Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

atapi.sys virus now xp wont boot


  • This topic is locked This topic is locked
30 replies to this topic

#1 tookiewayne

tookiewayne

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 07 March 2010 - 09:37 PM

I'm fixing this dell optiplex gx260 for this small insurance company in my home town. I had previously set it up with avast antivirus software and a comodo firewall. The firewall was causes some freezing so I uninstalled the firewall while the computer was disconnected from the internet. Then the computer said it had some updates to install. SP3 began installing on the computer and when it got near the end Avast said their was a virus detected. it was in C:\windows\system32\drivers\atapi.sys

So after trying to delete the file several times I selected do nothing and let the system finish installing the update. After that the computer rebooted and during the windows loading screen the blue screen of death popped and gave me a 0x0000007b (0xF8C0F528, 0xC0000034, 0x00000000, 0x00000000)

I tried using my avast bart cd and it removed a few viruses but the computer still won't boot on its own. I also have a copy of Winternals that might help but i don't know how i could use it to get the virus off. Please help, i don't want to wipe the hard drive. I have also tried using the windows xp installation disk to repair the start up files but repair isn't an available option when the disk loads.

Edited by Orange Blossom, 07 March 2010 - 09:47 PM.
Move from XP to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:27 AM

Posted 07 March 2010 - 09:54 PM

Hi, tookiewayne smile.gif

Welcome.

Lets give this a try. You will need a flash drive to move information from the sick computer to a working computer, so we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

Two programs to download

First

Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps.

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      ntoskrnl.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 tookiewayne

tookiewayne
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 08 March 2010 - 08:39 AM

i'm burning the cd now... i'll be back in few...

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:27 AM

Posted 08 March 2010 - 09:21 AM

thumbup2.gif

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 tookiewayne

tookiewayne
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 08 March 2010 - 09:43 AM

here is the log file:

OTL logfile created on: 3/8/2010 8:34:58 AM - Run
OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 322.00 Mb Available Physical Memory | 63.00% Memory free
462.00 Mb Paging File | 340.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 22.62 Gb Free Space | 60.71% Space Free | Partition Type: NTFS
Drive D: | 7.47 Gb Total Space | 4.30 Gb Free Space | 57.54% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/03/11 13:52:22 | 000,656,168 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/01/13 14:52:33 | 000,138,168 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/08/10 21:46:18 | 000,026,488 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2009/12/31 11:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/04 13:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/11/24 18:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 18:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 18:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 18:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/01/15 12:19:36 | 000,023,848 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/15 16:52:38 | 000,023,600 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32)
DRV - [2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 19:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 19:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 19:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 19:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 14:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 14:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 14:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 14:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 14:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 14:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 14:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 14:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 14:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 14:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 14:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 13:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 13:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 13:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 13:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 13:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 13:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 13:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 13:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 13:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 13:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 13:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
DRV - [2008/04/13 13:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 13:46:25 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC)
DRV - [2008/04/13 13:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC)
DRV - [2008/04/13 13:46:23 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE)
DRV - [2008/04/13 13:46:23 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP)
DRV - [2008/04/13 13:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP)
DRV - [2008/04/13 13:46:21 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip)
DRV - [2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 13:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 13:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 13:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 13:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 13:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 13:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 13:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 13:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 13:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 13:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 13:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 13:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 13:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 13:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 13:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/13 13:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 13:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 13:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 13:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 13:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 13:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 13:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 13:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 13:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/04/13 13:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 13:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/04/13 13:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 13:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 13:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 13:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 13:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 13:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 13:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 13:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 13:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 13:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 13:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 13:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 13:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 13:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/13 11:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/13 11:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/07 13:27:58 | 000,171,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel®
DRV - [2007/02/14 21:03:08 | 000,068,922 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2006/09/28 20:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 19:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2003/02/04 15:05:24 | 000,109,280 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/02/04 15:05:12 | 000,078,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/02/04 15:04:00 | 000,089,371 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2002/09/03 15:03:28 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2002/09/03 14:53:15 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2002/09/03 14:53:08 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2002/09/03 14:53:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2002/09/03 14:52:41 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/09/03 14:51:36 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2002/09/03 14:51:31 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2002/09/03 14:50:51 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2002/09/03 14:50:51 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2002/09/03 14:50:45 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2002/09/03 14:44:34 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2002/09/03 14:40:36 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2002/09/03 14:38:18 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2002/09/03 14:38:17 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2002/09/03 14:37:08 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2002/09/03 14:36:38 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2002/09/03 14:34:22 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2002/09/03 14:33:59 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2002/09/03 14:32:57 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/17 13:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myspace.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myspace.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Administrator_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/15 03:03:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/27 15:09:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/27 15:09:58 | 000,000,000 | ---D | M]

[2010/02/24 11:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/27 15:09:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/03 09:17:51 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2010/02/27 15:09:43 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/02/27 15:09:44 | 000,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/02/27 15:09:48 | 000,065,496 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/06/05 14:31:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/06/05 14:31:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/06/05 14:31:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/06/05 14:31:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/06/05 14:31:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/06/05 14:31:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/06/05 14:31:57 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/04/09 00:51:14 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/04/09 00:51:14 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/06/26 10:37:26 | 000,001,489 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/04/09 00:51:14 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/04/09 00:51:14 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/04/09 00:51:14 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/04/09 00:51:14 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

O1 HOSTS File: ([2002/09/03 14:39:21 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll (Vertro)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_13\bin\jusched.exe ()
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\Administrator_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [PersSecurity] C:\Program Files\PersSecurity\psecurity.exe File not found
O4 - HKU\Administrator_ON_C..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\Administrator_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Administrator_ON_C..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\RunOnce: [KB923561] C:\WINDOWS\System32\apphelp.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [KB955759] C:\WINDOWS\System32\apphelp.dll (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://aggressive.live.ptsapp.com/systemIn...criptX/smsx.cab (MeadCo ScriptX)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1231617598936 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.4.2/jin...indows-i586.cab (Java Plug-in 1.4.2_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_13)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/24 05:07:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/08 08:32:19 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/03/08 08:30:54 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/03/08 08:30:54 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/03/08 08:30:54 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/03/08 08:30:54 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/03/08 08:30:54 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/03/08 08:30:54 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/03/08 08:30:54 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/03/08 08:30:54 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/03/08 08:30:54 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/03/08 08:30:54 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/03/08 08:30:54 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/03/08 08:30:54 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/03/08 08:30:54 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/03/08 08:30:54 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/03/08 08:30:54 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/03/08 08:30:54 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/03/08 08:30:54 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/03/07 16:17:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/07 16:10:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/03/07 16:10:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/03/07 16:10:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/03/06 15:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\My Documents
[2010/03/06 15:36:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/02/28 20:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/02/28 20:06:07 | 000,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/28 20:06:07 | 000,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/28 20:06:06 | 000,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/28 20:06:05 | 000,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2010/02/28 20:06:04 | 000,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/28 20:06:04 | 000,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/28 20:06:04 | 000,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/28 20:06:04 | 000,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/28 20:05:36 | 001,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/28 20:05:36 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2010/02/28 20:05:36 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCP71.dll
[2010/02/28 20:05:36 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCR71.dll
[2010/02/28 20:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/28 20:03:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/28 16:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/02/28 16:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/28 15:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/02/25 12:49:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/02/25 12:49:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/02/25 12:49:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/02/25 12:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/02/25 12:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/02/25 12:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/02/25 12:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/02/25 12:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/02/25 12:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/02/25 12:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/02/25 12:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/02/25 12:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/02/25 12:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/02/25 12:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/02/25 12:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/02/25 12:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/02/25 12:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/02/23 07:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/23 07:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/20 14:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PersSecurityUninstall
[2010/02/15 18:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/13 03:28:28 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/02/12 10:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\alot
[2010/02/12 10:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\alot
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[232 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/08 08:32:45 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/07 16:34:38 | 000,229,376 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/03/07 16:34:38 | 000,229,376 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/03/07 16:34:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/07 16:34:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 16:34:18 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/07 16:34:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/03/07 16:33:55 | 000,003,023 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/03/07 16:28:55 | 000,095,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2010/03/07 16:03:21 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/03/07 15:39:31 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Media Player.lnk
[2010/03/07 15:39:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/07 14:52:11 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/03/03 13:00:21 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/03/02 19:26:06 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/02/28 20:06:04 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/26 11:51:20 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/24 15:56:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/23 08:41:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\315-p001.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[232 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/08 08:30:54 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/03/08 08:30:54 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/03/08 08:30:54 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/03/08 08:30:54 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/03/08 08:30:54 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/03/08 08:30:54 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/03/08 08:30:54 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/03/08 08:30:54 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/03/08 08:30:54 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/03/08 08:30:54 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/03/08 08:30:54 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/03/08 08:30:54 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/03/08 08:30:54 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/03/08 08:30:54 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/03/08 08:30:54 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/03/08 08:30:54 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/03/08 08:30:54 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/03/07 16:17:25 | 000,003,023 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/02/28 20:05:36 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/02/23 08:41:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\315-p001.exe
[2009/09/18 18:09:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/23 12:24:10 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2009/01/22 15:45:52 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Debug.ini
[2009/01/19 12:08:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/05 14:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\setup.txt
[2007/03/30 14:31:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dec_jl6.dll
[2002/09/03 14:56:24 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_006433_.tmp.dll
[2002/09/03 14:42:21 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_006465_.tmp.dll
[2002/09/03 14:33:39 | 000,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/02/12 10:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\alot
[2010/02/15 18:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/19 10:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CVS
[2009/01/15 17:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/03/02 19:26:06 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2010/03/03 13:00:21 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2009/01/15 15:33:21 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/03/07 15:56:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/15 15:33:21 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/03/07 15:56:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/03/07 15:56:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/09/03 14:56:52 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2009/01/15 15:33:21 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/03/07 15:56:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/15 15:33:21 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/03/07 15:56:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/03/07 15:56:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2010/03/04 12:08:38 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2010/03/07 16:28:55 | 000,095,360 | ---- | M] () MD5=F1DFB000CA9851498FDD6E682F958A8F -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTOSKRNL.EXE >
[2002/09/03 14:56:52 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:ntoskrnl.exe
[2009/01/15 15:33:21 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ntoskrnl.exe
[2010/03/07 15:56:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ntoskrnl.exe
[2009/01/15 15:33:21 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:ntoskrnl.exe
[2010/03/07 15:56:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ntoskrnl.exe
[2010/03/07 15:56:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sp3.cab:ntoskrnl.exe
[2009/12/09 00:52:36 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=05BE3D9A71972223AFF6A3C823BA51B1 -- C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[2008/04/13 14:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOWS\$NtUninstallKB956572$\ntoskrnl.exe
[2008/04/13 14:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
[2008/04/13 14:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntoskrnl.exe
[2009/12/08 13:14:02 | 002,185,984 | ---- | M] (Microsoft Corporation) MD5=128D88B3176E70B2E3088ECEB842B673 -- C:\WINDOWS\$hf_mig$\KB977165\SP2QFE\ntoskrnl.exe
[2008/08/14 05:00:45 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=21C91DA9CB53AA8A37041BA9684A8458 -- C:\WINDOWS\$NtUninstallKB956572_0$\ntoskrnl.exe
[2005/03/01 20:04:22 | 002,179,456 | ---- | M] (Microsoft Corporation) MD5=28187802B7C368C0D3AEF7D4C382AABB -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[2008/08/14 17:11:10 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=31914172342BFF330063F343AC6958FE -- C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[2005/03/01 19:59:53 | 002,179,328 | ---- | M] (Microsoft Corporation) MD5=4D4CF2C14550A4B7718E94A6E581856E -- C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
[2005/03/01 19:59:53 | 002,179,328 | ---- | M] (Microsoft Corporation) MD5=4D4CF2C14550A4B7718E94A6E581856E -- C:\WINDOWS\$NtUninstallKB956841_0$\ntoskrnl.exe
[2009/12/08 13:55:25 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=5648297DBF1C631164F779863DF9D5BF -- C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
[2009/02/06 05:32:03 | 002,186,112 | ---- | M] (Microsoft Corporation) MD5=6A936E9D7BADAF3CAAEED1E1966EC1B0 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[2009/12/08 14:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- C:\WINDOWS\$hf_mig$\KB977165\SP3GDR\ntoskrnl.exe
[2009/12/08 14:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[2009/12/08 14:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[2009/12/08 14:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- C:\WINDOWS\system32\ntoskrnl.exe
[2009/02/06 06:08:19 | 002,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[2009/02/06 06:08:19 | 002,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOWS\$NtUninstallKB971486$\ntoskrnl.exe
[2009/08/04 20:44:46 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=8415D9C7C050E7022AED8ABF281BE4A6 -- C:\WINDOWS\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[2009/08/04 20:44:46 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=8415D9C7C050E7022AED8ABF281BE4A6 -- C:\WINDOWS\$NtUninstallKB977165$\ntoskrnl.exe
[2009/08/04 07:51:17 | 002,185,984 | ---- | M] (Microsoft Corporation) MD5=8DF112C341425F29DB4566B8D2A96A7F -- C:\WINDOWS\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[2002/09/03 14:50:41 | 002,042,240 | ---- | M] (Microsoft Corporation) MD5=B9080D97DBD631AADF9128F7316958D2 -- C:\WINDOWS\$NtUninstallKB890859_0$\ntoskrnl.exe
[2004/08/04 01:19:59 | 002,180,992 | ---- | M] (Microsoft Corporation) MD5=CE218BC7088681FAA06633E218596CA7 -- C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
[2008/08/14 04:57:20 | 002,185,984 | ---- | M] (Microsoft Corporation) MD5=CE69DBD54221F2D40E49FF6DB77C6507 -- C:\WINDOWS\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[2009/08/04 09:00:46 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=D6B537A639D623ED85B73AF3E3BE4B94 -- C:\WINDOWS\$NtUninstallKB977165_0$\ntoskrnl.exe
[2008/08/14 05:11:02 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EEAF32F8E15A24F62BECB1BD403BB5C5 -- C:\WINDOWS\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[2009/02/07 19:35:26 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EFE8EACE83EAAD5849A7A548FB75B584 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2009/02/06 12:24:35 | 002,180,480 | ---- | M] (Microsoft Corporation) MD5=FACEBB0CA3154F77009CDFEE78A00BBB -- C:\WINDOWS\$NtUninstallKB971486_0$\ntoskrnl.exe
[2009/08/04 08:56:10 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=FDE779EA1A564EBFE16F4E0F82B61BAD -- C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %SYSTEMDRIVE%\*.* >
[2009/01/12 17:26:40 | 000,000,280 | ---- | M] () -- C:\ADAMSTK.TXT
[2008/10/24 05:07:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/01/15 15:42:43 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/10/24 05:07:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/01/22 15:38:01 | 000,000,532 | ---- | M] () -- C:\DDM.TXT
[2008/10/24 05:07:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/10/24 05:07:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/01/15 15:37:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/07 16:03:21 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/02/28 15:25:35 | 000,000,326 | ---- | M] () -- C:\rkill.log

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/10/23 23:57:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/10/23 23:57:28 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/10/23 23:57:28 | 000,401,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:27 AM

Posted 08 March 2010 - 10:02 AM

  • Boot to the OTLPE CD
  • Please double-click OTLPE.exe to run it as you did before.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    QUOTE
    :files
    C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\ServicePackFiles\i386\atapi.sys /replace
    C:\WINDOWS\*.tmp files
    C:\WINDOWS\System32\*.tmp
    C:\WINDOWS\System32\315-p001.exe

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

Restart in Normal mode.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    QUOTE
    :dir
    C:\WINDOWS\System32\zh-TW
    C:\WINDOWS\System32\zh-HK
    C:\WINDOWS\System32\tr-TR
    C:\WINDOWS\System32\sv-SE
    C:\WINDOWS\System32\pt-BR
    C:\WINDOWS\System32\nl-NL
    C:\WINDOWS\System32\nb-NO
    C:\WINDOWS\System32\ko-KR
    C:\WINDOWS\System32\it-IT
    C:\WINDOWS\System32\he-IL
    C:\WINDOWS\System32\fr-FR
    C:\WINDOWS\System32\fi-FI
    C:\WINDOWS\System32\es-ES
    C:\WINDOWS\System32\el-GR
    C:\WINDOWS\System32\de-DE
    C:\WINDOWS\System32\da-DK
    C:\WINDOWS\System32\ar-SA

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 tookiewayne

tookiewayne
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 08 March 2010 - 10:17 AM

here is the log from the run fix thing:
Error: Unable to interpret <C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\ServicePackFiles\i386\atapi.sys /replace> in the current context!
Error: Unable to interpret <C:\WINDOWS\*.tmp files> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\*.tmp> in the current context!
Error: Unable to interpret <C:\WINDOWS\System32\315-p001.exe> in the current context!

OTLPE by OldTimer - Version 3.1.30.3 log created on 03082010_091200

then when i tried to reboot the computer, i got the same blue screen on the windows loading screen.

i'm gonna try it one more time to be sure.

Edited by tookiewayne, 08 March 2010 - 10:20 AM.


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:27 AM

Posted 08 March 2010 - 10:51 AM

I saw an error in the script. Include the entire contents of the Quote box, including the :files switch.

QUOTE
:files
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\ServicePackFiles\i386\atapi.sys /replace
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\System32\315-p001.exe

Edited by JSntgRvr, 08 March 2010 - 10:58 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:27 AM

Posted 08 March 2010 - 10:55 AM

As an alternate, can you boot to the Recovery Console? That is in case this script fails.

Edited by JSntgRvr, 08 March 2010 - 10:59 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 tookiewayne

tookiewayne
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 08 March 2010 - 12:41 PM

what is the recovery console?

#11 tookiewayne

tookiewayne
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 08 March 2010 - 12:48 PM

i ran the fix and it completed successfully but when i tried to reboot the computer, it did the exact same thing. here is the log from the fix.

========== FILES ==========
File C:\WINDOWS\system32\drivers\atapi.sys successfully replaced with C:\WINDOWS\ServicePackFiles\i386\atapi.sys
C:\WINDOWS\002360_.tmp moved successfully.
C:\WINDOWS\005939_.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET14.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET41C.tmp moved successfully.
C:\WINDOWS\SETA.tmp moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET112.tmp moved successfully.
C:\WINDOWS\System32\SET113.tmp moved successfully.
C:\WINDOWS\System32\SET115.tmp moved successfully.
C:\WINDOWS\System32\SET117.tmp moved successfully.
C:\WINDOWS\System32\SET119.tmp moved successfully.
C:\WINDOWS\System32\SET120.tmp moved successfully.
C:\WINDOWS\System32\SET121.tmp moved successfully.
C:\WINDOWS\System32\SET1218.tmp moved successfully.
C:\WINDOWS\System32\SET1230.tmp moved successfully.
C:\WINDOWS\System32\SET1231.tmp moved successfully.
C:\WINDOWS\System32\SET123B.tmp moved successfully.
C:\WINDOWS\System32\SET124.tmp moved successfully.
C:\WINDOWS\System32\SET124E.tmp moved successfully.
C:\WINDOWS\System32\SET127A.tmp moved successfully.
C:\WINDOWS\System32\SET1295.tmp moved successfully.
C:\WINDOWS\System32\SET12AD.tmp moved successfully.
C:\WINDOWS\System32\SET12D.tmp moved successfully.
C:\WINDOWS\System32\SET12E.tmp moved successfully.
C:\WINDOWS\System32\SET12EB.tmp moved successfully.
C:\WINDOWS\System32\SET12F.tmp moved successfully.
C:\WINDOWS\System32\SET12F2.tmp moved successfully.
C:\WINDOWS\System32\SET12F3.tmp moved successfully.
C:\WINDOWS\System32\SET12F4.tmp moved successfully.
C:\WINDOWS\System32\SET12F6.tmp moved successfully.
C:\WINDOWS\System32\SET131.tmp moved successfully.
C:\WINDOWS\System32\SET1310.tmp moved successfully.
C:\WINDOWS\System32\SET1316.tmp moved successfully.
C:\WINDOWS\System32\SET1317.tmp moved successfully.
C:\WINDOWS\System32\SET132.tmp moved successfully.
C:\WINDOWS\System32\SET133.tmp moved successfully.
C:\WINDOWS\System32\SET134.tmp moved successfully.
C:\WINDOWS\System32\SET1340.tmp moved successfully.
C:\WINDOWS\System32\SET135.tmp moved successfully.
C:\WINDOWS\System32\SET1351.tmp moved successfully.
C:\WINDOWS\System32\SET1366.tmp moved successfully.
C:\WINDOWS\System32\SET1367.tmp moved successfully.
C:\WINDOWS\System32\SET136D.tmp moved successfully.
C:\WINDOWS\System32\SET137.tmp moved successfully.
C:\WINDOWS\System32\SET1372.tmp moved successfully.
C:\WINDOWS\System32\SET137B.tmp moved successfully.
C:\WINDOWS\System32\SET138.tmp moved successfully.
C:\WINDOWS\System32\SET1388.tmp moved successfully.
C:\WINDOWS\System32\SET139.tmp moved successfully.
C:\WINDOWS\System32\SET13C.tmp moved successfully.
C:\WINDOWS\System32\SET143.tmp moved successfully.
C:\WINDOWS\System32\SET144.tmp moved successfully.
C:\WINDOWS\System32\SET148.tmp moved successfully.
C:\WINDOWS\System32\SET14A.tmp moved successfully.
C:\WINDOWS\System32\SET14C.tmp moved successfully.
C:\WINDOWS\System32\SET153.tmp moved successfully.
C:\WINDOWS\System32\SET156.tmp moved successfully.
C:\WINDOWS\System32\SET157.tmp moved successfully.
C:\WINDOWS\System32\SET159.tmp moved successfully.
C:\WINDOWS\System32\SET15E.tmp moved successfully.
C:\WINDOWS\System32\SET15F.tmp moved successfully.
C:\WINDOWS\System32\SET160.tmp moved successfully.
C:\WINDOWS\System32\SET161.tmp moved successfully.
C:\WINDOWS\System32\SET162.tmp moved successfully.
C:\WINDOWS\System32\SET168.tmp moved successfully.
C:\WINDOWS\System32\SET16D.tmp moved successfully.
C:\WINDOWS\System32\SET16E.tmp moved successfully.
C:\WINDOWS\System32\SET171.tmp moved successfully.
C:\WINDOWS\System32\SET174.tmp moved successfully.
C:\WINDOWS\System32\SET175.tmp moved successfully.
C:\WINDOWS\System32\SET17C.tmp moved successfully.
C:\WINDOWS\System32\SET17D.tmp moved successfully.
C:\WINDOWS\System32\SET17F.tmp moved successfully.
C:\WINDOWS\System32\SET18C.tmp moved successfully.
C:\WINDOWS\System32\SET18D.tmp moved successfully.
C:\WINDOWS\System32\SET190.tmp moved successfully.
C:\WINDOWS\System32\SET192.tmp moved successfully.
C:\WINDOWS\System32\SET193.tmp moved successfully.
C:\WINDOWS\System32\SET194.tmp moved successfully.
C:\WINDOWS\System32\SET195.tmp moved successfully.
C:\WINDOWS\System32\SET196.tmp moved successfully.
C:\WINDOWS\System32\SET197.tmp moved successfully.
C:\WINDOWS\System32\SET1A7.tmp moved successfully.
C:\WINDOWS\System32\SET1AE.tmp moved successfully.
C:\WINDOWS\System32\SET1B2.tmp moved successfully.
C:\WINDOWS\System32\SET1B5.tmp moved successfully.
C:\WINDOWS\System32\SET1B6.tmp moved successfully.
C:\WINDOWS\System32\SET1BA.tmp moved successfully.
C:\WINDOWS\System32\SET1BB.tmp moved successfully.
C:\WINDOWS\System32\SET1BE.tmp moved successfully.
C:\WINDOWS\System32\SET1C0.tmp moved successfully.
C:\WINDOWS\System32\SET1C6.tmp moved successfully.
C:\WINDOWS\System32\SET1C7.tmp moved successfully.
C:\WINDOWS\System32\SET1C8.tmp moved successfully.
C:\WINDOWS\System32\SET1D0.tmp moved successfully.
C:\WINDOWS\System32\SET1D6.tmp moved successfully.
C:\WINDOWS\System32\SET1D9.tmp moved successfully.
C:\WINDOWS\System32\SET1DB.tmp moved successfully.
C:\WINDOWS\System32\SET1E0.tmp moved successfully.
C:\WINDOWS\System32\SET1E1.tmp moved successfully.
C:\WINDOWS\System32\SET1EF.tmp moved successfully.
C:\WINDOWS\System32\SET1F1.tmp moved successfully.
C:\WINDOWS\System32\SET1F3.tmp moved successfully.
C:\WINDOWS\System32\SET1FE.tmp moved successfully.
C:\WINDOWS\System32\SET200.tmp moved successfully.
C:\WINDOWS\System32\SET201.tmp moved successfully.
C:\WINDOWS\System32\SET204.tmp moved successfully.
C:\WINDOWS\System32\SET206.tmp moved successfully.
C:\WINDOWS\System32\SET209.tmp moved successfully.
C:\WINDOWS\System32\SET20E.tmp moved successfully.
C:\WINDOWS\System32\SET21B.tmp moved successfully.
C:\WINDOWS\System32\SET21C.tmp moved successfully.
C:\WINDOWS\System32\SET223.tmp moved successfully.
C:\WINDOWS\System32\SET224.tmp moved successfully.
C:\WINDOWS\System32\SET227.tmp moved successfully.
C:\WINDOWS\System32\SET228.tmp moved successfully.
C:\WINDOWS\System32\SET229.tmp moved successfully.
C:\WINDOWS\System32\SET22A.tmp moved successfully.
C:\WINDOWS\System32\SET22B.tmp moved successfully.
C:\WINDOWS\System32\SET22D.tmp moved successfully.
C:\WINDOWS\System32\SET22E.tmp moved successfully.
C:\WINDOWS\System32\SET22F.tmp moved successfully.
C:\WINDOWS\System32\SET231.tmp moved successfully.
C:\WINDOWS\System32\SET232.tmp moved successfully.
C:\WINDOWS\System32\SET233.tmp moved successfully.
C:\WINDOWS\System32\SET238.tmp moved successfully.
C:\WINDOWS\System32\SET23D.tmp moved successfully.
C:\WINDOWS\System32\SET23E.tmp moved successfully.
C:\WINDOWS\System32\SET23F.tmp moved successfully.
C:\WINDOWS\System32\SET244.tmp moved successfully.
C:\WINDOWS\System32\SET245.tmp moved successfully.
C:\WINDOWS\System32\SET246.tmp moved successfully.
C:\WINDOWS\System32\SET248.tmp moved successfully.
C:\WINDOWS\System32\SET24B.tmp moved successfully.
C:\WINDOWS\System32\SET24D.tmp moved successfully.
C:\WINDOWS\System32\SET24E.tmp moved successfully.
C:\WINDOWS\System32\SET251.tmp moved successfully.
C:\WINDOWS\System32\SET255.tmp moved successfully.
C:\WINDOWS\System32\SET258.tmp moved successfully.
C:\WINDOWS\System32\SET259.tmp moved successfully.
C:\WINDOWS\System32\SET25B.tmp moved successfully.
C:\WINDOWS\System32\SET26D.tmp moved successfully.
C:\WINDOWS\System32\SET26E.tmp moved successfully.
C:\WINDOWS\System32\SET271.tmp moved successfully.
C:\WINDOWS\System32\SET272.tmp moved successfully.
C:\WINDOWS\System32\SET27C.tmp moved successfully.
C:\WINDOWS\System32\SET27E.tmp moved successfully.
C:\WINDOWS\System32\SET280.tmp moved successfully.
C:\WINDOWS\System32\SET281.tmp moved successfully.
C:\WINDOWS\System32\SET28C.tmp moved successfully.
C:\WINDOWS\System32\SET28E.tmp moved successfully.
C:\WINDOWS\System32\SET28F.tmp moved successfully.
C:\WINDOWS\System32\SET290.tmp moved successfully.
C:\WINDOWS\System32\SET291.tmp moved successfully.
C:\WINDOWS\System32\SET293.tmp moved successfully.
C:\WINDOWS\System32\SET295.tmp moved successfully.
C:\WINDOWS\System32\SET298.tmp moved successfully.
C:\WINDOWS\System32\SET2A4.tmp moved successfully.
C:\WINDOWS\System32\SET2A6.tmp moved successfully.
C:\WINDOWS\System32\SET2A7.tmp moved successfully.
C:\WINDOWS\System32\SET2A8.tmp moved successfully.
C:\WINDOWS\System32\SET2B0.tmp moved successfully.
C:\WINDOWS\System32\SET2B2.tmp moved successfully.
C:\WINDOWS\System32\SET2B3.tmp moved successfully.
C:\WINDOWS\System32\SET2B9.tmp moved successfully.
C:\WINDOWS\System32\SET2C4.tmp moved successfully.
C:\WINDOWS\System32\SET2C7.tmp moved successfully.
C:\WINDOWS\System32\SET2C8.tmp moved successfully.
C:\WINDOWS\System32\SET2C9.tmp moved successfully.
C:\WINDOWS\System32\SET2CD.tmp moved successfully.
C:\WINDOWS\System32\SET2D5.tmp moved successfully.
C:\WINDOWS\System32\SET2DC.tmp moved successfully.
C:\WINDOWS\System32\SET2DE.tmp moved successfully.
C:\WINDOWS\System32\SET2E7.tmp moved successfully.
C:\WINDOWS\System32\SET2FB.tmp moved successfully.
C:\WINDOWS\System32\SET2FF.tmp moved successfully.
C:\WINDOWS\System32\SET301.tmp moved successfully.
C:\WINDOWS\System32\SET303.tmp moved successfully.
C:\WINDOWS\System32\SET309.tmp moved successfully.
C:\WINDOWS\System32\SET30D.tmp moved successfully.
C:\WINDOWS\System32\SET318.tmp moved successfully.
C:\WINDOWS\System32\SET319.tmp moved successfully.
C:\WINDOWS\System32\SET31B.tmp moved successfully.
C:\WINDOWS\System32\SET321.tmp moved successfully.
C:\WINDOWS\System32\SET323.tmp moved successfully.
C:\WINDOWS\System32\SET324.tmp moved successfully.
C:\WINDOWS\System32\SET32A.tmp moved successfully.
C:\WINDOWS\System32\SET33C.tmp moved successfully.
C:\WINDOWS\System32\SET33E.tmp moved successfully.
C:\WINDOWS\System32\SET340.tmp moved successfully.
C:\WINDOWS\System32\SET34C.tmp moved successfully.
C:\WINDOWS\System32\SET358.tmp moved successfully.
C:\WINDOWS\System32\SET36A.tmp moved successfully.
C:\WINDOWS\System32\SET370.tmp moved successfully.
C:\WINDOWS\System32\SET395.tmp moved successfully.
C:\WINDOWS\System32\SET397.tmp moved successfully.
C:\WINDOWS\System32\SET39E.tmp moved successfully.
C:\WINDOWS\System32\SET39F.tmp moved successfully.
C:\WINDOWS\System32\SET3A0.tmp moved successfully.
C:\WINDOWS\System32\SET3A2.tmp moved successfully.
C:\WINDOWS\System32\SET3A3.tmp moved successfully.
C:\WINDOWS\System32\SET3A4.tmp moved successfully.
C:\WINDOWS\System32\SET3A7.tmp moved successfully.
C:\WINDOWS\System32\SET3A9.tmp moved successfully.
C:\WINDOWS\System32\SET3AA.tmp moved successfully.
C:\WINDOWS\System32\SET3AB.tmp moved successfully.
C:\WINDOWS\System32\SET3AE.tmp moved successfully.
C:\WINDOWS\System32\SET3B0.tmp moved successfully.
C:\WINDOWS\System32\SET3B5.tmp moved successfully.
C:\WINDOWS\System32\SET3B6.tmp moved successfully.
C:\WINDOWS\System32\SET3BE.tmp moved successfully.
C:\WINDOWS\System32\SET3C5.tmp moved successfully.
C:\WINDOWS\System32\SET3CA.tmp moved successfully.
C:\WINDOWS\System32\SET3CD.tmp moved successfully.
C:\WINDOWS\System32\SET3D0.tmp moved successfully.
C:\WINDOWS\System32\SET3D2.tmp moved successfully.
C:\WINDOWS\System32\SET3D6.tmp moved successfully.
C:\WINDOWS\System32\SET3D8.tmp moved successfully.
C:\WINDOWS\System32\SET3D9.tmp moved successfully.
C:\WINDOWS\System32\SET3DD.tmp moved successfully.
C:\WINDOWS\System32\SET3DE.tmp moved successfully.
C:\WINDOWS\System32\SET3E2.tmp moved successfully.
C:\WINDOWS\System32\SET3E3.tmp moved successfully.
C:\WINDOWS\System32\SET3E6.tmp moved successfully.
C:\WINDOWS\System32\SET3E9.tmp moved successfully.
C:\WINDOWS\System32\SET3EC.tmp moved successfully.
C:\WINDOWS\System32\SET3EF.tmp moved successfully.
C:\WINDOWS\System32\SET3F3.tmp moved successfully.
C:\WINDOWS\System32\SET3F5.tmp moved successfully.
C:\WINDOWS\System32\SET3F7.tmp moved successfully.
C:\WINDOWS\System32\SET69C.tmp moved successfully.
C:\WINDOWS\System32\SET6A0.tmp moved successfully.
C:\WINDOWS\System32\SET6A1.tmp moved successfully.
C:\WINDOWS\System32\SET6A8.tmp moved successfully.
C:\WINDOWS\System32\SETF81.tmp moved successfully.
C:\WINDOWS\System32\SETF86.tmp moved successfully.
C:\WINDOWS\System32\SETFBD.tmp moved successfully.
C:\WINDOWS\System32\315-p001.exe moved successfully.

OTLPE by OldTimer - Version 3.1.30.3 log created on 03082010_114411


#12 tookiewayne

tookiewayne
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 08 March 2010 - 01:54 PM

any ideas? i'm using winternals right now to try a system restore. maybe that will get the computer to boot again. this thing is running super slow.

#13 tookiewayne

tookiewayne
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 08 March 2010 - 02:03 PM

the system restore did work. and i tried loading the recovery console but it only gave me the option to install xp again or delete the partition. nothing else is working.

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:27 AM

Posted 08 March 2010 - 02:17 PM

What is the error message when attempting to boot in Normal Mode? Do not install nor run a program while we work on your computer. That will create confusion as I fixed your registry, and I am sure the Restore will set back what we do.

Restart the computer back to the OTLPE CD.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Registry to All
    • Under the Custom Scan box paste this in
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      Userinit.exe
      Explorer.exe
      SCLWAPI.dll
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\System32\config\*.sav
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 tookiewayne

tookiewayne
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 08 March 2010 - 07:03 PM

it keeps giving me the same stop error 0x0000007b (0xF8C0F528, 0xC0000034, 0x00000000, 0x00000000)
i'm running the scan again so i'll be back to show the results.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users