Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Pro won't boot.


  • This topic is locked This topic is locked
21 replies to this topic

#1 Skyty

Skyty

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 27 March 2010 - 10:32 PM

Okay, so today I downloaded and installed some audio recording software (I can't remember what it was called, kinda slipped my mind as soon as my PC stopped working).

Anyways, during the installation it required some drivers to be installed (which I believe is the problem). At the end of the installation the computer needed to be rebooted... this is were all my problems began.

Windows will no longer boot. I tried safe mode, last known working setup or whatever it's called and a normal boot. Nothing works.

When loading it gets to the point were the XP loading bar is going across the screen then a blue screen pops up for a fraction of a second then the PC reboots.

I did some Google searching but didn't find much...

Anyways, Thanks in advance for any assistance!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:27 AM

Posted 28 March 2010 - 12:52 AM

QUOTE
I downloaded and installed some audio recording software

Legit one, or some torrent one?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:27 PM

Posted 28 March 2010 - 07:42 AM

Hello, lets see if we can find out what is causing the problem. I am moving this topic to a more appropriate forum.

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Use Safelist
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Skyty

Skyty
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 28 March 2010 - 11:54 AM

@Broni: I didn't download a torrent or anything.

@Elise025: I'll give that a try. Do you believe this to be a Trojan/Virus, and not an issue with the software I installed?

This process will not erase all my data on my hard drive correct?


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:27 PM

Posted 28 March 2010 - 12:10 PM

No, it won't erase a thing. But even if this software is the culprit, it will give us at least the possibility to stop the driver that causes the problem.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Skyty

Skyty
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 28 March 2010 - 12:34 PM

Okay, quick question.

When I get to the step:
'When asked "Do you wish to load the remote registry", select Yes'

After that it says 'Select User Profile' then it lists LocalService, NetworkService, systemprofile, and XP Professional. Which one should I select?

Oh and I made sure "Automatically Load All Remaining Users" is checked.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:27 PM

Posted 28 March 2010 - 12:39 PM

QUOTE
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
Is that box not there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Skyty

Skyty
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 28 March 2010 - 12:44 PM

Yeah, it's there, should I just press okay? I wasn't sure if I needed to do anything else.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:27 PM

Posted 28 March 2010 - 12:52 PM

Yes, that has to be checked and you click Okay smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Skyty

Skyty
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 28 March 2010 - 02:55 PM

Okay, here's the report I got.

OTL logfile created on: 3/28/2010 2:54:16 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 456.69 Gb Total Space | 152.37 Gb Free Space | 33.36% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 445.05 Gb Free Space | 95.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 9.07 Gb Total Space | 1.24 Gb Free Space | 13.64% Space Free | Partition Type: NTFS
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/11/04 00:56:58 | 000,360,960 | ---- | M] (iZ3D Inc.) [Auto] -- C:\Program Files\iZ3D Driver\Win32\S3DCService.exe -- (S3D Service (Win32)) S3D Service (Win32)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/10/15 11:32:58 | 000,237,784 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2007/04/05 21:35:40 | 001,543,614 | ---- | M] () [Auto] -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2007/02/20 15:11:28 | 000,815,104 | ---- | M] (Hauppauge Computer Works) [On_Demand] -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GarenaPEngine)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/09/22 23:42:16 | 000,034,968 | ---- | M] () [Kernel | System] -- C:\Program Files\iZ3D Driver\Win32\S3DInjectionDriver.sys -- (iZ3DInjectionDriver)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/06/23 11:01:42 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/06/23 11:01:40 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/23 11:01:40 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/01/04 23:05:33 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/13 18:49:14 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/03/26 15:55:28 | 000,018,376 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\DScaler\DSDrv4.sys -- (DSDrv4)
DRV - [2008/01/28 17:44:04 | 000,384,896 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2007/12/20 19:00:06 | 004,637,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/30 13:07:22 | 000,242,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/02/26 21:15:21 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006/11/11 02:25:19 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto] -- C:\WINDOWS\system32\drivers\thdudf.sys -- (thdudf)
DRV - [2006/04/10 14:02:00 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/01/07 18:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:59:44 | 000,095,360 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 17:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/05/13 09:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/05/13 07:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 11:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 08:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2002/09/27 07:53:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/09 20:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)
DRV - [2001/08/23 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\XP_Professional_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\XP_Professional_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\XP_Professional_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\XP_Professional_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - HKLM\software\mozilla\Firefox\extensions\\{D06DB3AD-3A6F-4366-A320-E88C7DD6A5FE}: C:\Documents and Settings\XP Professional\Local Settings\Application Data\{D06DB3AD-3A6F-4366-A320-E88C7DD6A5FE} [2010/02/18 22:12:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\FirefoxPortable\App\firefox\components [2009/07/26 22:27:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\FirefoxPortable\App\firefox\plugins [2009/07/30 10:07:42 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/07/21 14:29:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - {cd8373f2-106a-c399-44cb-e181801ce194} - C:\WINDOWS\ixatafabizagov.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\XP_Professional_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\XP_Professional_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Eciraxixibabud] C:\WINDOWS\ixatafabizagov.DLL (Sonic Solutions)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKU\XP_Professional_ON_C..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKU\XP_Professional_ON_C..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKU\XP_Professional_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [NSSInstallation] C:\WINDOWS\System32\Adobe\Shockwave 11\nssstub.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\XP_Professional_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\XP_Professional_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\XP_Professional_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/18 15:48:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/27 22:48:27 | 000,487,936 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmbe3260.dll
[2010/03/27 22:48:27 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010/03/27 22:48:27 | 000,352,768 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pngu3263.dll
[2010/03/27 22:48:27 | 000,131,072 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pneng50.dll
[2010/03/27 22:48:27 | 000,130,560 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pnc3250.dll
[2010/03/27 22:48:27 | 000,087,040 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\ra32sipr.dll
[2010/03/27 22:48:27 | 000,085,504 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\encdnet.dll
[2010/03/27 22:48:27 | 000,081,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\ra3214_4.dll
[2010/03/27 22:48:27 | 000,072,704 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\ra3228_8.dll
[2010/03/27 22:48:27 | 000,061,952 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\decdnet.dll
[2010/03/27 22:48:27 | 000,021,504 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\ra32dnet.dll
[2010/03/27 22:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2010/03/27 22:45:55 | 000,033,792 | ---- | C] (Team H2O) -- C:\WINDOWS\System32\drivers\cledx.sys
[2010/03/27 22:45:45 | 000,016,896 | ---- | C] (Syncrosoft GmbH) -- C:\WINDOWS\System32\drivers\synasUSB.sys
[2010/03/27 22:45:44 | 000,045,056 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\WINDOWS\System32\Synsopos.exe
[2010/03/27 22:45:43 | 000,704,512 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\WINDOWS\System32\SYNSOACC.dll
[2010/03/27 22:45:43 | 000,147,456 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\WINDOWS\System32\SynsoLChk.dll
[2010/03/27 22:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Syncrosoft
[2010/03/27 21:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP Professional\Desktop\Cubase[1].SX.v3.1.1.944-Warez__AU
[2010/03/17 00:32:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/03 16:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP Professional\Desktop\Call of Duty 5
[2010/03/01 20:52:28 | 000,285,696 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\cudart.dll
[2010/03/01 20:52:28 | 000,027,136 | ---- | C] (CPUID) -- C:\WINDOWS\System32\PCWizard.cpl
[2010/03/01 20:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010/03/01 13:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP Professional\My Documents\BFBC2
[2010/03/01 12:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP Professional\Desktop\0227_rld_bbc2
[2010/03/01 00:43:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\XP Professional\Recent
[2010/02/26 18:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/26 18:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/28 14:56:12 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/03/27 22:48:32 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\Cubase SX 3.lnk
[2010/03/27 22:46:47 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\Install_NSS.lnk
[2010/03/27 22:46:47 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/03/27 22:44:42 | 014,942,208 | -H-- | M] () -- C:\Documents and Settings\XP Professional\NTUSER.DAT
[2010/03/27 22:37:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-861567501-839522115-1003UA.job
[2010/03/27 22:32:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/27 22:32:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/27 22:19:21 | 149,241,952 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\Sony_Acid_Pro_7.rar
[2010/03/27 21:45:10 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\Cubase[1].SX.v3.1.1.944-Warez__AU.part1.rar
[2010/03/27 21:39:35 | 025,796,137 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\Cubase[1].SX.v3.1.1.944-Warez__AU.part2.rar
[2010/03/27 21:37:20 | 018,161,322 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\MkXL_Editor_100E.zip
[2010/03/27 21:32:28 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Tvuweqehex.dat
[2010/03/27 21:32:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Efucup.bin
[2010/03/27 16:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/26 23:37:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-861567501-839522115-1003Core.job
[2010/03/26 17:00:00 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\rrcnkwbi.job
[2010/03/25 16:48:01 | 000,007,163 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\break_free.gp3
[2010/03/21 22:29:25 | 734,187,520 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\dmd-na.avi
[2010/03/21 03:49:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2010/03/19 17:51:37 | 000,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/03/19 17:30:02 | 000,138,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/03/15 18:28:34 | 000,033,736 | ---- | M] () -- C:\Documents and Settings\XP Professional\My Documents\onerepublic.rtf
[2010/03/15 18:14:52 | 000,011,992 | ---- | M] () -- C:\Documents and Settings\XP Professional\My Documents\Hero.rtf
[2010/03/14 12:43:23 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 12:43:23 | 000,441,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 12:43:23 | 000,071,612 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 12:41:12 | 000,249,318 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/14 12:41:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/14 12:41:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/14 12:41:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/09 15:59:40 | 035,375,199 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\ESET NOD32 Smart Security Suite PressPush123.rar
[2010/03/04 12:50:38 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/03/04 12:50:31 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\XP Professional\ntuser.ini
[2010/03/03 14:22:40 | 000,024,528 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\what_the_world_will_never_take.gp5
[2010/03/03 13:57:03 | 000,031,580 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\halo_theme_solo.gp3
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/27 22:48:32 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\Cubase SX 3.lnk
[2010/03/27 22:46:47 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\Install_NSS.lnk
[2010/03/27 22:45:47 | 000,147,425 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Aide.chm
[2010/03/27 22:45:47 | 000,120,468 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Hilfe.chm
[2010/03/27 22:45:47 | 000,114,279 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Help.chm
[2010/03/27 21:47:40 | 149,241,952 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\Sony_Acid_Pro_7.rar
[2010/03/27 21:42:05 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\Cubase[1].SX.v3.1.1.944-Warez__AU.part1.rar
[2010/03/27 21:39:15 | 025,796,137 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\Cubase[1].SX.v3.1.1.944-Warez__AU.part2.rar
[2010/03/27 21:35:03 | 018,161,322 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\MkXL_Editor_100E.zip
[2010/03/25 16:48:03 | 000,007,163 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\break_free.gp3
[2010/03/21 18:41:45 | 734,187,520 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\dmd-na.avi
[2010/03/15 18:28:31 | 000,033,736 | ---- | C] () -- C:\Documents and Settings\XP Professional\My Documents\onerepublic.rtf
[2010/03/15 18:14:49 | 000,011,992 | ---- | C] () -- C:\Documents and Settings\XP Professional\My Documents\Hero.rtf
[2010/03/14 12:42:14 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/03/09 15:57:54 | 035,375,199 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\ESET NOD32 Smart Security Suite PressPush123.rar
[2010/03/03 14:22:42 | 000,024,528 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\what_the_world_will_never_take.gp5
[2010/03/03 13:57:06 | 000,031,580 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\halo_theme_solo.gp3
[2010/03/01 20:52:28 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll
[2010/02/26 18:22:30 | 000,000,904 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/26 18:22:29 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/10 23:16:10 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/11/09 22:14:53 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2009/09/17 19:32:45 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\PCGW32.DLL
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/04/22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/12/16 19:37:18 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/10/06 21:53:37 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/10/06 21:53:37 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/10/06 21:53:37 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/10/06 21:53:37 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/10/05 23:55:26 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\XP Professional\Application Data\winscp.rnd
[2008/09/30 16:33:26 | 000,000,040 | -H-- | C] () -- C:\Documents and Settings\XP Professional\Application Data\iPodAccessv4_OwnerName
[2008/09/30 12:54:31 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\XP Professional\Application Data\iPod Access v4 Prefs
[2008/09/30 12:47:56 | 000,000,011 | -H-- | C] () -- C:\Documents and Settings\XP Professional\Application Data\iPodAccess_Time
[2008/09/17 22:07:52 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/09/12 16:55:10 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WorldBuilder.INI
[2008/09/10 03:01:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/11 20:17:46 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/07/15 21:15:18 | 000,000,008 | ---- | C] () -- C:\WINDOWS\d392.sys
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/04/24 10:37:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/04/24 10:37:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/04/24 10:37:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/04/24 10:37:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/04/24 10:37:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/04/24 10:37:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/03/31 17:28:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/03/24 20:05:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/03/24 20:05:29 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/24 20:05:28 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2008/03/24 20:05:15 | 000,002,321 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008/03/24 20:04:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/03/24 19:56:13 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2008/03/20 18:09:56 | 000,001,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/09 16:14:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\mf.dll
[2008/03/04 19:24:00 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/02/21 14:01:56 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/02/19 23:48:27 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/02/12 18:14:51 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\VGANGMJYMWSN.SYS
[2008/01/30 19:26:18 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/01/22 13:27:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedit.INI
[2008/01/21 23:50:46 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/01/21 23:50:45 | 000,564,224 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/01/21 23:50:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/21 23:50:44 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/21 23:50:44 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/19 00:52:05 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\XP Professional\Application Data\PnkBstrK.sys
[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/03 16:59:44 | 000,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/07/17 05:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2009/04/10 17:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\GameTracker
[2008/12/13 02:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Activision
[2008/07/15 21:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\avidemux
[2009/11/09 22:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\BITS
[2008/01/28 21:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Command & Conquer 3 Tiberium Wars
[2008/01/19 00:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\DAEMON Tools
[2009/03/03 23:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\DiskAid
[2008/10/12 19:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Disney Interactive Studios
[2009/11/28 23:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\DMCache
[2008/05/07 13:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\FileZilla
[2009/11/09 22:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\FlashGetBHO
[2009/09/27 12:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\FrostWire
[2008/07/15 21:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\gtk-2.0
[2008/06/26 17:54:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\XP Professional\Application Data\ijjigame
[2009/07/21 15:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\ImgBurn
[2009/09/17 19:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\iZ3D Driver
[2008/09/22 15:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Leadertech
[2008/11/21 19:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Mp3tag
[2008/11/29 11:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\MSNInstaller
[2008/02/01 19:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\NHN Corporation
[2009/01/01 13:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\OpenOffice.org
[2008/02/27 00:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Opera
[2008/10/31 14:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Red Alert 3
[2008/11/16 23:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Red Kawa
[2008/03/06 23:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\SEGA
[2008/09/06 22:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\SPORE
[2008/12/04 22:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Thinstall
[2008/05/07 18:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Touchstone
[2008/03/01 21:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Ubisoft
[2010/03/24 15:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\uTorrent
[2010/03/21 03:49:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2010/03/27 22:46:47 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2010/03/26 17:00:00 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\rrcnkwbi.job
[2009/07/21 14:29:36 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========


< End of report >


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:27 PM

Posted 28 March 2010 - 03:01 PM

If the new software is the culprit or not, remains to be seen, but sure is you have a nasty rootkit on board that most likely is causing the boot problem.

First we need to look for a replacement copy so we can replace the infected harddisk controller driver.

Re-run OTLPE and copy/paste the text in the codebox below into the "custom scan/fix" field. Click None and Run Scan
CODE
/md5start
atapi.sys
/md5stop
Afterwards post me the log please. It will be shorter than the first one.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Skyty

Skyty
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 28 March 2010 - 03:54 PM

Okay, here's the log.

OTL logfile created on: 3/28/2010 5:44:31 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 456.69 Gb Total Space | 152.37 Gb Free Space | 33.36% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 445.05 Gb Free Space | 95.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 9.07 Gb Total Space | 1.24 Gb Free Space | 13.64% Space Free | Partition Type: NTFS
Drive K: | 3.73 Gb Total Space | 2.43 Gb Free Space | 65.08% Space Free | Partition Type: FAT32
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/11/04 00:56:58 | 000,360,960 | ---- | M] (iZ3D Inc.) [Auto] -- C:\Program Files\iZ3D Driver\Win32\S3DCService.exe -- (S3D Service (Win32)) S3D Service (Win32)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/10/15 11:32:58 | 000,237,784 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2007/04/05 21:35:40 | 001,543,614 | ---- | M] () [Auto] -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2007/02/20 15:11:28 | 000,815,104 | ---- | M] (Hauppauge Computer Works) [On_Demand] -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GarenaPEngine)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/09/22 23:42:16 | 000,034,968 | ---- | M] () [Kernel | System] -- C:\Program Files\iZ3D Driver\Win32\S3DInjectionDriver.sys -- (iZ3DInjectionDriver)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/06/23 11:01:42 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/06/23 11:01:40 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/23 11:01:40 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/01/04 23:05:33 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/13 18:49:14 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/03/26 15:55:28 | 000,018,376 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\DScaler\DSDrv4.sys -- (DSDrv4)
DRV - [2008/01/28 17:44:04 | 000,384,896 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2007/12/20 19:00:06 | 004,637,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/30 13:07:22 | 000,242,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/02/26 21:15:21 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006/11/11 02:25:19 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto] -- C:\WINDOWS\system32\drivers\thdudf.sys -- (thdudf)
DRV - [2006/04/10 14:02:00 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/01/07 18:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:59:44 | 000,095,360 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 17:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/05/13 09:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/05/13 07:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 11:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 08:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2002/09/27 07:53:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/09 20:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)
DRV - [2001/08/23 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\XP_Professional_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\XP_Professional_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\XP_Professional_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\XP_Professional_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - HKLM\software\mozilla\Firefox\extensions\\{D06DB3AD-3A6F-4366-A320-E88C7DD6A5FE}: C:\Documents and Settings\XP Professional\Local Settings\Application Data\{D06DB3AD-3A6F-4366-A320-E88C7DD6A5FE} [2010/02/18 22:12:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\FirefoxPortable\App\firefox\components [2009/07/26 22:27:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\FirefoxPortable\App\firefox\plugins [2009/07/30 10:07:42 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/07/21 14:29:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - {cd8373f2-106a-c399-44cb-e181801ce194} - C:\WINDOWS\ixatafabizagov.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\XP_Professional_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\XP_Professional_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Eciraxixibabud] C:\WINDOWS\ixatafabizagov.DLL (Sonic Solutions)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKU\XP_Professional_ON_C..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKU\XP_Professional_ON_C..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKU\XP_Professional_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [NSSInstallation] C:\WINDOWS\System32\Adobe\Shockwave 11\nssstub.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\XP_Professional_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\XP_Professional_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\XP_Professional_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/18 15:48:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/27 22:48:27 | 000,487,936 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmbe3260.dll
[2010/03/27 22:48:27 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010/03/27 22:48:27 | 000,352,768 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pngu3263.dll
[2010/03/27 22:48:27 | 000,131,072 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pneng50.dll
[2010/03/27 22:48:27 | 000,130,560 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pnc3250.dll
[2010/03/27 22:48:27 | 000,087,040 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\ra32sipr.dll
[2010/03/27 22:48:27 | 000,085,504 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\encdnet.dll
[2010/03/27 22:48:27 | 000,081,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\ra3214_4.dll
[2010/03/27 22:48:27 | 000,072,704 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\ra3228_8.dll
[2010/03/27 22:48:27 | 000,061,952 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\decdnet.dll
[2010/03/27 22:48:27 | 000,021,504 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\ra32dnet.dll
[2010/03/27 22:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2010/03/27 22:45:55 | 000,033,792 | ---- | C] (Team H2O) -- C:\WINDOWS\System32\drivers\cledx.sys
[2010/03/27 22:45:45 | 000,016,896 | ---- | C] (Syncrosoft GmbH) -- C:\WINDOWS\System32\drivers\synasUSB.sys
[2010/03/27 22:45:44 | 000,045,056 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\WINDOWS\System32\Synsopos.exe
[2010/03/27 22:45:43 | 000,704,512 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\WINDOWS\System32\SYNSOACC.dll
[2010/03/27 22:45:43 | 000,147,456 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\WINDOWS\System32\SynsoLChk.dll
[2010/03/27 22:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Syncrosoft
[2010/03/27 21:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP Professional\Desktop\Cubase[1].SX.v3.1.1.944-Warez__AU
[2010/03/17 00:32:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/03 16:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP Professional\Desktop\Call of Duty 5
[2010/03/01 20:52:28 | 000,285,696 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\cudart.dll
[2010/03/01 20:52:28 | 000,027,136 | ---- | C] (CPUID) -- C:\WINDOWS\System32\PCWizard.cpl
[2010/03/01 20:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010/03/01 13:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP Professional\My Documents\BFBC2
[2010/03/01 12:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP Professional\Desktop\0227_rld_bbc2
[2010/03/01 00:43:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\XP Professional\Recent
[2010/02/26 18:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/26 18:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/28 14:56:12 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/03/27 22:48:32 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\Cubase SX 3.lnk
[2010/03/27 22:46:47 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\Install_NSS.lnk
[2010/03/27 22:46:47 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/03/27 22:44:42 | 014,942,208 | -H-- | M] () -- C:\Documents and Settings\XP Professional\NTUSER.DAT
[2010/03/27 22:37:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-861567501-839522115-1003UA.job
[2010/03/27 22:32:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/27 22:32:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/27 22:19:21 | 149,241,952 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\Sony_Acid_Pro_7.rar
[2010/03/27 21:45:10 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\Cubase[1].SX.v3.1.1.944-Warez__AU.part1.rar
[2010/03/27 21:39:35 | 025,796,137 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\Cubase[1].SX.v3.1.1.944-Warez__AU.part2.rar
[2010/03/27 21:37:20 | 018,161,322 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\MkXL_Editor_100E.zip
[2010/03/27 21:32:28 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Tvuweqehex.dat
[2010/03/27 21:32:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Efucup.bin
[2010/03/27 16:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/26 23:37:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-861567501-839522115-1003Core.job
[2010/03/26 17:00:00 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\rrcnkwbi.job
[2010/03/25 16:48:01 | 000,007,163 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\break_free.gp3
[2010/03/21 22:29:25 | 734,187,520 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\dmd-na.avi
[2010/03/21 03:49:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2010/03/19 17:51:37 | 000,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/03/19 17:30:02 | 000,138,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/03/15 18:28:34 | 000,033,736 | ---- | M] () -- C:\Documents and Settings\XP Professional\My Documents\onerepublic.rtf
[2010/03/15 18:14:52 | 000,011,992 | ---- | M] () -- C:\Documents and Settings\XP Professional\My Documents\Hero.rtf
[2010/03/14 12:43:23 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 12:43:23 | 000,441,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 12:43:23 | 000,071,612 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 12:41:12 | 000,249,318 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/14 12:41:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/14 12:41:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/14 12:41:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/09 15:59:40 | 035,375,199 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\ESET NOD32 Smart Security Suite PressPush123.rar
[2010/03/04 12:50:38 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/03/04 12:50:31 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\XP Professional\ntuser.ini
[2010/03/03 14:22:40 | 000,024,528 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\what_the_world_will_never_take.gp5
[2010/03/03 13:57:03 | 000,031,580 | ---- | M] () -- C:\Documents and Settings\XP Professional\Desktop\halo_theme_solo.gp3
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/27 22:48:32 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\Cubase SX 3.lnk
[2010/03/27 22:46:47 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\Install_NSS.lnk
[2010/03/27 22:45:47 | 000,147,425 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Aide.chm
[2010/03/27 22:45:47 | 000,120,468 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Hilfe.chm
[2010/03/27 22:45:47 | 000,114,279 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Help.chm
[2010/03/27 21:47:40 | 149,241,952 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\Sony_Acid_Pro_7.rar
[2010/03/27 21:42:05 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\Cubase[1].SX.v3.1.1.944-Warez__AU.part1.rar
[2010/03/27 21:39:15 | 025,796,137 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\Cubase[1].SX.v3.1.1.944-Warez__AU.part2.rar
[2010/03/27 21:35:03 | 018,161,322 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\MkXL_Editor_100E.zip
[2010/03/25 16:48:03 | 000,007,163 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\break_free.gp3
[2010/03/21 18:41:45 | 734,187,520 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\dmd-na.avi
[2010/03/15 18:28:31 | 000,033,736 | ---- | C] () -- C:\Documents and Settings\XP Professional\My Documents\onerepublic.rtf
[2010/03/15 18:14:49 | 000,011,992 | ---- | C] () -- C:\Documents and Settings\XP Professional\My Documents\Hero.rtf
[2010/03/14 12:42:14 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/03/09 15:57:54 | 035,375,199 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\ESET NOD32 Smart Security Suite PressPush123.rar
[2010/03/03 14:22:42 | 000,024,528 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\what_the_world_will_never_take.gp5
[2010/03/03 13:57:06 | 000,031,580 | ---- | C] () -- C:\Documents and Settings\XP Professional\Desktop\halo_theme_solo.gp3
[2010/03/01 20:52:28 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll
[2010/02/26 18:22:30 | 000,000,904 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/26 18:22:29 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/10 23:16:10 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/11/09 22:14:53 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2009/09/17 19:32:45 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\PCGW32.DLL
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/04/22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/12/16 19:37:18 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/10/06 21:53:37 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/10/06 21:53:37 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/10/06 21:53:37 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/10/06 21:53:37 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/10/05 23:55:26 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\XP Professional\Application Data\winscp.rnd
[2008/09/30 16:33:26 | 000,000,040 | -H-- | C] () -- C:\Documents and Settings\XP Professional\Application Data\iPodAccessv4_OwnerName
[2008/09/30 12:54:31 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\XP Professional\Application Data\iPod Access v4 Prefs
[2008/09/30 12:47:56 | 000,000,011 | -H-- | C] () -- C:\Documents and Settings\XP Professional\Application Data\iPodAccess_Time
[2008/09/17 22:07:52 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/09/12 16:55:10 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WorldBuilder.INI
[2008/09/10 03:01:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/11 20:17:46 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/07/15 21:15:18 | 000,000,008 | ---- | C] () -- C:\WINDOWS\d392.sys
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/04/24 10:37:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/04/24 10:37:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/04/24 10:37:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/04/24 10:37:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/04/24 10:37:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/04/24 10:37:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/03/31 17:28:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/03/24 20:05:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/03/24 20:05:29 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/24 20:05:28 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2008/03/24 20:05:15 | 000,002,321 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008/03/24 20:04:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/03/24 19:56:13 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2008/03/20 18:09:56 | 000,001,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/09 16:14:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\mf.dll
[2008/03/04 19:24:00 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/02/21 14:01:56 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/02/19 23:48:27 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/02/12 18:14:51 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\VGANGMJYMWSN.SYS
[2008/01/30 19:26:18 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/01/22 13:27:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedit.INI
[2008/01/21 23:50:46 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/01/21 23:50:45 | 000,564,224 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/01/21 23:50:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/21 23:50:44 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/21 23:50:44 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/19 00:52:05 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\XP Professional\Application Data\PnkBstrK.sys
[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/03 16:59:44 | 000,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/07/17 05:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2009/04/10 17:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\GameTracker
[2008/12/13 02:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Activision
[2008/07/15 21:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\avidemux
[2009/11/09 22:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\BITS
[2008/01/28 21:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Command & Conquer 3 Tiberium Wars
[2008/01/19 00:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\DAEMON Tools
[2009/03/03 23:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\DiskAid
[2008/10/12 19:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Disney Interactive Studios
[2009/11/28 23:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\DMCache
[2008/05/07 13:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\FileZilla
[2009/11/09 22:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\FlashGetBHO
[2009/09/27 12:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\FrostWire
[2008/07/15 21:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\gtk-2.0
[2008/06/26 17:54:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\XP Professional\Application Data\ijjigame
[2009/07/21 15:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\ImgBurn
[2009/09/17 19:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\iZ3D Driver
[2008/09/22 15:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Leadertech
[2008/11/21 19:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Mp3tag
[2008/11/29 11:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\MSNInstaller
[2008/02/01 19:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\NHN Corporation
[2009/01/01 13:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\OpenOffice.org
[2008/02/27 00:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Opera
[2008/10/31 14:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Red Alert 3
[2008/11/16 23:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Red Kawa
[2008/03/06 23:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\SEGA
[2008/09/06 22:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\SPORE
[2008/12/04 22:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Thinstall
[2008/05/07 18:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Touchstone
[2008/03/01 21:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\Ubisoft
[2010/03/24 15:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP Professional\Application Data\uTorrent
[2010/03/21 03:49:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2010/03/27 22:46:47 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2010/03/26 17:00:00 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\rrcnkwbi.job
[2009/07/21 14:29:36 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2004/08/03 19:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] () MD5=ABFA4149A2C003D392916A6D2C777276 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< End of report >


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:27 PM

Posted 29 March 2010 - 02:11 AM

Now lets see if we can fix some things smile.gif

Re-run OTLPE and copy/paste the text in the codebox below into the "custom scan/fix" field. Click "Run Scan".
CODE
:files
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\ServicePackFiles\i386\atapi.sys /replace

:otl
O4 - HKLM..\Run: [Eciraxixibabud] C:\WINDOWS\ixatafabizagov.DLL (Sonic Solutions)

:commands
[emptytemp]
Afterwards, try to boot normally and let me know how that goes.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Skyty

Skyty
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 29 March 2010 - 09:59 AM

Hmm... I gave that a shot but I still am running into the same problem

Do you want me to post the log?

Edit: I was looking through the log, and I recognized the name of the program it was Cubase SX 3 or whatever that made me install the driers for the program.

Maybe this will help a bit hahaha.

Edited by Skyty, 29 March 2010 - 10:17 AM.


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:27 PM

Posted 29 March 2010 - 10:13 AM

Yes, please re-run a normal OTLPE scan and post me the new log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users