running and I give you a set of instructions to download and install the Recovery Console before running ComboFix.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply and give me feedback about how it went.

#7 3xplicit

3xplicit
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 21 May 2009 - 07:31 PM

After downloading windows recovery it popped up with this

Posted Image

i didn't continue with the malware scan

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:30 PM

Posted 21 May 2009 - 07:42 PM

Well done 3xplicit. :thumbup2:

We have some work to do before installing the Recovery Console.

Please download BootCheck.exe to your desktop.
  • Double click BootCheck.exe to run it.
  • When finished, a Notepad window will open with some text in it.
  • Save the Notepad file to your desktop as BootCheck.txt
  • Copy and paste the contents of BootCheck.txt in your next reply.


#9 3xplicit

3xplicit
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 21 May 2009 - 07:45 PM

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !

Contents of boot.ini:

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:30 PM

Posted 21 May 2009 - 08:22 PM

Please be careful, follow the instruction as it is and don't reboot until we are finished with this part.

Go to C:\boot.ini

If that file exists, right click and uncheck 'Read Only' and click Apply => OK

Now right click the file again and select 'Open With' and choose Notepad.

Copy/paste the following text isn the code box below, into boot.ini


[boot loader]
timeout=30
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=1 /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=2 /fastdetect
scsi(0)disk(0)rdisk(0)partition(1)\WINDOWS=3 /fastdetect
scsi(0)disk(0)rdisk(0)partition(2)\WINDOWS=4 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=5 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=6 /fastdetect
C:\WINDOWS=7 /fastdetect

Then save the file and confirm the change. Then close the file.

If there is no boot.ini on the C:\ drive open a Notepad, copy and paste the above test into it and save it as boot.ini to C:\ drive.

Do Not reboot yet!

Run the Bootcheck.exe and post it's contents. It's important that you do not reboot the system until I've reviewed that log.

#11 3xplicit

3xplicit
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 21 May 2009 - 08:30 PM

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !

Contents of C:\boot.ini:

[boot loader]
timeout=30
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=1 /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=2 /fastdetect
scsi(0)disk(0)rdisk(0)partition(1)\WINDOWS=3 /fastdetect
scsi(0)disk(0)rdisk(0)partition(2)\WINDOWS=4 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=5 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=6 /fastdetect
C:\WINDOWS=7 /fastdetect

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:30 PM

Posted 21 May 2009 - 08:38 PM

If needed you may write down or print out this for reference when booting. We are going to find your boot partiotion. It should be number 1 but we have to be sure.

Reboot your system now:
  • Upon reboot, you'll have 30 seconds to choose from the boot menu.
  • Use your arrow key and select 1 /fastdetect in the list and press Enter
  • Wait for it to boot Windows.
  • If you receive an error, click OK to restart the system.
  • Upon restart you will see the boot menu again. Arrow up to 2 /fastdetect and press Enter.
  • Wait for Windows to boot. If you receive an error message, same as before, click OK to restart.
  • Continue using the arrow key, going in succession from 3 /fastdetect, etc., one at a time, until Windows boots up.
  • Tell me which number worked for you.
Edited: typo

Edited by farbar, 21 May 2009 - 09:07 PM.


#13 3xplicit

3xplicit
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 21 May 2009 - 08:46 PM

it booted up no problem with 1 /fastdetect

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:30 PM

Posted 21 May 2009 - 08:53 PM

Good job. Also this time don't reboot until we are done.

Right click the C:\boot.ini and rename it to boot.bak

Open Notepad and copy/paste the text in the quote box below, into that empty Notepad:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Save this as boot.ini directly on the C:\ drive.

Run the Bootcheck.exe and post the content of it. Do not reboot until I review that text.

#15 3xplicit

3xplicit
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 21 May 2009 - 08:57 PM

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !

Contents of C:\boot.ini:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users