Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM


  • This topic is locked This topic is locked
40 replies to this topic

#1 Crono139

Crono139

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 12 March 2010 - 10:08 PM

Came home from work to see this lovely message on my laptop during startup.

Windows could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM

You can attempt to repair this file by starting Windows Setup using the original Setup CD-ROM.
Select 'r' at the first screen to start the repair.


I have my SP3 CD handy, but I'm not sure which route to take when using the RC, or if I should try UBCD4WIN first as I've seen it as a possible solution ().


Thanks in advance, guys.

BC AdBot (Login to Remove)

 


#2 petewills

petewills

  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:11:38 AM

Posted 13 March 2010 - 09:47 AM

I've fixed that error message a couple of times on my desktop pc, with chkdsk /r

I also have a UBCD4WIN disk, but have never needed it, as the above has been successful.

If you can boot to it from your SP3 slipstream disk, you could run chkdsk /r from the Recovery Console.

Back up your important data, first; you could use a Linux Live CD, to do that, as your laptop won't boot.
--------------------------------------------------------------------------------------------------------------------------------------------

Run CHKDSK to attempt to Repair Your Damaged Hard Disk from the Recovery Console.

1.Boot your computer from the CD

2.Your computer will begin to boot.
Eventually, you will see a screen asking you what you would like to do.
Press the letter R on your keyboard to proceed to the Windows Recovery Console.

3.As you progress to the Recovery Console you may be asked which partition you would like to boot into.
Type the number associated with the partition containing your NTFS partition (usually 1 or 2) and then press enter to continue.
You may be asked for your administrator password. If you have one, type it in and press enter.
If you do not have a password to boot your computer into Windows, simply press enter.

4.Now you should be at a command prompt.
From here, type the following command without the quotes and press enter: "chkdsk /p"
(OR go straight to Step 6, because /r locates bad sectors and recovers readable information. Implies /p.).

5. /p is a short test that will tell you whether or not a longer test is needed.
If after the test completes, the message "One or more errors detected on the volume" appears,
then proceed to step 6. If no errors are reported, then your drive cannot be repaired using chkdsk.

6.Now you should be back at the command prompt.
Type the following command without the quotes and press enter: "chkdsk /r"

7.This test will take a while depending on the size of your drive. It will look for the errors on your drive and repair them.
When it completes, you will be back at a command prompt.

8.Now type "chkdsk /p" again and press enter. If no errors are reported, your drive has been successfully repaired
and is safe to use again temporarily. If errors are still reported, then your drive may be on its last legs.
You may be able to boot it now though.

9.Remove the CD from your system and restart your laptop.

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,260 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:38 AM

Posted 13 March 2010 - 10:58 AM

How to recover from a corrupted registry that prevents Windows XP from starting - http://support.microsoft.com/kb/307545

Louis

#4 Crono139

Crono139
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 30 March 2010 - 11:46 PM

Backed up my files without any major problems, just a single file here, or there that wouldn't transfer over.


chkdsk /p - One or more errors found.
chkdsk /r - One or more errors fixed.
chkdsk /p - No errors found.
**reboot, same error message**
chkdsk /p - No errors found.
chkdsk /r (just for the hell of it) - One or more errors fixed.
chkdsk /p - One or more errors found.
**reboot, same error message**

Ugh. This thing may be toast.

#5 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:38 AM

Posted 30 March 2010 - 11:51 PM

When I got that message a while back I was able to use a rescue disk (boot disk) from the Fix-It-Utilities 9 disk to go in and use System Restore to restore my computer to a previous date and that fixed it like nothing had ever been wrong with the computer.

All I had to do was put in that disk, start the computer, and select use System Restore. It let me choose a restore point and in a very short amount of time, all was well. Took less than 30 minutes from putting the disk in to being up and running again.

I bought the disk at Wal-Mart for about 30 bucks and it has a lot of other utilities on it too, including one year of anti-virus protection. I found it well worth the 30 bucks.

Another way you might be able to use System Restore is if you can get to safe mode with command prompt. If you can, follow the directions from this article from Microsoft...

http://support.microsoft.com/kb/304449

To start System Restore using the Command prompt, follow these steps:

Restart your computer, and then press and hold F8 during the initial startup to start your computer in safe mode with a Command prompt.
Use the arrow keys to select the Safe mode with a Command prompt option.
If you are prompted to select an operating system, use the arrow keys to select the appropriate operating system for your computer, and then press ENTER.
Log on as an administrator or with an account that has administrator credentials.

At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER.
Follow the instructions that appear on the screen to restore your computer to a functional state.

Edited by Stang777, 31 March 2010 - 12:04 AM.


#6 Crono139

Crono139
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 01 April 2010 - 11:59 PM

No luck with safe mode. Same error message.

#7 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:38 AM

Posted 02 April 2010 - 12:11 AM

Bummer, I would try to pick up a copy of that Fix-It Utilities 9 that I used as it sure did the trick for me. I thought for sure I was going to have to format and reinstall and that thing saved me from having to do that.

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:38 AM

Posted 02 April 2010 - 12:51 AM

Hi, Crono139 smile.gif

Lets give this a try. You will need a flash drive to move information from the sick computer to a working computer, so we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

Two programs to download

First

Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps.

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standart Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      ntoskrnl.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Crono139

Crono139
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 02 April 2010 - 08:54 PM

OTL logfile created on: 4/2/2010 3:21:53 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
(Version = .) - Type =
Internet Explorer (Version = )
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 344.00 Mb Available Physical Memory | 68.00% Memory free
458.00 Mb Paging File | 329.00 Mb Available in Paging File | 72.00% Paging File free
Paging file location(s): Reg Error: Key error.

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 4.66 Gb Free Space | 6.25% Space Free | Partition Type: NTFS
Drive D: | 1.89 Gb Total Space | 1.73 Gb Free Space | 91.58% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Unable to determine ControlSet!

========== Win32 Services (SafeList) ==========


========== Driver Services (All) ==========


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[2010/03/12 20:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/24 21:26:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/01 19:24:53 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2008/12/14 23:39:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2010/02/24 21:25:55 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/02/24 21:25:56 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/25 12:41:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008/12/14 23:38:48 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/25 12:41:24 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/09/25 12:41:34 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/02/24 21:26:14 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/12/21 19:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/12 12:39:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/12 12:39:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/12 12:39:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/12 12:39:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/12 12:39:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/12 12:39:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/12 12:39:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/09/25 12:41:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2010/02/24 21:26:19 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/02/24 21:26:19 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/06/11 08:57:56 | 000,002,221 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml
[2010/02/24 21:26:19 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/02/24 21:26:19 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/02/24 21:26:19 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/02/24 21:26:19 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/02/24 21:26:19 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/06/27 00:48:06 | 000,307,205 | R--- | M]) - C:\Windows\System32\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10575 more lines...
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O13 - ftp Prefix: missing
O13 - gopher Prefix: missing
O13 - home Prefix: missing
O13 - mosaic Prefix: missing
O13 - www Prefix: missing
O20 - HKLM Winlogon: Shell - ( ) - (Registry key not found)
O20 - HKLM Winlogon: UserInit - ( ) - (Registry key not found)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2008/12/11 20:46:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O37 - HKLM\...com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
O37 - HKLM\...exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/12 16:56:14 | 000,000,000 | ---D | C] -- C:\Windows\tmp
[2010/03/09 04:00:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\oodag
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/12 21:17:52 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-152049171-1801674531-1003UA.job
[2010/03/12 21:12:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/12 21:01:15 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\Scheduled Update for Ask Toolbar.job
[2010/03/12 21:00:01 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/03/12 20:17:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-152049171-1801674531-1003Core.job
[2010/03/12 20:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/03/12 19:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/03/12 18:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/03/12 17:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/03/12 16:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/03/12 15:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/03/12 14:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/03/12 13:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/03/12 12:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/03/12 11:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/03/12 10:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/03/12 09:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/03/12 08:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/03/12 07:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/03/12 06:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/03/12 05:11:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/12 05:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/03/12 04:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/03/12 03:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/03/12 02:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/03/12 01:02:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/03/12 00:00:01 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/03/11 23:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/03/11 22:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/03/11 19:26:00 | 000,050,868 | ---- | M] () -- C:\Windows\System32\nvapps.xml
[2010/03/11 19:25:41 | 000,013,646 | ---- | M] () -- C:\Windows\System32\wpa.dbl
[2010/03/11 19:24:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/11 19:23:19 | 000,002,048 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/11 19:22:48 | 000,332,379 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010/03/09 15:32:16 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/06 13:23:06 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\Windows\System32\zurokimi
[2010/01/31 18:42:04 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/10/26 00:38:06 | 000,000,037 | ---- | C] () -- C:\Windows\avitozuneconverter.ini
[2008/12/16 16:55:29 | 000,000,754 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/12/16 15:50:23 | 004,762,112 | ---- | C] () -- C:\Windows\System32\NCMedia.dll
[2008/12/16 15:50:23 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/16 15:50:23 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2008/11/21 17:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2006/05/12 14:23:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll
[2006/04/26 20:48:00 | 001,662,976 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2006/04/26 20:48:00 | 001,466,368 | ---- | C] () -- C:\Windows\System32\nview.dll
[2006/04/26 20:48:00 | 001,019,904 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2006/04/26 20:48:00 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvshell.dll
[2006/04/26 20:48:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\nvapi.dll
[2002/05/16 00:29:04 | 000,000,607 | ---- | C] () -- C:\Windows\System32\BTNeighborhood.dll.manifest
[2001/11/23 19:18:00 | 000,000,597 | ---- | C] () -- C:\Windows\System32\btcss.dll.manifest
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/03/09 15:32:16 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/03/12 01:02:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/03/12 10:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/03/12 11:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/03/12 12:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/03/12 13:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/03/12 14:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/03/12 15:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/03/12 16:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/03/12 17:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/03/12 18:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/03/12 19:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/03/12 02:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/03/12 20:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/03/12 21:00:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/03/11 22:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/03/11 23:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/03/12 00:00:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/03/12 03:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/03/12 04:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/03/12 05:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/03/12 06:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/03/12 07:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/03/12 08:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/03/12 09:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/03/12 21:01:15 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========


========== Custom Scans ==========

< MD5 for: AGP440.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2009/05/15 16:17:02 | 000,032,768 | ---- | M] (Panasonic Corporation) MD5=18312FA8B6AAEC330A2A9483A77FF650 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 4.0 HD\HDWTools\EventLog.dll
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2009/06/30 21:14:04 | 000,043,008 | ---- | M] (Panasonic Corporation) MD5=A1CA50875E94802D0B7EC87708201320 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 4.0 HD\Core\EventLog\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTOSKRNL.EXE >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ntoskrnl.exe
[2009/02/06 07:06:41 | 002,145,280 | ---- | M] (Microsoft Corporation) MD5=0CBA44D0938D57F334C0862424148B70 -- C:\WINDOWS\$NtUninstallKB971486$\ntoskrnl.exe
[2008/08/14 17:11:10 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=31914172342BFF330063F343AC6958FE -- C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[2008/04/14 08:00:00 | 002,145,280 | ---- | M] (Microsoft Corporation) MD5=40F8880122A030A7E9E1FEDEA833B33D -- C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe
[2009/08/04 11:13:08 | 002,145,280 | ---- | M] (Microsoft Corporation) MD5=78FCC97CD878D4CF5B5D2158A5A7CF92 -- C:\WINDOWS\system32\ntoskrnl.exe
[2009/08/04 20:44:46 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=8415D9C7C050E7022AED8ABF281BE4A6 -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[2009/08/04 20:44:46 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=8415D9C7C050E7022AED8ABF281BE4A6 -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[2009/02/07 19:35:26 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EFE8EACE83EAAD5849A7A548FB75B584 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2008/08/14 06:09:26 | 002,145,280 | ---- | M] (Microsoft Corporation) MD5=F6F8245B3A2E9CA834DD318E7AE0C6D0 -- C:\WINDOWS\$NtUninstallKB956572$\ntoskrnl.exe
[2009/08/04 09:56:10 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=FDE779EA1A564EBFE16F4E0F82B61BAD -- C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

< MD5 for: SCECLI.DLL >
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %SYSTEMDRIVE%\*.* >
[2010/03/11 19:22:47 | 000,058,170 | ---- | M] () -- C:\aaw7boot.log
[2008/12/11 20:46:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/11 22:45:25 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log
[2010/02/02 01:44:33 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/29 14:44:37 | 000,550,528 | ---- | M] () -- C:\bootex.log
[2008/12/11 20:46:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/11 20:46:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/08 12:44:25 | 000,112,913 | ---- | M] () -- C:\ituneslib.itl
[2008/12/11 20:46:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/12/11 23:16:00 | 000,000,227 | ---- | M] () -- C:\sedinst2.log
[2010/02/01 23:16:15 | 000,008,864 | ---- | M] () -- C:\work.log

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/12/11 15:25:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/12/11 15:25:32 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/12/11 15:25:32 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:38 AM

Posted 02 April 2010 - 10:05 PM

The registry is corrupted. Open Notepad. Select Format from the menu. Make sure WordWrap is not selected.
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as Query.bat
  • Change the Save as Type to All Files
  • and Save it in the Flash drive. For Safety reasons, please do not save or run this file in a working computer, but rather save it directly to the flash drive.
QUOTE
Dir C:\WINDOWS\System32\config\*.* >C:\Log.txt
Ren C:\WINDOWS\System32\config\System System.000
Dir "C:\System Volume Information" /s >>C:\Log.txt
Ren C:\WINDOWS\System32\config\System.000 System
If exist C:\WINDOWS\ERDNT Dir C:\WINDOWS\ERDNT\*.* /s >>C:\Log.txt
If exist C:\WINDOWS\ERDNT\hiv-backup Type C:\WINDOWS\ERDNT\hiv-backup\ERDNT.con >>C:\Log.txt
Dir C:\Windows\NTLDR /s >>C:\Log.txt
Del %0


While in the Reatogo desktop, navigate to the Flash drive and double click on the Query.bat. If all goes well the batch file will disappear and a Log.txt will be saved in the C:\ folder. Copy that file to the flash drive and post its contents in your next reply

If the file is too large to post, please scroll down in your replay to attachments, and attach the report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Crono139

Crono139
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 02 April 2010 - 11:47 PM

Log.txt file attached.

Attached Files

  • Attached File  Log.txt   232.91KB   11 downloads

Edited by Crono139, 02 April 2010 - 11:48 PM.


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:38 AM

Posted 03 April 2010 - 10:08 AM

I will attempt to restore the registry to its state as of March 13, 2010. Open Notepad. Select Format from the menu. Make sure WordWrap is not selected.
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as Fix.bat
  • Change the Save as Type to All Files
  • and Save it in the Flash drive. For Safety reasons, please do not save or run this file in a working computer, but rather save it directly to the flash drive.
[codebox]MD C:\Backup
Ren C:\WINDOWS\System32\config\SYSTEM SYSTEM.001
Copy "C:\System Volume Information\_restore{DD32E3B0-39EC-49CE-AA42-8DFC65D67DA7}\RP37\snapshot\_REGISTRY_MACHINE_SAM" C:\Backup
Copy "C:\System Volume Information\_restore{DD32E3B0-39EC-49CE-AA42-8DFC65D67DA7}\RP37\snapshot\_REGISTRY_MACHINE_SECURITY" C:\Backup
Copy "C:\System Volume Information\_restore{DD32E3B0-39EC-49CE-AA42-8DFC65D67DA7}\RP37\snapshot\_REGISTRY_MACHINE_SOFTWARE" C:\Backup
Copy "C:\System Volume Information\_restore{DD32E3B0-39EC-49CE-AA42-8DFC65D67DA7}\RP37\snapshot\_REGISTRY_MACHINE_SYSTEM" C:\Backup
Copy "C:\System Volume Information\_restore{DD32E3B0-39EC-49CE-AA42-8DFC65D67DA7}\RP37\snapshot\_REGISTRY_USER_.DEFAULT" C:\Backup
Ren C:\WINDOWS\System32\config\SAM SAM.001
Ren C:\WINDOWS\System32\config\SECURITY SECURITY.001
Ren C:\WINDOWS\System32\config\SOFTWARE SOFTWARE.001
Ren C:\WINDOWS\System32\config\DEFAULT DEFAULT.001
Copy C:\Backup\_REGISTRY_MACHINE_SAM C:\WINDOWS\System32\config\SAM
Copy C:\Backup\_REGISTRY_MACHINE_SECURITY C:\WINDOWS\System32\config\SECURITY
Copy C:\Backup\_REGISTRY_MACHINE_SOFTWARE C:\WINDOWS\System32\config\SOFTWARE
Copy C:\Backup\_REGISTRY_USER_.DEFAULT C:\WINDOWS\System32\config\DEFAULT
Copy C:\Backup\_REGISTRY_MACHINE_SYSTEM C:\WINDOWS\System32\config\SYSTEM
Dir C:\WINDOWS\System32\config\*.* >Log.txt
Del %0[/codebox]

While in the Reatogo desktop, navigate to the Flash drive and double click on the Fix.bat. If all goes well the batch file will disappear and a Log.txt will be saved in the C:\ folder. Copy that file to the flash drive and post its contents in your next reply

Edited by JSntgRvr, 03 April 2010 - 11:21 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 Crono139

Crono139
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 03 April 2010 - 10:45 AM

Log.txt file attached.

Attached Files

  • Attached File  Log.txt   232.91KB   9 downloads


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:38 AM

Posted 03 April 2010 - 10:52 AM

That is the same log you posted before. If you ran the last batch file (Fix.bat), follow these steps:

Copy these instructions in the flash drive.

Restart the computer back to the OTLPE CD.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      Userinit.exe
      Explorer.exe
      SCLWAPI.dll
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\System32\config\*.sav
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 Crono139

Crono139
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 03 April 2010 - 11:08 AM

OTL logfile created on: 4/3/2010 11:56:37 AM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
(Version = .) - Type =
Internet Explorer (Version = )
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 270.00 Mb Available Physical Memory | 53.00% Memory free
458.00 Mb Paging File | 294.00 Mb Available in Paging File | 64.00% Paging File free
Paging file location(s): Reg Error: Key error.

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 4.66 Gb Free Space | 6.25% Space Free | Partition Type: NTFS
Drive D: | 1.89 Gb Total Space | 1.73 Gb Free Space | 91.56% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Unable to determine ControlSet!

========== Win32 Services (SafeList) ==========


========== Driver Services (All) ==========


========== Standard Registry (All) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/03/12 20:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/24 21:26:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/01 19:24:53 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2008/12/14 23:39:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2010/02/24 21:25:55 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/02/24 21:25:56 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/25 12:41:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008/12/14 23:38:48 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/25 12:41:24 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/09/25 12:41:34 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/02/24 21:26:14 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/12/21 19:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/12 12:39:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/12 12:39:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/12 12:39:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/12 12:39:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/12 12:39:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/12 12:39:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/12 12:39:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/09/25 12:41:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2010/02/24 21:26:19 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/02/24 21:26:19 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/06/11 08:57:56 | 000,002,221 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml
[2010/02/24 21:26:19 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/02/24 21:26:19 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/02/24 21:26:19 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/02/24 21:26:19 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/02/24 21:26:19 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/06/27 00:48:06 | 000,307,205 | R--- | M]) - C:\Windows\System32\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10575 more lines...
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O13 - ftp Prefix: missing
O13 - gopher Prefix: missing
O13 - home Prefix: missing
O13 - mosaic Prefix: missing
O13 - www Prefix: missing
O20 - HKLM Winlogon: Shell - ( ) - (Registry key not found)
O20 - HKLM Winlogon: UserInit - ( ) - (Registry key not found)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2008/12/11 20:46:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O37 - HKLM\...com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
O37 - HKLM\...exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/03 11:41:15 | 000,000,000 | ---D | C] -- C:\Backup
[2010/03/12 16:56:14 | 000,000,000 | ---D | C] -- C:\Windows\tmp
[2010/03/09 04:00:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\oodag
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/12 21:17:52 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-152049171-1801674531-1003UA.job
[2010/03/12 21:12:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/12 21:01:15 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\Scheduled Update for Ask Toolbar.job
[2010/03/12 21:00:01 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/03/12 20:17:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-152049171-1801674531-1003Core.job
[2010/03/12 20:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/03/12 19:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/03/12 18:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/03/12 17:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/03/12 16:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/03/12 15:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/03/12 14:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/03/12 13:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/03/12 12:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/03/12 11:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/03/12 10:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/03/12 09:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/03/12 08:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/03/12 07:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/03/12 06:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/03/12 05:11:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/12 05:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/03/12 04:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/03/12 03:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/03/12 02:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/03/12 01:02:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/03/12 00:00:01 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/03/11 23:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/03/11 22:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/03/11 19:26:00 | 000,050,868 | ---- | M] () -- C:\Windows\System32\nvapps.xml
[2010/03/11 19:25:41 | 000,013,646 | ---- | M] () -- C:\Windows\System32\wpa.dbl
[2010/03/11 19:24:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/11 19:23:19 | 000,002,048 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/11 19:22:48 | 000,332,379 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010/03/09 15:32:16 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/06 13:23:06 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\Windows\System32\zurokimi
[2010/01/31 18:42:04 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/10/26 00:38:06 | 000,000,037 | ---- | C] () -- C:\Windows\avitozuneconverter.ini
[2008/12/16 16:55:29 | 000,000,754 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/12/16 15:50:23 | 004,762,112 | ---- | C] () -- C:\Windows\System32\NCMedia.dll
[2008/12/16 15:50:23 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/16 15:50:23 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2008/11/21 17:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2006/05/12 14:23:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll
[2006/04/26 20:48:00 | 001,662,976 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2006/04/26 20:48:00 | 001,466,368 | ---- | C] () -- C:\Windows\System32\nview.dll
[2006/04/26 20:48:00 | 001,019,904 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2006/04/26 20:48:00 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvshell.dll
[2006/04/26 20:48:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\nvapi.dll
[2002/05/16 00:29:04 | 000,000,607 | ---- | C] () -- C:\Windows\System32\BTNeighborhood.dll.manifest
[2001/11/23 19:18:00 | 000,000,597 | ---- | C] () -- C:\Windows\System32\btcss.dll.manifest
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/03/09 15:32:16 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/03/12 01:02:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/03/12 10:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/03/12 11:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/03/12 12:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/03/12 13:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/03/12 14:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/03/12 15:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/03/12 16:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/03/12 17:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/03/12 18:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/03/12 19:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/03/12 02:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/03/12 20:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/03/12 21:00:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/03/11 22:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/03/11 23:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/03/12 00:00:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/03/12 03:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/03/12 04:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/03/12 05:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/03/12 06:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/03/12 07:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/03/12 08:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/03/12 09:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/03/12 21:01:15 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2009/05/15 16:17:02 | 000,032,768 | ---- | M] (Panasonic Corporation) MD5=18312FA8B6AAEC330A2A9483A77FF650 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 4.0 HD\HDWTools\EventLog.dll
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2009/06/30 21:14:04 | 000,043,008 | ---- | M] (Panasonic Corporation) MD5=A1CA50875E94802D0B7EC87708201320 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 4.0 HD\Core\EventLog\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %SYSTEMDRIVE%\*.* >
[2010/03/11 19:22:47 | 000,058,170 | ---- | M] () -- C:\aaw7boot.log
[2008/12/11 20:46:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/11 22:45:25 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log
[2010/02/02 01:44:33 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/29 14:44:37 | 000,550,528 | ---- | M] () -- C:\bootex.log
[2008/12/11 20:46:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/11 20:46:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/08 12:44:25 | 000,112,913 | ---- | M] () -- C:\ituneslib.itl
[2008/12/11 20:46:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/12/11 23:16:00 | 000,000,227 | ---- | M] () -- C:\sedinst2.log
[2010/02/01 23:16:15 | 000,008,864 | ---- | M] () -- C:\work.log

< %systemroot%\System32\config\*.sav >
[2008/12/11 15:25:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/12/11 15:25:32 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/12/11 15:25:32 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2010/03/09 15:32:16 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/03/06 13:23:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2010/03/12 01:02:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/03/12 10:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/03/12 11:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/03/12 12:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/03/12 13:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/03/12 14:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/03/12 15:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/03/12 16:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/03/12 17:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/03/12 18:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/03/12 19:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/03/12 02:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/03/12 20:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/03/12 21:00:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/03/11 22:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/03/11 23:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/03/12 00:00:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/03/12 03:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/03/12 04:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/03/12 05:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/03/12 06:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/03/12 07:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/03/12 08:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/03/12 09:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/03/12 05:11:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010/03/12 21:12:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2010/03/12 20:17:01 | 000,000,914 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-152049171-1801674531-1003Core.job
[2010/03/12 21:17:52 | 000,000,966 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-152049171-1801674531-1003UA.job
[2010/03/12 21:01:15 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users