Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry Problem . Windows Freezes


  • This topic is locked This topic is locked
32 replies to this topic

#1 Jorgieboy82

Jorgieboy82

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 02 March 2010 - 12:26 AM

Windows XP . Sony Vaio

Ok so I really do not know what is wrong with my computer now. I had some new malaware that was installed in my pc this morning such as AnitMalaware Doctor , it was loading porno icons on my desktop.

I proceeded by using combofix to delete all the malaware. It was successful with all but the antiwalare doctor. I then downloaded Rkill like the website directed me to and it removed it completely. Then I proceeded by running malawarebytes scan.

That's where everything went downhill. After the scan it asked me to delete the corrupt files, so I did, it then prompted me with a messge of Registry Edit so I pressed ok. I forgot what question it was.

I rebooted my system and when windows loads now i get numerous "ERROR LOADING C:/WINDOWS/SYSTEM32/WJXPXX.DLL" type errors along with a couple more I cant see because it freezes my pc. So I get a bunch of DLL errors along with black screens in DOS format i think popping up - like 10 at a time - with a bunch of codes.. Everytime I reboot i get the same thing and it freezes my pc. I can't do anything.

The only thing I can do it run on safe mode
- i tried doing combofix on safemode but it didnt work. I tried system restore on safe mode but the last checkpoint was from this morning and I still get the same errors when i go to windows regular start up.

Can my pc be salvaged. Right now I am running GMER 1.0.15 on safe mode hopefully it can fix something. I don't know what else to do. I think Malwarebytes screwed me up. I am thinking this is a Registry problem

BC AdBot (Login to Remove)

 


#2 Jorgieboy82

Jorgieboy82
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 02 March 2010 - 06:26 AM

I did some research and I thought I had a corrupted registry so I followed these instructions..

http://support.microsoft.com/kb/307545

However I missed the step about inserting a windows xp cd-rom and I deleted something. I am getting this message now

Windows could not start because the following file is missing or corrupt: Windows\System32\Config\System

Now I am completely stuck


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:38 PM

Posted 02 March 2010 - 10:47 AM

Hi, Jorgieboy82 smile.gif

Lets give this a try. You will need a flash drive to move information from the sick computer to a working computer, so we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

Frst
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as Query.bat
  • Change the Save as Type to All Files
  • and Save it on the flash drive. Do not save this file on the working computer. You can accidentally run the file in the computer and damage its registry.
  • This file will be ran in the non working computer after following the next set of instructions..
QUOTE
Dir C:\windows\system32\config >C:\Log.txt
If exist C:\windows\system32\config\system Ren C:\windows\system32\config\system system.123
Dir "C:\System Volume Information" /s >>C:\log.txt
If exist C:\windows\system32\config\system.123 Ren C:\windows\system32\config\system.123 system
Del %0


Second

Two programs to download

Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps.

Third
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Using the Reatogo Explorer (Right click on the Start button and select Explore)
  • Navigate to the Flash drive and double click on the Query.bat file you created earlier
  • It shall produce a report in C:\Log.txt. Copy that file to the flash drive and post its contents in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 Jorgieboy82

Jorgieboy82
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 02 March 2010 - 11:50 PM

I dont think I can boot from CD feature. These are the only options I have when I press f8 at startup

Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt

Enable Boot Logging
Enable VGA Mode
Last Know Good Configuration
Directory Services Restore Mode (window domain controllers only)
Debugging Mode
Disable automatic restart on system failure

Start windows normally
Reboot
Return to OS Choices Menu (which shows Microsoft windows Recovery Console, and Microsoft Windows XP Home Edition)

#5 Jorgieboy82

Jorgieboy82
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 02 March 2010 - 11:59 PM

Nevermind I got to the BIOS Screen by Entering Esc on Startup.

When I go to the boot screen its shows the following options

OPTICAL DRIVE
FLOPPY DISK DRIVE
HARD DISK DRIVE
HITACHI_DK23EA-40-(PM)
NETWORK

I enabled all of them by pressing SHIFT +1

Will this do?

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:38 PM

Posted 03 March 2010 - 12:37 AM

QUOTE(Jorgieboy82 @ Mar 3 2010, 12:59 AM) View Post
Nevermind I got to the BIOS Screen by Entering Esc on Startup.

When I go to the boot screen its shows the following options

OPTICAL DRIVE
FLOPPY DISK DRIVE
HARD DISK DRIVE
HITACHI_DK23EA-40-(PM)
NETWORK

I enabled all of them by pressing SHIFT +1

Will this do?

In order to boot from the CD, you must set the Boot order in your BIOS. It should be the CD_ROM first (Optical drive).

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Jorgieboy82

Jorgieboy82
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 03 March 2010 - 12:54 AM

Sorry if I am being to informative with my previous posts..

So Ok I got it to work somehow. I got to REATOGO X PE Desktop and I ran the query.bat file - a black screen popped up and disappeared quickly. The Query.bat document also disappeared from the Flash Drive. So I tried it again by saving another Query.bat file on the flash drive and it disappeared again after a black box appeared.

I proceeded by go to start - run - browse C drive show all files and I copy and pasted the Log.txt.

Here it goes, I also uploaded it for you:


Volume in drive C has no label.
Volume Serial Number is 7816-3C47

Directory of C:\windows\system32\config

03/02/2010 12:51 AM <DIR> .
03/02/2010 12:51 AM <DIR> ..
03/02/2010 03:06 AM 524,288 AppEvent.Evt
04/30/2003 03:18 PM 241,664 default
03/01/2010 08:59 AM 524,288 default.bak
04/30/2003 08:06 AM 94,208 default.sav
02/24/2008 12:07 AM 65,536 Internet.evt
07/10/2003 10:18 PM 20,480 sam
03/01/2010 08:59 AM 24,576 SAM.bak
03/02/2010 03:06 AM 524,288 SecEvent.Evt
07/10/2003 10:18 PM 28,672 security
03/01/2010 08:59 AM 143,360 SECURITY.bak
07/10/2003 10:18 PM 8,220,672 software
03/01/2010 08:59 AM 30,355,456 software.bak
04/30/2003 08:06 AM 606,208 software.sav
03/02/2010 03:06 AM 524,288 SysEvent.Evt
03/01/2010 08:59 AM 8,126,464 system.bak
04/30/2003 08:06 AM 397,312 system.sav
03/01/2010 10:41 PM <DIR> systemprofile
04/30/2003 08:06 AM 262,144 userdiff
17 File(s) 50,683,904 bytes
3 Dir(s) 3,760,164,864 bytes free
Volume in drive C has no label.
Volume Serial Number is 7816-3C47

Directory of C:\System Volume Information\_restore{14AB0BD9-ED23-4445-98C1-95FB6C64B155}

03/02/2010 05:34 AM 264 drivetable.txt
03/01/2010 10:39 PM <DIR> RP1
03/02/2010 05:34 AM <DIR> RP2
03/02/2010 05:34 AM 24 _driver.cfg
03/01/2010 09:13 AM 23,706 _filelst.cfg
3 File(s) 23,994 bytes

Directory of C:\System Volume Information\_restore{14AB0BD9-ED23-4445-98C1-95FB6C64B155}\RP1

03/01/2010 10:39 PM <DIR> .
03/01/2010 10:39 PM <DIR> ..
03/01/2010 08:11 AM 723 A0000001.ini
03/01/2010 08:25 AM 1,155,962 A0000002.mfl
01/03/2010 02:50 AM 7,473 A0000003.cmd
04/13/2008 01:40 PM 96,512 A0000004.sys
04/13/2008 01:57 PM 14,336 A0000005.sys
08/29/2002 07:00 AM 4,224 A0000006.sys
04/13/2008 01:39 PM 24,576 A0000007.sys
04/13/2008 02:20 PM 182,656 A0000008.sys
04/13/2008 02:15 PM 574,976 A0000009.sys
08/29/2002 07:00 AM 2,944 A0000010.sys
06/20/2008 06:51 AM 361,600 A0000011.sys
04/13/2008 07:11 PM 77,824 A0000012.dll
04/13/2008 07:12 PM 13,312 A0000013.exe
04/13/2008 07:12 PM 198,144 A0000014.dll
04/13/2008 07:12 PM 409,088 A0000015.dll
02/09/2009 07:10 AM 401,408 A0000016.dll
02/06/2009 06:11 AM 110,592 A0000017.exe
04/13/2008 07:12 PM 57,856 A0000018.exe
04/13/2008 07:12 PM 507,904 A0000019.exe
08/06/2009 06:24 PM 53,472 A0000020.exe
04/13/2008 07:11 PM 617,472 A0000021.dll
04/13/2008 07:11 PM 62,464 A0000022.dll
07/07/2008 03:26 PM 253,952 A0000023.dll
04/13/2008 07:11 PM 110,080 A0000024.dll
03/21/2009 09:06 AM 989,696 A0000025.dll
04/13/2008 07:11 PM 19,968 A0000026.dll
04/13/2008 07:11 PM 22,016 A0000027.dll
10/29/2009 02:46 AM 3,598,336 A0000028.dll
04/13/2008 07:12 PM 343,040 A0000029.dll
06/20/2008 12:46 PM 245,248 A0000030.dll
04/13/2008 07:12 PM 407,040 A0000031.dll
08/04/2009 07:44 PM 2,189,184 A0000032.exe
04/13/2008 07:12 PM 17,408 A0000033.dll
04/13/2008 07:12 PM 181,248 A0000034.dll
04/13/2008 07:12 PM 5,120 A0000035.dll
04/13/2008 07:12 PM 14,336 A0000036.exe
04/13/2008 07:12 PM 249,856 A0000037.dll
04/13/2008 07:12 PM 578,560 A0000038.dll
04/13/2008 07:12 PM 26,112 A0000039.exe
10/29/2009 02:46 AM 832,512 A0000040.dll
04/13/2008 07:12 PM 82,432 A0000041.dll
04/13/2008 07:12 PM 1,033,728 A0000042.exe
04/13/2008 07:12 PM 171,008 A0000043.dll
04/13/2008 07:12 PM 13,824 A0000044.exe
04/13/2008 07:12 PM 129,024 A0000045.dll
04/13/2008 07:11 PM 56,320 A0000046.dll
04/13/2008 07:12 PM 1,614,848 A0000047.dll
04/13/2008 07:12 PM 15,360 A0000048.exe
04/13/2008 07:12 PM 135,168 A0000049.dll
04/13/2008 07:12 PM 59,904 A0000050.dll
04/13/2008 07:12 PM 192,512 A0000051.dll
04/13/2008 07:12 PM 71,680 A0000052.dll
04/13/2008 07:12 PM 295,424 A0000053.dll
08/29/2002 07:00 AM 11,648 A0000054.sys
04/13/2008 11:39 AM 142,592 A0000055.sys
04/13/2008 01:36 PM 42,368 A0000056.sys
04/13/2008 01:53 PM 36,608 A0000057.sys
04/13/2008 07:11 PM 927,504 A0000058.dll
04/13/2008 07:11 PM 33,792 A0000059.dll
10/18/2006 08:47 PM 27,136 A0000060.dll
08/04/2009 09:20 AM 2,066,048 A0000061.exe
04/13/2008 07:12 PM 435,200 A0000062.dll
04/13/2008 07:12 PM 185,856 A0000063.dll
11/23/2009 05:52 AM 3,733 A0000064.cmd
11/16/2009 01:00 AM 3,392 A0000065.cmd
11/16/2009 01:03 AM 659 A0000066.cmd
11/16/2009 01:00 AM 2,146 A0000067.cmd
02/28/2010 01:23 AM 50,913 A0000068.cmd
12/24/2009 04:12 PM 20,040 A0000069.cmd
01/17/2010 06:21 PM 483 A0000070.lnk
10/26/2009 02:54 PM 5,969 A0000071.cmd
03/01/2010 08:58 AM 0 A0000072.old
03/01/2010 08:58 AM 9,204 A0000073.old
10/26/2009 02:51 PM 3,927 A0000074.cmd
04/13/2008 01:40 PM 96,512 A0000075.sys
02/22/2010 01:44 PM 2,005 A0000076.cmd
05/13/2009 06:09 PM 1,464 A0000077.vbs
02/12/2010 04:30 AM 2,917 A0000078.cmd
01/01/2010 10:00 PM 7,459 A0000079.bat
08/31/2000 08:00 AM 7,680 A0000080.dll
11/15/2009 04:30 AM 977 A0000081.cmd
03/01/2010 09:00 AM 91 A0000082.bat
03/01/2010 08:28 AM 16 A0000083.bat
10/26/2009 02:53 PM 2,894 A0000085.cmd
12/23/2009 09:49 PM 1,686 A0000086.cmd
03/01/2010 08:58 AM 42 A0000087.old
12/06/2009 04:00 AM 1,816 A0000088.bat
03/01/2010 08:40 AM 13,883 A0000089.reg
12/14/2009 05:22 AM 36,942 A0000090.dll
03/01/2010 08:37 PM 2,413 A0000091.pif
12/24/2009 04:45 PM 29,556 A0000092.bat
11/10/2009 11:16 PM 4,759 A0000093.bat
01/03/2010 08:41 PM 1,085 A0000094.cmd
08/16/2005 01:54 AM 1,536 A0000095.exe
10/20/2009 05:25 PM 954 A0000096.bat
04/20/2009 12:56 PM 31,232 A0000097.exe
03/01/2010 08:46 AM 0 A0000098.cf
12/12/2009 08:07 PM 1,373 A0000099.cmd
03/01/2010 08:58 AM 194,802 A0000100.bat
08/31/2000 08:00 AM 2,428 A0000101.vbs
03/01/2010 08:38 AM 5,508 A0000102.pif
12/27/2009 02:08 PM 2,409 A0000103.bat
04/20/2009 12:56 PM 31,232 A0000104.pif
03/01/2010 08:46 AM 2,716 A0000105.com
02/12/2010 05:04 AM 28,607 A0000106.bat
04/20/2009 12:56 PM 31,232 A0000107.exe
03/01/2010 05:05 PM 24,308 A0000108.cmd
08/31/2000 08:00 AM 977 A0000109.vbs
12/09/2009 10:54 PM 261,632 A0000110.exe
08/14/2009 04:54 AM 2,374 A0000111.inf
03/02/2006 11:42 PM 73,728 A0000112.com
11/15/2009 05:35 AM 442 A0000113.cmd
11/16/2009 01:05 AM 14,382 A0000114.bat
03/01/2010 08:58 AM 6,604 A0000115.bat
06/10/2006 02:42 PM 49,152 A0000116.exe
03/01/2010 08:29 AM 14 A0000117.cmd
08/31/2000 08:00 AM 2,176 A0000118.vbs
08/31/2000 08:00 AM 161,792 A0000119.exe
12/30/2009 03:26 AM 2,785 A0000120.cmd
03/01/2010 08:29 AM 320 A0000121.bat
05/14/2009 01:08 AM 592 A0000122.vbs
02/02/2010 06:41 PM 13,090 A0000123.reg
03/01/2010 08:50 AM 29,492 A0000124.data
03/01/2010 08:50 AM 48 A0000125.data
03/01/2010 09:13 AM 628 A0000126.ini
02/25/2010 07:36 PM 1,528 A0000127.lnk
02/25/2010 07:36 PM 1,530 A0000128.lnk
03/01/2010 06:46 AM 855 A0000129.lnk
02/05/2010 12:16 AM 35,562 A0000130.old
03/01/2010 06:42 AM 812 A0000131.lnk
03/01/2010 06:43 AM 872 A0000132.lnk
02/28/2010 10:32 AM 1,892 A0000133.ini
02/28/2010 10:32 AM 272 A0000134.ini
02/05/2010 12:07 AM 1,890 A0000135.old
03/01/2010 08:50 AM 34 A0000136.data
03/01/2010 08:50 AM 40,960 A0000137.dll
03/01/2010 08:11 AM 55,808 A0000138.exe
03/01/2010 09:03 AM 55,808 A0000139.exe
03/01/2010 08:47 AM 55,808 A0000140.exe
03/01/2010 09:03 AM 55,808 A0000141.exe
03/01/2010 09:03 AM 55,808 A0000142.exe
03/01/2010 09:03 AM 55,808 A0000143.exe
03/01/2010 09:03 AM 55,808 A0000144.exe
03/01/2010 09:03 AM 55,808 A0000145.exe
03/01/2010 09:03 AM 55,808 A0000146.exe
03/01/2010 09:03 AM 55,808 A0000147.exe
03/01/2010 09:03 AM 55,808 A0000148.exe
03/01/2010 09:03 AM 55,808 A0000149.exe
03/01/2010 09:03 AM 55,808 A0000150.exe
03/01/2010 09:03 AM 55,808 A0000151.exe
03/01/2010 09:03 AM 55,808 A0000152.exe
03/01/2010 09:03 AM 55,808 A0000153.exe
03/01/2010 09:03 AM 55,808 A0000154.exe
03/01/2010 09:03 AM 55,808 A0000155.exe
03/01/2010 09:03 AM 55,808 A0000156.exe
03/01/2010 09:03 AM 55,808 A0000157.exe
07/16/2009 12:28 PM 28,672 A0000158.dll
07/16/2009 12:28 PM 24,576 A0000159.dll
03/01/2010 08:47 AM 55,808 A0000160.exe
03/01/2010 09:03 AM 55,808 A0000161.exe
03/01/2010 07:57 AM 55,808 A0000162.exe
03/01/2010 06:59 AM 55,808 A0000163.exe
03/01/2010 09:03 AM 55,808 A0000164.exe
03/01/2010 06:59 AM 55,808 A0000165.exe
04/13/2008 07:11 PM 2,304 A0000166.sys
03/01/2010 08:47 AM 55,808 A0000167.exe
03/01/2010 09:03 AM 55,808 A0000168.exe
03/01/2010 08:42 AM 821 A0000169.ini
01/22/2010 05:29 PM 99 A0000170.old
01/22/2010 05:29 PM 3,754 A0000171.old
03/01/2010 07:43 PM 54,016 A0000173.sys
03/01/2010 07:43 PM 55,808 A0000174.exe
03/01/2010 07:43 PM 55,808 A0000175.exe
04/13/2008 07:12 PM 41,984 A0000176.dll
03/01/2010 07:43 PM 55,808 A0000177.exe
03/01/2010 07:42 PM 55,808 A0000178.exe
03/01/2010 09:00 AM 41 A0000182.pid
03/01/2010 07:00 AM 1,639 A0000183.data
03/01/2010 07:40 PM 34 A0000184.data
03/01/2010 07:41 PM 29,492 A0000185.data
03/01/2010 07:41 PM 57 A0000186.data
08/19/2009 01:52 AM 4,676 A0000190.PNF
03/01/2010 08:03 PM 34 A0000191.data
03/01/2010 08:03 PM 29,478 A0000192.data
03/01/2010 08:03 PM 43 A0000193.data
03/01/2010 08:06 PM 41 A0001191.pid
03/01/2010 06:44 PM 1,048,396 change.log.1
03/01/2010 07:44 PM 133,078 change.log.2
03/01/2010 08:04 PM 43,736 change.log.3
03/01/2010 10:22 PM 20,948 change.log.4
03/01/2010 10:28 PM 5,676 change.log.5
03/01/2010 10:38 PM 3,512 change.log.6
03/01/2010 10:39 PM 264 drivetable.txt
03/01/2010 09:13 AM 8 RestorePointSize
03/01/2010 09:13 AM 536 rp.log
03/01/2010 10:48 PM <DIR> snapshot
195 File(s) 27,442,420 bytes

Directory of C:\System Volume Information\_restore{14AB0BD9-ED23-4445-98C1-95FB6C64B155}\RP1\snapshot

03/01/2010 10:48 PM <DIR> .
03/01/2010 10:48 PM <DIR> ..
07/10/2003 10:22 PM 22,992 ComDb.Dat
03/01/2010 09:12 AM 56 domain.txt
03/01/2010 09:13 AM <DIR> Repository
03/01/2010 09:12 AM 24,576 _REGISTRY_MACHINE_SAM
03/01/2010 09:11 AM 143,360 _REGISTRY_MACHINE_SECURITY
03/01/2010 09:12 AM 30,355,456 _REGISTRY_MACHINE_SOFTWARE
03/01/2010 09:12 AM 7,995,392 _REGISTRY_MACHINE_SYSTEM
03/01/2010 09:11 AM 364,544 _REGISTRY_USER_.DEFAULT
07/10/2003 10:18 PM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
03/01/2010 09:10 AM 241,664 _REGISTRY_USER_NTUSER_S-1-5-19
03/01/2010 09:10 AM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
03/01/2010 09:10 AM 5,206,016 _REGISTRY_USER_NTUSER_S-1-5-21-3715381366-1113161050-1189867823-1005
03/01/2010 09:10 AM 1,060,864 _REGISTRY_USER_NTUSER_S-1-5-21-3715381366-1113161050-1189867823-1006
03/01/2010 09:10 AM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
03/01/2010 09:10 AM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
03/01/2010 09:10 AM 188,416 _REGISTRY_USER_USRCLASS_S-1-5-21-3715381366-1113161050-1189867823-1005
03/01/2010 09:10 AM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-21-3715381366-1113161050-1189867823-1006
16 File(s) 46,131,720 bytes

Directory of C:\System Volume Information\_restore{14AB0BD9-ED23-4445-98C1-95FB6C64B155}\RP1\snapshot\Repository

03/01/2010 09:13 AM <DIR> .
03/01/2010 09:13 AM <DIR> ..
03/01/2010 09:00 AM 20 $WinMgmt.CFG
03/01/2010 09:13 AM <DIR> FS
1 File(s) 20 bytes

Directory of C:\System Volume Information\_restore{14AB0BD9-ED23-4445-98C1-95FB6C64B155}\RP1\snapshot\Repository\FS

03/01/2010 09:13 AM <DIR> .
03/01/2010 09:13 AM <DIR> ..
03/01/2010 09:01 AM 1,597,440 INDEX.BTR
03/01/2010 09:01 AM 872 INDEX.MAP
03/01/2010 09:01 AM 4 MAPPING.VER
03/01/2010 09:01 AM 3,828 MAPPING1.MAP
03/01/2010 08:45 AM 3,828 MAPPING2.MAP
03/01/2010 09:01 AM 5,849,088 OBJECTS.DATA
03/01/2010 09:01 AM 2,956 OBJECTS.MAP
7 File(s) 7,458,016 bytes

Directory of C:\System Volume Information\_restore{14AB0BD9-ED23-4445-98C1-95FB6C64B155}\RP2

03/02/2010 05:34 AM <DIR> .
03/02/2010 05:34 AM <DIR> ..
03/01/2010 10:38 PM 62 A0002191.ini
03/01/2010 10:37 PM 62 A0002192.ini
03/01/2010 10:37 PM 62 A0002193.ini
03/01/2010 10:28 PM 42 A0002194.pid
03/01/2010 10:30 PM 62 A0002195.ini
03/01/2010 08:09 PM 43 A0002196.data
03/01/2010 08:09 PM 29,478 A0002197.data
03/01/2010 08:09 PM 34 A0002198.data
03/01/2010 08:06 PM 4,676 A0002199.PNF
03/01/2010 07:50 PM 257 A0002200.properties
03/01/2010 07:49 PM 1,634 A0002201.data
03/01/2010 07:44 PM 231,852 A0002202.old
02/05/2010 12:16 AM 3,780 A0002203.old
02/05/2010 12:16 AM 99 A0002204.old
03/01/2010 07:40 PM 1,890 A0002205.old
03/01/2010 07:44 PM 821 A0002206.ini
03/01/2010 07:44 PM 615 A0002207.lnk
03/01/2010 07:43 PM 55,808 A0002208.exe
03/01/2010 07:43 PM 55,808 A0002209.exe
03/01/2010 07:43 PM 55,808 A0002210.exe
03/01/2010 07:43 PM 55,808 A0002211.exe
03/01/2010 07:42 PM 55,808 A0002212.exe
03/01/2010 07:12 PM 55,808 A0002213.exe
03/01/2010 07:12 PM 173,600 A0002214.old
03/01/2010 10:33 AM 272 A0002215.ini
03/01/2010 10:33 AM 1,892 A0002216.ini
03/01/2010 10:11 AM 808 A0002217.lnk
03/01/2010 10:11 AM 793 A0002218.lnk
03/01/2010 10:11 AM 758 A0002219.lnk
03/01/2010 10:08 AM 1,530 A0002220.lnk
03/01/2010 10:08 AM 1,528 A0002221.lnk
03/01/2010 09:37 AM 628 A0002222.ini
03/01/2010 09:29 AM 702,288 A0002223.exe
03/01/2010 09:29 AM 732 A0002224.lnk
03/01/2010 09:29 AM 708 A0002225.lnk
03/01/2010 09:29 AM 708 A0002226.lnk
01/07/2010 04:07 PM 236,368 A0002227.exe
01/07/2010 04:07 PM 429,392 A0002228.exe
01/07/2010 04:07 PM 79,696 A0002229.dll
01/07/2010 04:07 PM 38,224 A0002230.sys
01/07/2010 04:07 PM 1,394,000 A0002231.exe
03/01/2010 09:29 AM 4,216,504 A0002232.ref
01/07/2010 04:07 PM 167,760 A0002233.dll
03/01/2010 09:29 AM 5,115,824 A0002234.exe
03/01/2010 09:28 AM 696 A0002235.lnk
12/30/2009 02:55 PM 496,976 A0002236.ocx
12/30/2009 02:55 PM 46,416 A0002237.dll
12/30/2009 02:55 PM 84,816 A0002238.dll
01/07/2010 04:07 PM 19,160 A0002239.sys
03/01/2010 09:23 AM 5,061,512 A0002240.exe
03/01/2010 09:21 AM 363,008 A0002241.com
03/01/2010 09:19 AM 483 A0002242.lnk
04/13/2008 07:12 PM 185,856 A0002243.dll
04/13/2008 07:12 PM 435,200 A0002244.dll
12/08/2009 01:43 PM 2,066,048 A0002245.exe
10/18/2006 08:47 PM 27,136 A0002246.dll
04/13/2008 07:11 PM 33,792 A0002247.dll
04/13/2008 07:11 PM 927,504 A0002248.dll
04/13/2008 01:53 PM 36,608 A0002249.sys
04/13/2008 01:36 PM 42,368 A0002250.sys
04/13/2008 12:39 PM 142,592 A0002251.sys
08/29/2002 07:00 AM 11,648 A0002252.sys
04/13/2008 07:12 PM 295,424 A0002253.dll
04/13/2008 07:12 PM 71,680 A0002254.dll
04/13/2008 07:12 PM 192,512 A0002255.dll
04/13/2008 07:12 PM 59,904 A0002256.dll
04/13/2008 07:12 PM 135,168 A0002257.dll
04/13/2008 07:12 PM 15,360 A0002258.exe
04/13/2008 07:12 PM 1,614,848 A0002259.dll
04/13/2008 07:11 PM 56,320 A0002260.dll
04/13/2008 07:12 PM 129,024 A0002261.dll
04/13/2008 07:12 PM 13,824 A0002262.exe
04/13/2008 07:12 PM 171,008 A0002263.dll
04/13/2008 07:12 PM 1,033,728 A0002264.exe
04/13/2008 07:12 PM 82,432 A0002265.dll
01/05/2010 05:00 AM 832,512 A0002266.dll
04/13/2008 07:12 PM 26,112 A0002267.exe
04/13/2008 07:12 PM 578,560 A0002268.dll
04/13/2008 07:12 PM 249,856 A0002269.dll
04/13/2008 07:12 PM 14,336 A0002270.exe
04/13/2008 07:12 PM 5,120 A0002271.dll
04/13/2008 07:12 PM 181,248 A0002272.dll
04/13/2008 07:12 PM 17,408 A0002273.dll
12/08/2009 02:27 PM 2,189,184 A0002274.exe
04/13/2008 07:12 PM 407,040 A0002275.dll
06/20/2008 12:46 PM 245,248 A0002276.dll
04/13/2008 07:12 PM 343,040 A0002277.dll
01/05/2010 05:00 AM 3,599,360 A0002278.dll
04/13/2008 07:11 PM 22,016 A0002279.dll
04/13/2008 07:11 PM 19,968 A0002280.dll
03/21/2009 09:06 AM 989,696 A0002281.dll
04/13/2008 07:11 PM 110,080 A0002282.dll
07/07/2008 03:26 PM 253,952 A0002283.dll
04/13/2008 07:11 PM 62,464 A0002284.dll
04/13/2008 07:11 PM 617,472 A0002285.dll
08/06/2009 06:24 PM 53,472 A0002286.exe
04/13/2008 07:12 PM 507,904 A0002287.exe
04/13/2008 07:12 PM 57,856 A0002288.exe
02/06/2009 06:11 AM 110,592 A0002289.exe
02/09/2009 07:10 AM 401,408 A0002290.dll
04/13/2008 07:12 PM 409,088 A0002291.dll
04/13/2008 07:12 PM 198,144 A0002292.dll
04/13/2008 07:12 PM 13,312 A0002293.exe
04/13/2008 07:11 PM 77,824 A0002294.dll
06/20/2008 06:51 AM 361,600 A0002295.sys
08/29/2002 07:00 AM 2,944 A0002296.sys
04/13/2008 02:15 PM 574,976 A0002297.sys
04/13/2008 02:20 PM 182,656 A0002298.sys
04/13/2008 01:39 PM 24,576 A0002299.sys
08/29/2002 07:00 AM 4,224 A0002300.sys
04/13/2008 01:57 PM 14,336 A0002301.sys
04/13/2008 01:40 PM 96,512 A0002302.sys
03/01/2010 09:37 AM 1,196,971 A0002303.mfl
03/01/2010 09:13 AM 628 A0002304.ini
03/01/2010 07:12 PM 94,208 A0002307.dll
03/01/2010 09:00 AM 41 A0002311.pid
03/01/2010 10:43 PM 41 A0003311.pid
03/01/2010 08:37 PM 17,966 A0004310.cmd
12/06/2009 04:04 AM 1,870 A0004311.bat
01/02/2010 05:22 PM 17,071 A0004312.cmd
06/21/2009 03:34 PM 90,202 A0004313.dll
08/31/2000 08:00 AM 212,480 A0004314.exe
08/31/2000 08:00 AM 136,704 A0004315.exe
08/31/2000 08:00 AM 98,816 A0004316.exe
08/31/2000 08:00 AM 80,412 A0004317.exe
08/31/2000 08:00 AM 68,096 A0004318.exe
08/31/2000 08:00 AM 161,792 A0004319.exe
12/09/2009 10:54 PM 261,632 A0004320.exe
04/20/2009 12:56 PM 31,232 A0004321.exe
10/25/2009 06:11 AM 77,312 A0004322.exe
10/20/2005 08:02 PM 163,328 A0004325.EXE
03/01/2010 08:46 AM 1,554 A0004326.INF
12/05/2009 08:11 AM 3,030 A0004327.cmd
11/23/2009 12:54 AM 5,658 A0004328.cmd
03/01/2010 08:37 PM 5,236 A0004329.pif
01/14/2010 03:26 PM 93,142 A0004330.bat
03/01/2010 08:37 PM 972,917 A0004331.bat
01/16/2010 04:51 AM 2,109 A0004332.com
01/25/2010 07:38 PM 27,779 A0004333.cmd
11/29/2009 07:25 AM 1,695 A0004334.cmd
05/01/2009 10:26 PM 587 A0004335.vbs
03/01/2010 08:25 AM 1,155,962 A0004336.mfl
03/01/2010 08:33 PM 57,989 A0004337.bat
10/28/2009 03:47 PM 489 A0004338.manifest
03/01/2010 08:11 AM 723 A0004339.ini
03/01/2010 08:56 AM 14,860 A0004340.reg
03/01/2010 08:47 AM 55,808 A0004341.exe
03/01/2010 09:03 AM 55,808 A0004342.exe
03/01/2010 09:03 AM 55,808 A0004343.exe
03/01/2010 09:03 AM 55,808 A0004344.exe
03/01/2010 09:03 AM 55,808 A0004345.exe
03/01/2010 08:47 AM 55,808 A0004346.exe
03/01/2010 09:03 AM 55,808 A0004347.exe
03/01/2010 08:58 AM 9,204 A0004348.old
03/01/2010 08:58 AM 0 A0004349.old
03/01/2010 03:36 PM 251,091 A0004350.bat
06/21/2009 02:45 PM 98,948 A0004351.dll
11/30/2009 02:38 AM 7,065 A0004352.bat
01/01/2010 10:46 PM 54,992 A0004353.bat
01/03/2010 02:50 AM 7,473 A0004354.cmd
04/13/2008 01:40 PM 96,512 A0004355.sys
04/13/2008 01:57 PM 14,336 A0004356.sys
08/29/2002 07:00 AM 4,224 A0004357.sys
04/13/2008 01:39 PM 24,576 A0004358.sys
04/13/2008 02:20 PM 182,656 A0004359.sys
04/13/2008 02:15 PM 574,976 A0004360.sys
08/29/2002 07:00 AM 2,944 A0004361.sys
06/20/2008 06:51 AM 361,600 A0004362.sys
04/13/2008 07:11 PM 77,824 A0004363.dll
04/13/2008 07:12 PM 13,312 A0004364.exe
04/13/2008 07:12 PM 198,144 A0004365.dll
04/13/2008 07:12 PM 409,088 A0004366.dll
02/09/2009 07:10 AM 401,408 A0004367.dll
02/06/2009 06:11 AM 110,592 A0004368.exe
04/13/2008 07:12 PM 57,856 A0004369.exe
04/13/2008 07:12 PM 507,904 A0004370.exe
08/06/2009 06:24 PM 53,472 A0004371.exe
04/13/2008 07:11 PM 617,472 A0004372.dll
04/13/2008 07:11 PM 62,464 A0004373.dll
07/07/2008 03:26 PM 253,952 A0004374.dll
04/13/2008 07:11 PM 110,080 A0004375.dll
03/21/2009 09:06 AM 989,696 A0004376.dll
04/13/2008 07:11 PM 19,968 A0004377.dll
04/13/2008 07:11 PM 22,016 A0004378.dll
10/29/2009 02:46 AM 3,598,336 A0004379.dll
04/13/2008 07:12 PM 343,040 A0004380.dll
06/20/2008 12:46 PM 245,248 A0004381.dll
04/13/2008 07:12 PM 407,040 A0004382.dll
08/04/2009 07:44 PM 2,189,184 A0004383.exe
04/13/2008 07:12 PM 17,408 A0004384.dll
04/13/2008 07:12 PM 181,248 A0004385.dll
04/13/2008 07:12 PM 5,120 A0004386.dll
04/13/2008 07:12 PM 14,336 A0004387.exe
04/13/2008 07:12 PM 249,856 A0004388.dll
04/13/2008 07:12 PM 578,560 A0004389.dll
04/13/2008 07:12 PM 26,112 A0004390.exe
10/29/2009 02:46 AM 832,512 A0004391.dll
04/13/2008 07:12 PM 82,432 A0004392.dll
04/13/2008 07:12 PM 1,033,728 A0004393.exe
04/13/2008 07:12 PM 171,008 A0004394.dll
04/13/2008 07:12 PM 13,824 A0004395.exe
04/13/2008 07:12 PM 129,024 A0004396.dll
04/13/2008 07:11 PM 56,320 A0004397.dll
04/13/2008 07:12 PM 1,614,848 A0004398.dll
04/13/2008 07:12 PM 15,360 A0004399.exe
04/13/2008 07:12 PM 135,168 A0004400.dll
04/13/2008 07:12 PM 59,904 A0004401.dll
04/13/2008 07:12 PM 192,512 A0004402.dll
04/13/2008 07:12 PM 71,680 A0004403.dll
04/13/2008 07:12 PM 295,424 A0004404.dll
08/29/2002 07:00 AM 11,648 A0004405.sys
04/13/2008 11:39 AM 142,592 A0004406.sys
04/13/2008 01:36 PM 42,368 A0004407.sys
04/13/2008 01:53 PM 36,608 A0004408.sys
04/13/2008 07:11 PM 927,504 A0004409.dll
04/13/2008 07:11 PM 33,792 A0004410.dll
10/18/2006 08:47 PM 27,136 A0004411.dll
08/04/2009 09:20 AM 2,066,048 A0004412.exe
04/13/2008 07:12 PM 435,200 A0004413.dll
04/13/2008 07:12 PM 185,856 A0004414.dll
11/23/2009 05:52 AM 3,733 A0004415.cmd
11/16/2009 01:00 AM 3,392 A0004416.cmd
11/16/2009 01:03 AM 659 A0004417.cmd
11/16/2009 01:00 AM 2,146 A0004418.cmd
02/28/2010 01:23 AM 50,913 A0004419.cmd
12/24/2009 04:12 PM 20,040 A0004420.cmd
03/01/2010 10:51 PM 41 A0005311.pid
03/01/2010 11:10 PM 42 A0007310.pid
03/01/2010 11:10 PM 40,960 A0008309.dll
04/13/2008 07:12 PM 41,984 A0008310.dll
03/01/2010 09:03 AM 55,808 A0008311.exe
03/01/2010 09:03 AM 55,808 A0008312.exe
08/31/2000 08:00 AM 1,024 A0008313.sys
08/31/2000 08:00 AM 1,024 A0008314.sys
03/02/2010 03:08 AM 42 A0008320.pid
03/01/2010 08:37 PM 17,966 A0008321.cmd
12/06/2009 04:04 AM 1,870 A0008322.bat
01/02/2010 05:22 PM 17,071 A0008323.cmd
06/21/2009 03:34 PM 90,202 A0008324.dll
08/31/2000 08:00 AM 212,480 A0008325.exe
08/31/2000 08:00 AM 136,704 A0008326.exe
08/31/2000 08:00 AM 98,816 A0008327.exe
08/31/2000 08:00 AM 80,412 A0008328.exe
08/31/2000 08:00 AM 68,096 A0008329.exe
08/31/2000 08:00 AM 161,792 A0008330.exe
12/09/2009 10:54 PM 261,632 A0008331.exe
04/20/2009 12:56 PM 31,232 A0008332.exe
10/25/2009 06:11 AM 77,312 A0008333.exe
10/20/2005 08:02 PM 163,328 A0008335.EXE
03/01/2010 10:54 PM 1,242 A0008336.INF
12/05/2009 08:11 AM 3,030 A0008337.cmd
11/23/2009 12:54 AM 5,658 A0008338.cmd
03/01/2010 08:37 PM 5,236 A0008339.pif
01/14/2010 03:26 PM 93,142 A0008340.bat
03/01/2010 08:37 PM 972,917 A0008341.bat
03/02/2010 05:23 AM 41 A0009319.pid
03/02/2010 05:34 AM 1,368 change.log
03/01/2010 10:40 PM 183,890 change.log.1
03/02/2010 05:29 AM 17,540 change.log.10
03/01/2010 10:47 PM 18,014 change.log.2
03/01/2010 10:51 PM 5,676 change.log.3
03/01/2010 11:09 PM 294,938 change.log.4
03/01/2010 11:10 PM 5,676 change.log.5
03/01/2010 11:19 PM 3,260 change.log.6
03/02/2010 12:33 AM 5,676 change.log.7
03/02/2010 03:06 AM 12,566 change.log.8
03/02/2010 05:26 AM 78,594 change.log.9
03/01/2010 10:39 PM 8 RestorePointSize
03/01/2010 10:39 PM 536 rp.log
03/01/2010 10:42 PM <DIR> snapshot
269 File(s) 71,798,031 bytes

Directory of C:\System Volume Information\_restore{14AB0BD9-ED23-4445-98C1-95FB6C64B155}\RP2\snapshot

03/01/2010 10:42 PM <DIR> .
03/01/2010 10:42 PM <DIR> ..
07/10/2003 10:22 PM 22,992 ComDb.Dat
03/01/2010 10:39 PM 56 domain.txt
03/01/2010 10:39 PM <DIR> Repository
03/01/2010 10:39 PM 24,576 _REGISTRY_MACHINE_SAM
03/01/2010 10:39 PM 143,360 _REGISTRY_MACHINE_SECURITY
03/01/2010 10:39 PM 30,355,456 _REGISTRY_MACHINE_SOFTWARE
03/01/2010 10:39 PM 7,995,392 _REGISTRY_MACHINE_SYSTEM
03/01/2010 10:39 PM 454,656 _REGISTRY_USER_.DEFAULT
07/10/2003 10:18 PM 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
03/01/2010 10:39 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-19
03/01/2010 10:39 PM 241,664 _REGISTRY_USER_NTUSER_S-1-5-20
03/01/2010 10:39 PM 5,206,016 _REGISTRY_USER_NTUSER_S-1-5-21-3715381366-1113161050-1189867823-1005
03/01/2010 10:39 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
03/01/2010 10:39 PM 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
03/01/2010 10:39 PM 188,416 _REGISTRY_USER_USRCLASS_S-1-5-21-3715381366-1113161050-1189867823-1005
14 File(s) 45,152,776 bytes

Directory of C:\System Volume Information\_restore{14AB0BD9-ED23-4445-98C1-95FB6C64B155}\RP2\snapshot\Repository

03/01/2010 10:39 PM <DIR> .
03/01/2010 10:39 PM <DIR> ..
03/01/2010 08:06 PM 20 $WinMgmt.CFG
03/01/2010 10:39 PM <DIR> FS
1 File(s) 20 bytes

Directory of C:\System Volume Information\_restore{14AB0BD9-ED23-4445-98C1-95FB6C64B155}\RP2\snapshot\Repository\FS

03/01/2010 10:39 PM <DIR> .
03/01/2010 10:39 PM <DIR> ..
03/01/2010 10:39 PM 1,597,440 INDEX.BTR
03/01/2010 10:39 PM 872 INDEX.MAP
03/01/2010 10:39 PM 4 MAPPING.VER
03/01/2010 08:07 PM 3,828 MAPPING1.MAP
03/01/2010 10:39 PM 3,828 MAPPING2.MAP
03/01/2010 10:39 PM 5,849,088 OBJECTS.DATA
03/01/2010 10:39 PM 2,956 OBJECTS.MAP
7 File(s) 7,458,016 bytes

Total Files Listed:
513 File(s) 205,465,013 bytes
24 Dir(s) 3,760,136,192 bytes free


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:38 PM

Posted 03 March 2010 - 01:18 AM

Hi, Jorgieboy82 smile.gif

Save these instructions in the flash drive and follow these steps:

First
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as Fix.bat
  • Change the Save as Type to All Files
  • and Save it on the flash drive. Do not save this file on the working computer. You can accidentally run the file in the computer and damage its registry.
  • This file will be ran in the non working computer after following the next set of instructions..
QUOTE
Ren C:\windows\system32\config\system system.123
Ren C:\windows\system32\config\SAM SAM.123
Ren C:\windows\system32\config\SECURITY SECURITY.123
Ren C:\windows\system32\config\SOFTWARE SOFTWARE.123
Ren C:\windows\system32\config\DEFAULT DEFAULT.123

Copy "C:\System Volume Information\_restore{14AB0BD9-ED23-4445-98C1-95FB6C64B155}\RP1\snapshot\_REGISTRY_MACHINE_SAM" C:\
Copy "C:\System Volume Information\_restore{14AB0BD9-ED23-4445-98C1-95FB6C64B155}\RP1\snapshot\_REGISTRY_MACHINE_SECURITY" C:\
Copy "C:\System Volume Information\_restore{14AB0BD9-ED23-4445-98C1-95FB6C64B155}\RP1\snapshot\_REGISTRY_MACHINE_SOFTWARE" C:\
Copy "C:\System Volume Information\_restore{14AB0BD9-ED23-4445-98C1-95FB6C64B155}\RP1\snapshot\_REGISTRY_MACHINE_SYSTEM" C:\
Copy "C:\System Volume Information\_restore{14AB0BD9-ED23-4445-98C1-95FB6C64B155}\RP1\snapshot\_REGISTRY_USER_.DEFAULT" C:\

Copy C:\_REGISTRY_MACHINE_SAM C:\windows\system32\config\SAM
Copy C:\_REGISTRY_MACHINE_SECURITY C:\windows\system32\config\SECURITY
Copy C:\_REGISTRY_MACHINE_SOFTWARE C:\windows\system32\config\SOFTWARE
Copy C:\_REGISTRY_MACHINE_SYSTEM C:\windows\system32\config\SYSTEM
Copy C:\_REGISTRY_USER_.DEFAULT C:\windows\system32\config\DEFAULT
Del %0


Second
  • Boot the Non working computer using the OTLPE boot CD.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Using the Reatogo Explorer (Right click on the Start button and select Explore)
  • Navigate to the Flash drive and double click on the Fix.bat file you created earlier
Restart the computer back to the OTLPE CD.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Registry to All
    • Under the Custom Scan box paste this in

      %SYSTEMDRIVE%\*.*
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      Userinit.exe
      Explorer.exe
      /md5stop
      %systemroot%\System32\config\*.sav
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      CREATERESTOREPOINT
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

Edited by JSntgRvr, 03 March 2010 - 01:21 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:38 PM

Posted 03 March 2010 - 01:23 AM

BTW:

Once the batch file is ran, it will auto delete itself. Run the batch file just once.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 Jorgieboy82

Jorgieboy82
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 03 March 2010 - 01:48 AM

it didn't ask me "do you wish to load the remote registry?"
it went straight to "do you wish to load remote users for scanning" I pressed ok
and it asks to select user profile which has 5 options

Jorge
LocalService
NetworkService
postgres
systemprofile

Which do i choose?

#11 Jorgieboy82

Jorgieboy82
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 03 March 2010 - 06:15 AM

I proceeded with the scan anyway, Please keep in mind that OTLPE did not ask me "Do you wish to load the remote registry?" For user profile I selected Jorge and load all remaining users were checked off.

Also, you said to check off registry before running the scan. There were 2 options for registry, One standard registry the other extra registry, so I selected all for both because I wasn't sure which.

After the scan there was an OTL.txt and an extra.txt. I will upload both. but I only pasted OTL.txt


OTL logfile created on: 3/3/2010 5:53:10 AM - Run
OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 61.00% Memory free
463.00 Mb Paging File | 338.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 3.43 Gb Free Space | 24.54% Space Free | Partition Type: NTFS
Drive D: | 18.28 Gb Total Space | 3.09 Gb Free Space | 16.90% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.87 Gb Free Space | 100.00% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/16 20:35:28 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/10/15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/02/18 11:16:30 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/01/19 23:44:40 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/01/19 23:44:40 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/08 16:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard) [Auto] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/03/25 19:39:02 | 000,262,144 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
SRV - [2003/03/19 23:02:38 | 000,675,840 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
SRV - [2003/03/19 23:02:38 | 000,675,840 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
SRV - [2003/03/18 19:03:24 | 000,536,648 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer)
SRV - [2003/03/08 00:32:50 | 000,147,456 | ---- | M] () [Auto] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2003/02/10 15:11:12 | 000,057,344 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
SRV - [2003/02/10 15:11:12 | 000,057,344 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)
SRV - [2002/12/24 13:01:22 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2002/10/07 14:26:52 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | Disabled] -- -- (PCIIde)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2009/12/31 11:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/04 13:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/11/01 23:07:33 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/05/01 16:03:38 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2008/10/16 20:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/07/24 18:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/24 18:45:20 | 000,010,144 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lmimirr.sys -- (lmimirr)
DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 19:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 19:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 19:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 19:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 19:11:56 | 000,002,304 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\memchk.sys -- (memchk)
DRV - [2008/04/13 14:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 14:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 14:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 14:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 14:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 14:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 14:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 14:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 14:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 14:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 14:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 13:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 13:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 13:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 13:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 13:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 13:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 13:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 13:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 13:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 13:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 13:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
DRV - [2008/04/13 13:51:30 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmlane.sys -- (AtmLane)
DRV - [2008/04/13 13:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 13:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 13:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 13:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 13:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 13:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (usbstor)
DRV - [2008/04/13 13:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 13:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 13:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2008/04/13 13:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 13:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 13:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 13:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 13:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 13:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 13:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 13:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 13:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 13:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 13:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 13:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/13 13:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 13:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 13:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 13:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 13:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 13:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 13:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 13:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 13:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 13:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 13:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 13:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 13:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/04/13 13:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)
DRV - [2008/04/13 13:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 13:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 13:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 13:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 13:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 13:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 13:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 13:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 13:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/13 12:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/01/29 11:01:28 | 000,016,168 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/12/06 01:02:29 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/12/06 01:02:28 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/12/06 01:02:28 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2006/11/02 06:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2006/09/28 18:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 17:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2003/06/23 11:45:34 | 000,027,650 | ---- | M] (America Online) [Kernel | On_Demand] -- C:\Program Files\America Online 8.0a\atwpkt2.sys -- (ATWPKT2)
DRV - [2003/04/17 12:14:42 | 000,631,808 | ---- | M] (Intersil Americas Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EXPRESS.sys -- (PRISM)
DRV - [2003/03/13 16:19:00 | 000,164,736 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/03/13 16:17:00 | 000,622,592 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/03/13 16:15:00 | 001,106,944 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/03/08 00:34:22 | 000,540,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/02/28 00:36:04 | 000,090,852 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/12/11 13:22:00 | 000,011,044 | R--- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002/10/07 14:24:36 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/09/25 09:09:12 | 000,140,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2002/09/19 22:19:56 | 000,205,056 | ---- | M] (YAMAHA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97)
DRV - [2002/08/29 07:00:00 | 000,352,256 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atmuni.sys -- (Atmuni)
DRV - [2002/08/29 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2002/08/29 07:00:00 | 000,034,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rawwan.sys -- (Rawwan)
DRV - [2002/08/29 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2002/08/29 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2002/08/29 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2002/08/29 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/08/29 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2002/08/29 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2002/08/29 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2002/08/29 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2002/08/29 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2002/08/29 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2002/08/29 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2002/08/29 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2002/08/29 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2002/08/29 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2002/08/29 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2002/08/29 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2002/08/29 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2002/08/20 14:59:32 | 000,071,961 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2002/02/22 06:14:24 | 000,109,799 | ---- | M] (Alcatel Microelectronics) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ameatmpc.sys -- (AmeAtmPc)
DRV - [2001/08/17 13:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2000/12/05 18:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 22:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Jorge_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Jorge_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Jorge_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com/
IE - HKU\Jorge_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Jorge_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\postgres_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKU\postgres_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\postgres_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\postgres_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\postgres_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/22 05:16:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8FE521A1-615B-46AD-8613-B63A39970DFB}: C:\Documents and Settings\Jorge\Local Settings\Application Data\{8FE521A1-615B-46AD-8613-B63A39970DFB}
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/23 13:44:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/01 07:00:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2008/07/01 18:59:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010/03/01 07:00:32 | 000,000,000 | ---D | M]

[2010/03/01 09:34:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/23 13:44:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/07/01 19:16:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2007/12/10 20:34:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\kodak-companion@mozilla.com
[2007/12/10 20:34:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\kodak-online@partners.mozilla.com
[2010/02/23 13:44:39 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/02/23 13:44:39 | 000,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 16:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2009/05/12 13:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/05/18 17:41:32 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/02/23 13:44:45 | 000,065,496 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2008/06/11 22:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/07/01 18:59:01 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/07/01 18:59:01 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/07/01 18:59:01 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/07/01 18:59:01 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/07/01 18:59:01 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/07/01 18:59:01 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/07/01 18:59:01 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/01/12 17:07:00 | 002,633,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2009/02/02 17:15:00 | 003,771,296 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2007/08/06 11:07:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2009/05/01 16:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2007/07/18 13:54:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll
[2010/01/09 16:00:09 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/09 16:00:09 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/01/09 16:00:09 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/01/09 16:00:09 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/09 16:00:09 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/09 16:00:09 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/09 16:00:09 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/03/01 09:01:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {14c7d0ac-536c-4a24-a29b-611b014eb07e} - File not found
O2 - BHO: (C:\WINDOWS\system32\wjxqxx.dll) - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\System32\wjxqxx.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Jorge_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Jorge_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ()
O4 - HKLM..\Run: [AME_CSA] C:\WINDOWS\System32\AmeCSA.cpl (Alcatel Microelectronics)
O4 - HKLM..\Run: [Amimiwok] C:\WINDOWS\ufomiwokojegig.DLL File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\apoint.exe ()
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\ati2mdxx.exe ()
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe File not found
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezsp_px .exe File not found
O4 - HKLM..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\hkserv.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe ()
O4 - HKLM..\Run: [kajezuhiwo] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe ()
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkufind.exe ()
O4 - HKLM..\Run: [QuickTime Task] c:\program files\quicktime\qttask .exe ()
O4 - HKLM..\Run: [RemoveElanIcon] C:\WINDOWS\system32\elan.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe ()
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\partseal.exe ()
O4 - HKLM..\Run: [zafadigom] C:\WINDOWS\System32\foyaveva.DLL File not found
O4 - HKLM..\Run: [ZTgServerSwitch] c:\Program Files\support.com\client\lserver\server.vbs ()
O4 - HKU\.DEFAULT..\Run: [Remote System Protection] C:\WINDOWS\System32\wjxqxx.DLL File not found
O4 - HKU\Jorge_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Jorge_ON_C..\Run: [dbf70700 .exe] c:\Documents and Settings\Jorge\Application Data\998B8035ED5E143FF592409DA8768C1E\dbf70700 .exe (MS)
O4 - HKU\Jorge_ON_C..\Run: [dbf70700 .exe] c:\Documents and Settings\Jorge\Application Data\998B8035ED5E143FF592409DA8768C1E\dbf70700 .exe ()
O4 - HKU\Jorge_ON_C..\Run: [dbf70700 .exe] c:\Documents and Settings\Jorge\Application Data\998B8035ED5E143FF592409DA8768C1E\dbf70700 .exe ()
O4 - HKU\Jorge_ON_C..\Run: [Remote System Protection] C:\WINDOWS\System32\wjxqxx.DLL File not found
O4 - HKU\Jorge_ON_C..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe ()
O4 - HKU\postgres_ON_C..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl File not found
O4 - HKU\postgres_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\postgres_ON_C..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\postgres_ON_C..\Run: [zafadigom] C:\WINDOWS\System32\foyaveva.DLL File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Jorge\Application Data\SystemProc\lsass.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Jorge_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Jorge_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Jorge_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Jorge_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\postgres_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\postgres_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} http://www.cult3d.com/download/cult.cab (Cult3D ActiveX Player)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-...indows-i586.cab (Java Plug-in 1.4.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.29.103.15 24.29.103.16
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: heburojok - {927ae50f-1275-4be1-a073-6d1b8f81147e} - C:\WINDOWS\System32\foyaveva.dll File not found
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {927ae50f-1275-4be1-a073-6d1b8f81147e} - mujuzedij - C:\WINDOWS\System32\foyaveva.dll File not found
O22 - SharedTaskScheduler: {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - 7whfiudhf8s7f3oifhif7syfdhsof - C:\WINDOWS\System32\wjxqxx.dll File not found
O22 - SharedTaskScheduler: ThreadingModel - Apartment - Reg Error: Key error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/30 15:18:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/03 01:44:53 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/03/03 01:43:30 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/03/03 01:43:29 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/03/03 01:43:29 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/03/03 01:43:29 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/03/03 01:43:29 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/03/03 01:43:29 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/03/03 01:43:29 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/03/03 01:43:29 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/03/03 01:43:29 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/03/03 01:43:29 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/03/03 01:43:29 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/03/03 01:43:29 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/03/03 01:43:29 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/03/03 01:43:29 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/03/03 01:43:29 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/03/03 01:43:29 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/03/03 01:43:29 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/03/02 05:25:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/02 05:25:16 | 000,000,000 | --SD | C] -- C:\ComboFix114289C
[2010/03/02 02:01:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/02 02:01:52 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/02 00:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2010/03/01 23:05:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/01 22:54:14 | 000,000,000 | ---D | C] -- C:\ComboFix13102C
[2010/03/01 22:39:43 | 000,000,000 | ---D | C] -- C:\ComboFix1
[2010/03/01 14:17:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2010/03/01 09:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/01 08:32:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/01 08:32:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/01 08:32:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/01 08:32:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/01 07:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/01 07:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/01 07:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jorge\Desktop\GooredFix Backups
[2010/03/01 06:58:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\postgres\Cookies
[2010/03/01 06:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jorge\Application Data\998B8035ED5E143FF592409DA8768C1E
[2010/02/09 12:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jorge\Desktop\pix
[2010/02/06 20:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jorge\viewone
[2009/08/01 04:42:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jorge\Application Data\pcouffin.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/03 01:45:32 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/02 05:34:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/02 05:33:32 | 008,126,464 | ---- | M] () -- C:\WINDOWS\System\system
[2010/03/02 05:27:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/02 05:25:30 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/03/02 05:25:03 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\Jorge\ntuser.dat
[2010/03/02 03:06:39 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jorge\ntuser.ini
[2010/03/02 02:28:08 | 000,000,332 | RHS- | M] () -- C:\boot.ini
[2010/03/01 23:05:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/01 22:19:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Upload Library.job
[2010/03/01 09:12:55 | 000,024,576 | ---- | M] () -- C:\_REGISTRY_MACHINE_SAM
[2010/03/01 09:12:54 | 007,995,392 | ---- | M] () -- C:\_REGISTRY_MACHINE_SYSTEM
[2010/03/01 09:12:21 | 030,355,456 | ---- | M] () -- C:\_REGISTRY_MACHINE_SOFTWARE
[2010/03/01 09:11:03 | 000,143,360 | ---- | M] () -- C:\_REGISTRY_MACHINE_SECURITY
[2010/03/01 09:11:01 | 000,364,544 | ---- | M] () -- C:\_REGISTRY_USER_.DEFAULT
[2010/03/01 09:10:55 | 001,060,864 | ---- | M] () -- C:\Documents and Settings\postgres\ntuser.dat
[2010/03/01 09:10:32 | 000,241,664 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/03/01 09:03:15 | 000,055,808 | ---- | M] () -- C:\WINDOWS\System32\elan.exe
[2010/03/01 09:01:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/01 08:59:14 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\daturehi
[2010/03/01 08:46:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\postgres\ntuser.ini
[2010/03/01 08:24:38 | 003,875,634 | R--- | M] () -- C:\Documents and Settings\Jorge\Desktop\ComboFix1.exe
[2010/03/01 08:11:56 | 000,055,808 | ---- | M] () -- C:\WINDOWS\System32\ati2mdxx.exe
[2010/03/01 06:59:20 | 000,055,808 | ---- | M] () -- C:\WINDOWS\System32\ezsp_px.exe
[2010/03/01 06:53:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Imodalanahifureq.bin
[2010/03/01 06:53:57 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Jfijewat.dat
[2010/03/01 06:46:11 | 000,019,781 | ---- | M] () -- C:\Documents and Settings\Jorge\Desktop\++Demonoid.com++-Edge_of_Darkness_(2010)_Spanish_BRSCR_7584299.381.torrent
[2010/03/01 06:43:15 | 000,015,367 | ---- | M] () -- C:\Documents and Settings\Jorge\Desktop\From.Paris.With.Love.2010.1CD.R5.LiNE.Xvid-Noir.[www.torrentfive.com].torrent
[2010/03/01 06:42:36 | 000,014,895 | ---- | M] () -- C:\Documents and Settings\Jorge\Desktop\Armored.2009.RETAiL.DVDRip.XviD-ARROW.[www.torrentfive.com].torrent
[2010/02/27 09:53:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/25 01:43:46 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\Jorge\Desktop\Cake Poker.lnk
[2010/02/25 01:41:52 | 013,499,312 | ---- | M] () -- C:\Documents and Settings\Jorge\Desktop\FullcakeSetup.1.144.4.exe
[2010/02/22 22:12:55 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Jorge\Desktop\cherise grad essay edit.doc
[2010/02/18 23:31:29 | 000,007,979 | ---- | M] () -- C:\Documents and Settings\Jorge\Desktop\baby.jpg
[2010/02/16 22:33:00 | 000,024,881 | ---- | M] () -- C:\Documents and Settings\Jorge\Desktop\jorgie.JPG
[2010/02/16 22:30:01 | 000,024,781 | ---- | M] () -- C:\Documents and Settings\Jorge\Desktop\jorge.JPG
[2010/02/16 11:01:32 | 000,049,092 | ---- | M] () -- C:\Documents and Settings\Jorge\Desktop\cakes2.jpg
[2010/02/16 11:01:17 | 000,033,972 | ---- | M] () -- C:\Documents and Settings\Jorge\Desktop\cake1.jpg
[2010/02/11 10:44:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/05 07:56:28 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Jorge\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\daturehi
[2010/03/03 01:43:30 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/03/03 01:43:30 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/03/03 01:43:30 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/03/03 01:43:30 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/03/03 01:43:30 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/03/03 01:43:30 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/03/03 01:43:30 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/03/03 01:43:30 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/03/03 01:43:30 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/03/03 01:43:30 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/03/03 01:43:30 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/03/03 01:43:30 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/03/03 01:43:30 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/03/03 01:43:30 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/03/03 01:43:30 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/03 01:43:30 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/03/03 01:43:30 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/03/03 01:37:43 | 000,364,544 | ---- | C] () -- C:\_REGISTRY_USER_.DEFAULT
[2010/03/03 01:37:42 | 007,995,392 | ---- | C] () -- C:\_REGISTRY_MACHINE_SYSTEM
[2010/03/03 01:37:28 | 030,355,456 | ---- | C] () -- C:\_REGISTRY_MACHINE_SOFTWARE
[2010/03/03 01:37:28 | 000,143,360 | ---- | C] () -- C:\_REGISTRY_MACHINE_SECURITY
[2010/03/03 01:37:28 | 000,024,576 | ---- | C] () -- C:\_REGISTRY_MACHINE_SAM
[2010/03/01 09:10:52 | 001,060,864 | ---- | C] () -- C:\Documents and Settings\postgres\ntuser.dat
[2010/03/01 09:10:37 | 005,242,880 | ---- | C] () -- C:\Documents and Settings\Jorge\ntuser.dat
[2010/03/01 08:32:18 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/01 08:32:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/01 08:32:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/01 08:32:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/01 08:32:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/01 08:24:01 | 003,875,634 | R--- | C] () -- C:\Documents and Settings\Jorge\Desktop\ComboFix1.exe
[2010/03/01 06:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Imodalanahifureq.bin
[2010/03/01 06:53:57 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jfijewat.dat
[2010/03/01 06:46:08 | 000,019,781 | ---- | C] () -- C:\Documents and Settings\Jorge\Desktop\++Demonoid.com++-Edge_of_Darkness_(2010)_Spanish_BRSCR_7584299.381.torrent
[2010/03/01 06:43:14 | 000,015,367 | ---- | C] () -- C:\Documents and Settings\Jorge\Desktop\From.Paris.With.Love.2010.1CD.R5.LiNE.Xvid-Noir.[www.torrentfive.com].torrent
[2010/03/01 06:42:26 | 000,014,895 | ---- | C] () -- C:\Documents and Settings\Jorge\Desktop\Armored.2009.RETAiL.DVDRip.XviD-ARROW.[www.torrentfive.com].torrent
[2010/02/25 01:43:46 | 000,001,558 | ---- | C] () -- C:\Documents and Settings\Jorge\Desktop\Cake Poker.lnk
[2010/02/25 01:41:36 | 013,499,312 | ---- | C] () -- C:\Documents and Settings\Jorge\Desktop\FullcakeSetup.1.144.4.exe
[2010/02/22 16:08:48 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Jorge\Desktop\cherise grad essay edit.doc
[2010/02/18 23:31:24 | 000,007,979 | ---- | C] () -- C:\Documents and Settings\Jorge\Desktop\baby.jpg
[2010/02/16 22:33:00 | 000,024,881 | ---- | C] () -- C:\Documents and Settings\Jorge\Desktop\jorgie.JPG
[2010/02/16 22:30:00 | 000,024,781 | ---- | C] () -- C:\Documents and Settings\Jorge\Desktop\jorge.JPG
[2010/02/16 11:01:31 | 000,049,092 | ---- | C] () -- C:\Documents and Settings\Jorge\Desktop\cakes2.jpg
[2010/02/16 11:01:04 | 000,033,972 | ---- | C] () -- C:\Documents and Settings\Jorge\Desktop\cake1.jpg
[2010/01/08 02:40:28 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jorge\Local Settings\Application Data\housecall.guid.cache
[2009/12/29 11:56:46 | 000,201,744 | ---- | C] () -- C:\WINDOWS\System32\lastmon.dll.vir
[2009/08/01 04:42:42 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jorge\Application Data\pcouffin.cat
[2009/08/01 04:42:42 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jorge\Application Data\pcouffin.inf
[2009/03/12 15:38:33 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Jorge\Application Data\vso_ts_preview.xml
[2009/03/12 15:38:04 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Jorge\Application Data\pcouffin.log
[2007/08/06 12:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2004/11/18 09:16:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\nktwab.dll
[2004/04/08 11:40:58 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2004/03/30 08:08:52 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2003/08/25 16:15:23 | 000,000,317 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/07/28 16:41:08 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\MultLang.dll
[2003/07/28 16:41:05 | 000,002,701 | ---- | C] () -- C:\WINDOWS\System32\AmeCfg.ini
[2003/07/28 16:41:04 | 000,000,410 | ---- | C] () -- C:\WINDOWS\System32\WipCfg.ini
[2003/07/22 02:04:40 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Jorge\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/07/20 15:33:58 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/07/20 15:33:45 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/07/20 15:22:40 | 000,003,867 | ---- | C] () -- C:\WINDOWS\VTruck2.ini
[2003/07/20 15:18:53 | 000,002,719 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2003/07/14 23:43:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/01 14:22:47 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2003/04/30 21:53:50 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/30 21:53:32 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/30 21:12:36 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/04/30 20:56:29 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/04/30 19:54:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/30 19:29:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PcfEdit.INI
[2003/04/30 18:24:14 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/04/30 15:46:11 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/30 15:34:07 | 000,000,805 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/30 15:00:39 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/04/30 14:59:51 | 000,000,682 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/30 14:59:22 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\memchk.sys
[2002/12/15 04:01:00 | 000,921,600 | R--- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/12/15 04:01:00 | 000,876,544 | R--- | C] () -- C:\WINDOWS\System32\3ivx.dll
[2002/12/15 04:01:00 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/12/15 04:01:00 | 000,482,816 | R--- | C] () -- C:\WINDOWS\System32\VFCodec.dll
[2002/12/15 04:01:00 | 000,413,760 | R--- | C] () -- C:\WINDOWS\System32\mpg4c32.dll
[2002/12/15 04:01:00 | 000,311,296 | R--- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2002/12/15 04:01:00 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\rmp4.dll
[2002/12/15 04:01:00 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/12/15 04:01:00 | 000,225,280 | R--- | C] () -- C:\WINDOWS\System32\mtrv32.dll
[2002/12/15 04:01:00 | 000,188,416 | R--- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/15 04:01:00 | 000,152,064 | R--- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/12/15 04:01:00 | 000,124,928 | R--- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/12/15 04:01:00 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\AVIZLIB.DLL
[2002/12/15 04:01:00 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\mpeg2mux.dll
[2002/12/15 04:01:00 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\APmpg4v1.dll
[2002/12/15 04:01:00 | 000,100,864 | R--- | C] () -- C:\WINDOWS\System32\mtra32.dll
[2002/12/15 04:01:00 | 000,092,672 | R--- | C] () -- C:\WINDOWS\System32\ASUSASV2.dll
[2002/12/15 04:01:00 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\libfaad.dll
[2002/12/15 04:01:00 | 000,077,664 | R--- | C] () -- C:\WINDOWS\System32\IR21_R.DLL
[2002/12/15 04:01:00 | 000,071,680 | R--- | C] () -- C:\WINDOWS\System32\ASUSASV1.DLL
[2002/12/15 04:01:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\AVIMSZH.DLL
[2002/12/15 04:01:00 | 000,066,560 | R--- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2002/12/15 04:01:00 | 000,056,832 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2002/12/15 04:01:00 | 000,047,616 | R--- | C] () -- C:\WINDOWS\System32\Mpegdmx.dll
[2002/12/15 04:01:00 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2002/12/15 04:01:00 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/12/15 04:01:00 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\dsrmp4.dll
[2002/12/15 04:01:00 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AVIWRAP.DLL
[2002/12/15 04:01:00 | 000,023,552 | R--- | C] () -- C:\WINDOWS\System32\pdi.dll
[2002/12/15 04:01:00 | 000,019,968 | R--- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2002/12/15 04:01:00 | 000,011,264 | R--- | C] () -- C:\WINDOWS\System32\TEKYUV.DLL
[2002/12/15 04:01:00 | 000,000,761 | R--- | C] () -- C:\WINDOWS\M3JP2K.INI
[2002/12/15 04:01:00 | 000,000,714 | R--- | C] () -- C:\WINDOWS\m3jpeg.ini
[2002/12/15 04:01:00 | 000,000,702 | R--- | C] () -- C:\WINDOWS\MMTVMJ.INI
[2002/06/12 14:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll

========== LOP Check ==========

[2010/03/01 22:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jorge\Application Data\998B8035ED5E143FF592409DA8768C1E
[2009/02/24 22:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jorge\Application Data\Aim
[2010/03/01 22:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jorge\Application Data\BitTorrent
[2009/03/28 11:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jorge\Application Data\DNA
[2008/11/18 00:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jorge\Application Data\Hide IP NG
[2007/09/25 09:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jorge\Application Data\Image Zone Express
[2003/04/30 22:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jorge\Application Data\InterTrust
[2003/09/29 13:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jorge\Application Data\InterVideo
[2008/07/01 19:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jorge\Application Data\LimeWire
[2009/11/28 05:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jorge\Application Data\Multi File Downloader
[2004/01/25 03:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jorge\Application Data\Nikon
[2007/08/29 22:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jorge\Application Data\Printer Info Cache
[2009/12/29 11:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jorge\Application Data\Singlesnet
[2003/09/29 11:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jorge\Application Data\Template
[2010/01/23 09:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jorge\Application Data\Vso
[2003/04/30 22:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\postgres\Application Data\InterTrust
[2010/03/01 22:19:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\PCHealth Scheduler for Upload Library.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/12/22 23:02:24 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/03/02 05:29:37 | 000,045,318 | ---- | M] () -- C:\AmeCSAex.log
[2008/11/18 00:14:33 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2008/11/18 00:14:33 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2003/04/30 15:18:12 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/02/22 01:52:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/03/02 02:28:08 | 000,000,332 | RHS- | M] () -- C:\boot.ini
[2010/03/02 03:11:38 | 000,003,110 | ---- | M] () -- C:\bootex.log
[2009/12/17 01:57:09 | 000,001,260 | ---- | M] () -- C:\check.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2003/04/30 15:18:12 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2003/04/30 15:18:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/03 00:42:43 | 000,031,719 | ---- | M] () -- C:\Log.txt
[2003/04/30 15:18:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/02/22 01:41:09 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/07 19:46:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/03/01 09:30:56 | 000,000,432 | ---- | M] () -- C:\rkill.log
[2010/01/09 09:06:02 | 000,000,000 | ---- | M] () -- C:\rollback.ini
[2009/02/01 22:44:33 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log
[2010/03/01 09:12:55 | 000,024,576 | ---- | M] () -- C:\_REGISTRY_MACHINE_SAM
[2010/03/01 09:11:03 | 000,143,360 | ---- | M] () -- C:\_REGISTRY_MACHINE_SECURITY
[2010/03/01 09:12:21 | 030,355,456 | ---- | M] () -- C:\_REGISTRY_MACHINE_SOFTWARE
[2010/03/01 09:12:54 | 007,995,392 | ---- | M] () -- C:\_REGISTRY_MACHINE_SYSTEM
[2010/03/01 09:11:01 | 000,364,544 | ---- | M] () -- C:\_REGISTRY_USER_.DEFAULT


< MD5 for: AGP440.SYS >
[2008/02/22 01:35:00 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/07 19:38:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/02/22 01:35:00 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/07 19:38:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/02/22 01:35:00 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/07 19:38:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2008/02/22 01:35:00 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/07 19:38:48 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\ComboFix1\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\Documents and Settings\Jorge\Desktop\software\GooredFix Backups\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\System32\config\*.sav >
[2003/04/30 08:06:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/04/30 08:06:00 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/04/30 08:06:00 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 12:46:57 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2010/01/05 05:00:23 | 006,067,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2010/01/05 05:00:24 | 000,268,288 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 19:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 19:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/04/13 19:12:03 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\psapi.dll
[2008/06/17 14:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< CREATERESTOREPOINT >
< End of report >


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:38 PM

Posted 03 March 2010 - 12:00 PM

  • Boot to the OTLPE CD
  • Please double-click OTLPE.exe to run it as you did before.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    QUOTE
    :OTL
    O2 - BHO: (no name) - {14c7d0ac-536c-4a24-a29b-611b014eb07e} - File not found
    O2 - BHO: (C:\WINDOWS\system32\wjxqxx.dll) - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\System32\wjxqxx.dll File not found
    O4 - HKLM..\Run: [Amimiwok] C:\WINDOWS\ufomiwokojegig.DLL File not found
    O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezsp_px .exe File not found
    O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe File not found
    O4 - HKLM..\Run: [kajezuhiwo] File not found
    O4 - HKLM..\Run: [zafadigom] C:\WINDOWS\System32\foyaveva.DLL File not found
    O4 - HKU\.DEFAULT..\Run: [Remote System Protection] C:\WINDOWS\System32\wjxqxx.DLL File not found
    O4 - HKU\Jorge_ON_C..\Run: [dbf70700 .exe] c:\Documents and Settings\Jorge\Application Data\998B8035ED5E143FF592409DA8768C1E\dbf70700 .exe (MS)
    O4 - HKU\Jorge_ON_C..\Run: [dbf70700 .exe] c:\Documents and Settings\Jorge\Application Data\998B8035ED5E143FF592409DA8768C1E\dbf70700 .exe ()
    O4 - HKU\Jorge_ON_C..\Run: [dbf70700 .exe] c:\Documents and Settings\Jorge\Application Data\998B8035ED5E143FF592409DA8768C1E\dbf70700 .exe ()
    O4 - HKU\Jorge_ON_C..\Run: [Remote System Protection] C:\WINDOWS\System32\wjxqxx.DLL File not found
    O4 - HKU\postgres_ON_C..\Run: [zafadigom] C:\WINDOWS\System32\foyaveva.DLL File not found
    O21 - SSODL: heburojok - {927ae50f-1275-4be1-a073-6d1b8f81147e} - C:\WINDOWS\System32\foyaveva.dll File not found
    O22 - SharedTaskScheduler: {927ae50f-1275-4be1-a073-6d1b8f81147e} - mujuzedij - C:\WINDOWS\System32\foyaveva.dll File not found
    O22 - SharedTaskScheduler: {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - 7whfiudhf8s7f3oifhif7syfdhsof - C:\WINDOWS\System32\wjxqxx.dll File not found
    O22 - SharedTaskScheduler: ThreadingModel - Apartment - Reg Error: Key error. File not found


    :files
    C:\ComboFix114289C
    C:\WINDOWS\tmp
    C:\WINDOWS\temp
    C:\ComboFix13102C
    C:\ComboFix1
    C:\WINDOWS\SWXCACLS.exe
    C:\WINDOWS\SWREG.exe
    C:\WINDOWS\SWSC.exe
    C:\WINDOWS\NIRCMD.exe
    C:\WINDOWS\*.tmp
    C:\WINDOWS\System32\*.tmp
    C:\WINDOWS\System32\daturehi
    C:\Documents and Settings\Jorge\Desktop\ComboFix1.exe
    C:\WINDOWS\Imodalanahifureq.bin
    C:\WINDOWS\Jfijewat.dat
    C:\Documents and Settings\Jorge\Desktop\++Demonoid.com++-Edge_of_Darkness_(2010)_Spanish_BRSCR_7584299.381.torrent
    C:\Documents and Settings\Jorge\Desktop\From.Paris.With.Love.2010.1CD.R5.LiNE.Xvid-Noir.[www.torrentfive.com].torrent
    C:\Documents and Settings\Jorge\Desktop\Armored.2009.RETAiL.DVDRip.XviD-ARROW.[www.torrentfive.com].torrent
    C:\_REGISTRY_USER_.DEFAULT
    C:\_REGISTRY_MACHINE_SYSTEM
    C:\_REGISTRY_MACHINE_SOFTWARE
    C:\_REGISTRY_MACHINE_SECURITY
    C:\_REGISTRY_MACHINE_SAM
    C:\WINDOWS\PEV.exe
    C:\WINDOWS\sed.exe
    C:\WINDOWS\grep.exe
    C:\WINDOWS\MBR.exe
    C:\WINDOWS\zip.exe
    C:\WINDOWS\System32\lastmon.dll.vir

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.
Restart in Normal Mode.
  • Launch and update Malwarebytes' Anti-Malware[/b].
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Edited by JSntgRvr, 03 March 2010 - 12:01 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 Jorgieboy82

Jorgieboy82
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 03 March 2010 - 10:03 PM

Ok So I am back to where I started before I deleted the Windows\System32\Config\System. The computer now starts in normal mode and windows loads now. Now I am back to the original problem I was having from my very first post.

When windows loads I get a bunch of black screens popping up about 15-20 and they disappear, they all have different messages and then the computer freezes.

I can only make out the last one, C:\Docume~1\jorge\Applic`1|998B80`1\DBF707.exe
The other ones are also exe such as Logmein etc...
Then the computer freezes after the last one hits, So I cant run anything.

Here is the log report:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14c7d0ac-536c-4a24-a29b-611b014eb07e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14c7d0ac-536c-4a24-a29b-611b014eb07e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BA40A2-74F0-42BD-F434-00B15A2C8953}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BA40A2-74F0-42BD-F434-00B15A2C8953}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Amimiwok deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ezShieldProtector for Px deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ATIPTA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kajezuhiwo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zafadigom deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Remote System Protection deleted successfully.
Registry value HKEY_USERS\Jorge_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\dbf70700 .exe deleted successfully.
c:\Documents and Settings\Jorge\Application Data\998B8035ED5E143FF592409DA8768C1E\dbf70700 .exe moved successfully.
Registry value HKEY_USERS\Jorge_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\dbf70700 .exe not found.
File c:\Documents and Settings\Jorge\Application Data\998B8035ED5E143FF592409DA8768C1E\dbf70700 .exe not found.
Registry value HKEY_USERS\Jorge_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\dbf70700 .exe not found.
File c:\Documents and Settings\Jorge\Application Data\998B8035ED5E143FF592409DA8768C1E\dbf70700 .exe not found.
Registry value HKEY_USERS\Jorge_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Remote System Protection deleted successfully.
Registry value HKEY_USERS\postgres_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\zafadigom deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\heburojok deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{927ae50f-1275-4be1-a073-6d1b8f81147e}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{927ae50f-1275-4be1-a073-6d1b8f81147e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{927ae50f-1275-4be1-a073-6d1b8f81147e}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{A3BA40A2-74F0-42BD-F434-00B15A2C8953} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BA40A2-74F0-42BD-F434-00B15A2C8953}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\ThreadingModel deleted successfully.
========== FILES ==========
C:\ComboFix114289C\N_ folder moved successfully.
C:\ComboFix114289C folder moved successfully.
C:\WINDOWS\tmp folder moved successfully.
C:\WINDOWS\temp folder moved successfully.
C:\ComboFix13102C\N_ folder moved successfully.
C:\ComboFix13102C\HIV\Users\00000006 folder moved successfully.
C:\ComboFix13102C\HIV\Users\00000005 folder moved successfully.
C:\ComboFix13102C\HIV\Users\00000004 folder moved successfully.
C:\ComboFix13102C\HIV\Users\00000003 folder moved successfully.
C:\ComboFix13102C\HIV\Users\00000002 folder moved successfully.
C:\ComboFix13102C\HIV\Users\00000001 folder moved successfully.
C:\ComboFix13102C\HIV\Users folder moved successfully.
C:\ComboFix13102C\HIV folder moved successfully.
C:\ComboFix13102C folder moved successfully.
C:\ComboFix1\N_ folder moved successfully.
C:\ComboFix1 folder moved successfully.
C:\WINDOWS\SWXCACLS.exe moved successfully.
C:\WINDOWS\SWREG.exe moved successfully.
C:\WINDOWS\SWSC.exe moved successfully.
C:\WINDOWS\NIRCMD.exe moved successfully.
C:\WINDOWS\002318_.tmp moved successfully.
C:\WINDOWS\005509_.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\daturehi moved successfully.
C:\Documents and Settings\Jorge\Desktop\ComboFix1.exe moved successfully.
C:\WINDOWS\Imodalanahifureq.bin moved successfully.
C:\WINDOWS\Jfijewat.dat moved successfully.
C:\Documents and Settings\Jorge\Desktop\++Demonoid.com++-Edge_of_Darkness_(2010)_Spanish_BRSCR_7584299.381.torrent moved successfully.
C:\Documents and Settings\Jorge\Desktop\From.Paris.With.Love.2010.1CD.R5.LiNE.Xvid-Noir.[www.torrentfive.com].torrent moved successfully.
C:\Documents and Settings\Jorge\Desktop\Armored.2009.RETAiL.DVDRip.XviD-ARROW.[www.torrentfive.com].torrent moved successfully.
C:\_REGISTRY_USER_.DEFAULT moved successfully.
C:\_REGISTRY_MACHINE_SYSTEM moved successfully.
C:\_REGISTRY_MACHINE_SOFTWARE moved successfully.
C:\_REGISTRY_MACHINE_SECURITY moved successfully.
C:\_REGISTRY_MACHINE_SAM moved successfully.
C:\WINDOWS\PEV.exe moved successfully.
C:\WINDOWS\sed.exe moved successfully.
C:\WINDOWS\grep.exe moved successfully.
C:\WINDOWS\MBR.exe moved successfully.
C:\WINDOWS\zip.exe moved successfully.
C:\WINDOWS\System32\lastmon.dll.vir moved successfully.

OTLPE by OldTimer - Version 3.1.30.3 log created on 03032010_214846


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:38 PM

Posted 03 March 2010 - 11:14 PM

Lets see if I can detect other malware throughout OTLPE:

Restart the computer back to the OTLPE CD.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Registry to All
    • Under the Custom Scan box paste this in
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      Userinit.exe
      Explorer.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\System32\config\*.sav
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job
      CREATERESTOREPOINT
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 Jorgieboy82

Jorgieboy82
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 03 March 2010 - 11:24 PM

Is it a problem if i am not asked this?
When asked "Do you wish to load the remote registry", select Yes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users