Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antimalware Doctor screwed up my hard drive


  • This topic is locked This topic is locked
17 replies to this topic

#1 KaZa

KaZa

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 05 May 2010 - 06:01 PM

Hello this is the first time i do this as i normally know what to do. but this time im stumpped. yesterday i got this virus
Antimalware Doctor . so i downloaded a program to stop the virus first then it told me to download malwarebytes program. i ran the virus and i left it running while i ran some errens. when i got back my computer was restarting by itself. well since my keyboard is a usb connection everytime my computer restart it wont let me select an option. so i tried to reformatted. keyboard works fine the first couple of second so that u can choose to boot sequence. so i went into menu so i can choose boot from cd. so i restart it and it ask me.

Boot from CD..............

so due to my keyboard not letting me press anything i cant press to boot from cd so it keeps restarting. over and over and over and over again. i do get a blue screen of death that state my new installation is corrupt

can any one help me please

EDIT: Moved from XP forum to more appropriate Am I Infected ~ Hamluis.

Attached Files


Edited by Pandy, 07 May 2010 - 01:31 PM.
Moved from AII to a more appropriate forum ~Pandy


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:49 PM

Posted 05 May 2010 - 10:34 PM

Hello can you tell me what program you used here
QUOTE
so i downloaded a program



How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 KaZa

KaZa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 06 May 2010 - 04:32 PM

QUOTE(boopme @ May 5 2010, 08:34 PM) View Post
Hello can you tell me what program you used here
QUOTE
so i downloaded a program




rkill from rkill.com and i got all my info on this site actually

http://www.bleepingcomputer.com/virus-remo...imalware-doctor

Automated Removal Instructions for Antimalware Doctor using Malwarebytes' Anti-Malware:


#3. Before we can do anything we must first end the processes that belong to Antimalware Doctor so that it does not interfere with the cleaning procedure. To do this, download the following file to your desktop.

rkill.com Download Link


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:49 PM

Posted 06 May 2010 - 07:14 PM

I've requested someone with more knowledge on an unbootable PC to take a look.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:49 PM

Posted 07 May 2010 - 01:28 PM

Hi KaZa,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as long as we are handling this together as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

Could you please update me about the current condition of your computer?

#6 KaZa

KaZa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 07 May 2010 - 01:43 PM

QUOTE(farbar @ May 7 2010, 11:28 AM) View Post
Hi KaZa,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as long as we are handling this together as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

Could you please update me about the current condition of your computer?



unbootable.

press power button reads hard drive ask me to select

1.xp recovery
2.xp professional

since i cant press anything cause my keyboard dont load it automaticaly it selects my operating system. then it goes to second select screen.

1.safe mode


and my keyboard still wont load so i cant select normal mode so it selects it for me

then the blue screen pops up ( pic i have uploaded) then it shuts down. and its keep going and going in a continous cycle


i cant get into operating system nor safe mode and i hate to loose what i got on hd

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:49 PM

Posted 07 May 2010 - 03:26 PM

Thanks for the update.

You didn't mention it but I assume as far as we are doing this together you don't change anything on you own. So I'll proceed based on the "assumption".

We need to boot into Windows first.
  1. We need to create an OTL Report
  2. If you have Nero:
    • Open Nero SmartStart.
    • Under Applications tab Select Nero Burning Rom
    • In the left pane CD-ROM (ISO) should be highlighted.
    • At the bottom of the open window click Open.
    • In the open window select desktop, highlight the rc.iso file on the desktop and click Open.
    • Put a blank CD in your computer burner and press Burn.
    • When the disk finishes, eject the CD.

  3. If you don't have Nero:
  4. Let me know if it is done.

Edited by farbar, 07 May 2010 - 03:27 PM.


#8 KaZa

KaZa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 08 May 2010 - 05:10 PM

QUOTE(farbar @ May 7 2010, 01:26 PM) View Post
Thanks for the update.

You didn't mention it but I assume as far as we are doing this together you don't change anything on you own. So I'll proceed based on the "assumption".

We need to boot into Windows first.
  1. We need to create an OTL Report
  2. If you have Nero:
    • Open Nero SmartStart.
    • Under Applications tab Select Nero Burning Rom
    • In the left pane CD-ROM (ISO) should be highlighted.
    • At the bottom of the open window click Open.
    • In the open window select desktop, highlight the rc.iso file on the desktop and click Open.
    • Put a blank CD in your computer burner and press Burn.
    • When the disk finishes, eject the CD.
  3. If you don't have Nero:
  4. Let me know if it is done.


Farbar ur assumptions are correct, i wont be doing nothing on my own as we are working together on this. that being said
i have the cd with the iso file in it and im ready for next step. ( step 1 and 2 complete )

Edited by KaZa, 08 May 2010 - 06:09 PM.


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:49 PM

Posted 08 May 2010 - 06:31 PM

To avoid populating the post please don't quote my whole post unless you would like to reply to a part of it and need to quote just that part. Thanks KaZa.

Insert the CD-ROM into the CD-ROM drive, and then restart the computer.
  • Please be patient as "Windows" loads
  • Your system should now display a REATOGO-X-PE desktop.
  • Double click on the OTLPE icon on your desktop.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • On make sure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings.
    • For each section there are three options (None, SafeList and All), set all the sections to "All".
    • Copy and Paste the following code into the Custom Scan section. Do not include the word "Code"  

      Please note:  You can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.

      CODE
      %SYSTEMDRIVE%\windows\tasks\*.job
      /md5start
      disk.sys
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      classpnp.sys
      kbdclass.sys
      /md5stop
    • Push runscan button
    • When finished, the file will be saved  in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the C:\OTL.txt file in your reply.


#10 KaZa

KaZa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 08 May 2010 - 07:57 PM

CODE
OTL logfile created on: 5/8/2010 6:41:22 PM - Run
OTLPE by OldTimer - Version 3.1.38.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 69.00 Mb Available Physical Memory | 27.00% Memory free
215.00 Mb Paging File | 83.00 Mb Available in Paging File | 39.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 25.00 Gb Free Space | 67.12% Space Free | Partition Type: NTFS
Drive D: | 1.83 Gb Total Space | 1.63 Gb Free Space | 88.92% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

[color=#E56717]========== Win32 Services (All) ==========[/color]

SRV - [2010/05/04 20:55:32 | 000,028,672 | ---- | M] () [Auto] -- C:\Program Files\svchost.exe -- (AdbUpd)
SRV - [2010/03/26 04:09:52 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2010/03/19 13:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/12 14:46:12 | 000,345,376 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2009/11/06 22:30:38 | 000,238,952 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/10/27 13:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/08/18 14:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 20:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/07/20 03:10:17 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/10 02:32:40 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/02/09 06:20:34 | 000,399,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/02/09 06:20:34 | 000,399,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/09 06:20:33 | 000,616,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/07/30 00:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 22:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [On_Demand] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 22:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 14:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 14:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/07 16:32:22 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 13:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2008/02/20 01:32:43 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2007/02/05 16:17:02 | 000,185,344 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2006/12/19 17:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2006/12/19 17:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2006/12/19 17:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2006/12/19 14:16:47 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2006/06/22 06:47:18 | 000,181,248 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2006/05/19 08:59:41 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2006/01/03 23:35:05 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2005/08/22 14:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2005/07/08 12:27:56 | 000,249,344 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2005/06/10 19:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2005/05/04 17:45:36 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2004/12/07 15:32:34 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2004/08/04 03:56:57 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2004/08/04 03:56:57 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2004/08/04 03:56:57 | 000,073,216 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2004/08/04 03:56:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2004/08/04 03:56:56 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2004/08/04 03:56:56 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2004/08/04 03:56:55 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2004/08/04 03:56:54 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2004/08/04 03:56:54 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2004/08/04 03:56:53 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2004/08/04 03:56:51 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2004/08/04 03:56:50 | 000,150,016 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2004/08/04 03:56:50 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2004/08/04 03:56:50 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2004/08/04 03:56:50 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2004/08/04 03:56:50 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2004/08/04 03:56:50 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2004/08/04 03:56:50 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2004/08/04 03:56:48 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2004/08/04 03:56:48 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2004/08/04 03:56:48 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2004/08/04 03:56:47 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2004/08/04 03:56:47 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2004/08/04 03:56:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2004/08/04 03:56:46 | 000,359,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2004/08/04 03:56:46 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2004/08/04 03:56:46 | 000,174,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2004/08/04 03:56:46 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2004/08/04 03:56:46 | 000,129,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2004/08/04 03:56:46 | 000,090,624 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2004/08/04 03:56:46 | 000,081,408 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2004/08/04 03:56:46 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2004/08/04 03:56:46 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2004/08/04 03:56:45 | 000,170,496 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2004/08/04 03:56:45 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2004/08/04 03:56:44 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2004/08/04 03:56:44 | 000,382,464 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2004/08/04 03:56:44 | 000,190,976 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2004/08/04 03:56:44 | 000,089,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2004/08/04 03:56:44 | 000,059,904 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2004/08/04 03:56:44 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2004/08/04 03:56:44 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2004/08/04 03:56:44 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2004/08/04 03:56:43 | 000,052,224 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2004/08/04 03:56:43 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2004/08/04 03:56:42 | 000,331,264 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2004/08/04 03:56:42 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2004/08/04 03:56:42 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2004/08/04 03:56:42 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2004/08/04 03:56:42 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2004/08/04 03:56:41 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)
SRV - [2004/08/04 03:56:41 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2004/08/04 03:56:41 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2004/08/04 03:56:41 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2004/08/04 03:56:41 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2001/08/23 13:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
SRV - [2001/08/23 13:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)


[color=#E56717]========== Driver Services (All) ==========[/color]

DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | Disabled] --  -- (ViaIde)
DRV - File not found [Kernel | Disabled] --  -- (ultra)
DRV - File not found [Kernel | Disabled] --  -- (TosIde)
DRV - File not found [Kernel | Disabled] --  -- (symc8xx)
DRV - File not found [Kernel | Disabled] --  -- (symc810)
DRV - File not found [Kernel | Disabled] --  -- (sym_u3)
DRV - File not found [Kernel | Disabled] --  -- (sym_hi)
DRV - File not found [Kernel | Disabled] --  -- (Sparrow)
DRV - File not found [Kernel | Disabled] --  -- (Simbad)
DRV - File not found [Kernel | On_Demand] --  -- (RTL8187B)
DRV - File not found [Kernel | Disabled] --  -- (ql1280)
DRV - File not found [Kernel | Disabled] --  -- (ql1240)
DRV - File not found [Kernel | Disabled] --  -- (ql12160)
DRV - File not found [Kernel | Disabled] --  -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] --  -- (ql1080)
DRV - File not found [Kernel | Disabled] --  -- (perc2hib)
DRV - File not found [Kernel | Disabled] --  -- (perc2)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | Disabled] --  -- (PCIIde)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand] --  -- (MRVW245)
DRV - File not found [Kernel | Disabled] --  -- (mraid35x)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] --  -- (ini910u)
DRV - File not found [Kernel | Disabled] --  -- (i2omp)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | Disabled] --  -- (hpn)
DRV - File not found [Kernel | Disabled] --  -- (dpti2o)
DRV - File not found [Kernel | Disabled] --  -- (dac960nt)
DRV - File not found [Kernel | Disabled] --  -- (dac2w2k)
DRV - File not found [Kernel | Disabled] --  -- (Cpqarray)
DRV - File not found [Kernel | Disabled] --  -- (CmdIde)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | Disabled] --  -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand] --  -- (catchme)
DRV - File not found [Kernel | Disabled] --  -- (Atdisk)
DRV - File not found [Kernel | Disabled] --  -- (asc3550)
DRV - File not found [Kernel | Disabled] --  -- (asc3350p)
DRV - File not found [Kernel | Disabled] --  -- (asc)
DRV - File not found [Kernel | Disabled] --  -- (amsint)
DRV - File not found [Kernel | Disabled] --  -- (AliIde)
DRV - File not found [Kernel | Disabled] --  -- (aic78xx)
DRV - File not found [Kernel | Disabled] --  -- (aic78u2)
DRV - File not found [Kernel | Disabled] --  -- (Aha154x)
DRV - File not found [Kernel | Disabled] --  -- (adpu160m)
DRV - File not found [Kernel | Disabled] --  -- (abp480n5)
DRV - File not found [Kernel | Disabled] --  -- (Abiosdsk)
DRV - [2010/05/04 21:57:42 | 000,823,808 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\onkqjnxu.sys -- (onkqjnxu)
DRV - [2010/05/04 18:57:19 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010/05/04 18:56:15 | 000,081,408 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\zcqomdar7.sys -- (zcqomdar7)
DRV - [2010/04/29 18:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/12/31 12:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/11/02 13:39:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/10/20 10:58:48 | 000,263,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/07/20 00:53:36 | 000,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/06/22 07:34:52 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/05/18 18:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/08/26 13:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2007/12/18 05:51:35 | 000,179,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/09 16:13:00 | 000,038,144 | ---- | M] (Realtek) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\EAPPkt.sys -- (EAPPkt)
DRV - [2007/07/03 20:59:10 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2007/07/03 20:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 20:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 20:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/04/23 06:32:54 | 000,364,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2007/02/09 07:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2006/08/21 05:14:58 | 000,128,896 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2006/06/14 05:00:45 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2006/06/14 04:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2006/06/14 04:47:45 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2006/05/05 05:47:57 | 000,174,592 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2006/02/14 20:22:26 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2005/06/10 00:09:46 | 000,139,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2004/09/29 18:28:37 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/04 04:01:07 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/04 04:01:07 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/04 04:01:07 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/04 02:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2004/08/04 02:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/04 02:15:52 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/04 02:15:20 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2004/08/04 02:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/04 02:14:36 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/04 02:14:31 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/04 02:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/04 02:14:28 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/04 02:14:26 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/04 02:14:22 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/04 02:14:16 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/04 02:14:10 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/04 02:08:46 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2004/08/04 02:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2004/08/04 02:08:42 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/04 02:08:37 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2004/08/04 02:08:05 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2004/08/04 02:07:57 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/04 02:07:47 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 02:07:46 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/04 02:07:46 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440)
DRV - [2004/08/04 02:07:38 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2004/08/04 02:07:38 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2004/08/04 02:07:17 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/04 02:07:16 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/04 02:07:06 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/04 02:06:25 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2004/08/04 02:05:07 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/04 02:05:03 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/04 02:04:57 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/04 02:04:45 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/04 02:04:19 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/04 02:04:12 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/04 02:03:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/04 02:03:12 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/04 02:01:15 | 000,196,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2004/08/04 02:00:46 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/04 02:00:43 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/04 02:00:41 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/04 02:00:31 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/04 02:00:16 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/04 02:00:15 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/04 02:00:06 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)
DRV - [2004/08/04 01:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2004/08/04 01:59:54 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/04 01:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2004/08/04 01:59:41 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2004/08/04 01:59:37 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/08/04 01:59:27 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/04 01:59:27 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/04 01:59:17 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2004/08/04 01:59:07 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2004/08/04 01:59:06 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/04 01:58:41 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2004/08/04 01:58:41 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/04 01:58:40 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2004/08/04 01:58:38 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2004/08/04 01:58:34 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2004/08/04 01:58:32 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/04 01:58:32 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/04 01:58:30 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/04 01:58:30 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/04 01:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/08/23 13:00:00 | 000,125,056 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/23 13:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2001/08/23 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2001/08/23 13:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2001/08/23 13:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2001/08/23 13:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2001/08/23 13:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2001/08/23 13:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2001/08/23 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/23 13:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2001/08/23 13:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/23 13:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2001/08/23 13:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/23 13:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/23 13:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2001/08/23 13:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2001/08/23 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2001/08/23 13:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2001/08/23 13:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2001/08/23 13:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2001/08/23 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2001/08/23 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2001/08/23 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2001/08/23 13:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2001/08/23 13:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2001/08/17 17:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 10:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 08:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Escobar_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Escobar_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Escobar_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\Escobar_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\Escobar_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\Escobar_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Escobar_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 58 85 34 AC E9 CA 01  [binary data]
IE - HKU\Escobar_ON_C\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKU\Escobar_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Escobar_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Escobar_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/20 03:10:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 17:48:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\Firefox [2010/04/14 22:41:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/04/14 22:43:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/04 19:06:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/04 19:06:37 | 000,000,000 | ---D | M]

[2009/08/06 03:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\Mozilla\Extensions
[2009/07/21 22:57:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Escobar\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/06 03:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/19 18:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\Mozilla\Firefox\Profiles\k0ewwiki.default\extensions
[2009/09/02 18:25:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Escobar\Application Data\Mozilla\Firefox\Profiles\k0ewwiki.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/29 20:29:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Escobar\Application Data\Mozilla\Firefox\Profiles\k0ewwiki.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/21 22:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/20 00:24:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/20 00:23:47 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/02/20 00:23:48 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/02/20 00:23:59 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 15:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/02/20 00:24:02 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/02/20 00:24:02 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/02/20 00:24:02 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/02/20 00:24:02 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/02/20 00:24:02 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/02/20 00:24:02 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/02/20 00:24:02 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/05/04 18:57:14 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (C:\WINDOWS\system32\ut478ko117.dll) - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\ut478ko117.dll ()
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\Escobar_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Escobar_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Escobar_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Escobar_ON_C\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O4 - HKLM..\Run: [12958] C:\Documents and Settings\Escobar\Local Settings\Temp\khvcol.exe ()
O4 - HKU\Escobar_ON_C..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Documents and Settings\Escobar\Local Settings\Temp\svchost.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Escobar\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\Escobar\Application Data\1F9EDAC48C3DCD2AAE5322FD61FDAF14\gotnewupdate000.exe (MS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 50pfo = C:\DOCUME~1\Escobar\LOCALS~1\Temp\uxq9by.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Escobar_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Escobar_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Escobar_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\Escobar_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - Reg Error: Key error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.105/FreeRealmsInstaller.cab?v=1049 (SonyOnlineInstallerX)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.164.138,93.188.161.247
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.138,93.188.161.247
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\df2 {219A97F3-D661-4766-B658-646A771AE49E} - Reg Error: Key error. File not found
O18 - Protocol\Handler\df23chat {219A97F3-D661-4766-B658-646A771AE49E} - Reg Error: Key error. File not found
O18 - Protocol\Handler\df3 {219A97F3-D661-4766-B658-646A771AE49E} - Reg Error: Key error. File not found
O18 - Protocol\Handler\df4 {219A97F3-D661-4766-B658-646A771AE49E} - Reg Error: Key error. File not found
O18 - Protocol\Handler\df5 {219A97F3-D661-4766-B658-646A771AE49E} - Reg Error: Key error. File not found
O18 - Protocol\Handler\df5demo {219A97F3-D661-4766-B658-646A771AE49E} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ofpjoin {219A97F3-D661-4766-B658-646A771AE49E} - Reg Error: Key error. File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - kjsfi8sjefiuoshiefyhiusdhfdf - C:\WINDOWS\system32\ut478ko117.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/19 23:37:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- C:\Program Files\alggui.exe "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- C:\Program Files\alggui.exe "%1" %* ()

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/05/04 20:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\scdata
[2010/05/04 20:55:48 | 000,161,792 | ---- | C] (ASC - AntiSpyware) -- C:\Program Files\adc32.dll
[2010/05/04 20:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\AKM Antivirus 2010 Pro
[2010/05/04 20:54:18 | 001,050,112 | ---- | C] (ADC ltd.) -- C:\Program Files\wpp.exe
[2010/05/04 19:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Escobar\Application Data\Malwarebytes
[2010/05/04 19:10:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/04 19:10:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/04 19:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/04 19:08:44 | 006,153,376 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Escobar\Desktop\mbam-setup.exe
[2010/05/04 19:04:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/04 18:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Escobar\Local Settings\Application Data\arvxweubq
[2010/05/04 18:57:19 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/05/04 18:57:19 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/05/04 18:57:19 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/05/04 18:57:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\PrivacIE
[2010/05/04 18:56:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
[2010/05/04 18:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Smart-Ads-Solutions
[2010/05/04 18:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\ezLife
[2010/05/04 18:54:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010/05/04 18:53:52 | 000,182,784 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\regedit.exe
[2010/05/04 18:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Escobar\Application Data\1F9EDAC48C3DCD2AAE5322FD61FDAF14
[2010/05/04 18:52:42 | 000,036,676 | ---- | C] (Privat) -- C:\WINDOWS\System32\net.net
[2010/05/02 13:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Escobar\My Documents\My Art
[2010/05/02 12:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media
[2010/04/27 23:05:37 | 000,201,728 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\ToyStory_BuzzWoody_Screensaver.scr
[2010/04/27 23:05:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ToyStory_BuzzWoody_Screensaver dir
[2010/04/27 22:58:31 | 000,201,728 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\ToyStory_Potato_Head_Screensaver.scr
[2010/04/27 22:58:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ToyStory_Potato_Head_Screensaver dir
[2010/04/27 14:24:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/04/27 14:04:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\IETldCache
[2010/04/27 12:36:48 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/27 11:28:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Escobar\Recent
[2010/04/16 14:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/04/16 13:59:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/14 22:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/04/14 22:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/04/14 22:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/05/04 21:57:44 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Escobar\NTUSER.DAT
[2010/05/04 21:57:44 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/05/04 21:57:44 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/05/04 21:57:42 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\onkqjnxu.sys
[2010/05/04 21:57:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/04 21:57:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/04 21:57:05 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Escobar\ntuser.ini
[2010/05/04 21:56:31 | 000,000,066 | ---- | M] () -- C:\Program Files\wp4.dat
[2010/05/04 21:56:31 | 000,000,004 | ---- | M] () -- C:\Program Files\wp3.dat
[2010/05/04 21:56:26 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/04 21:56:26 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/05/04 21:05:28 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/05/04 20:55:49 | 000,034,816 | ---- | M] () -- C:\Program Files\alggui.exe
[2010/05/04 20:55:48 | 000,161,792 | ---- | M] (ASC - AntiSpyware) -- C:\Program Files\adc32.dll
[2010/05/04 20:55:37 | 000,000,009 | ---- | M] () -- C:\Program Files\nuar.old
[2010/05/04 20:55:32 | 000,028,672 | ---- | M] () -- C:\Program Files\svchost.exe
[2010/05/04 20:55:28 | 000,000,036 | ---- | M] () -- C:\Program Files\skynet.dat
[2010/05/04 20:55:25 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\Escobar\Desktop\AKM Antivirus 2010 Pro.lnk
[2010/05/04 20:54:56 | 000,000,139 | ---- | M] () -- C:\Program Files\ypp_13259109.bat
[2010/05/04 20:54:55 | 001,050,112 | ---- | M] (ADC ltd.) -- C:\Program Files\wpp.exe
[2010/05/04 20:05:24 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/05/04 19:08:46 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Escobar\Desktop\rkill.com
[2010/05/04 19:08:44 | 006,153,376 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Escobar\Desktop\mbam-setup.exe
[2010/05/04 19:00:28 | 000,020,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\484.exe
[2010/05/04 19:00:10 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/05/04 18:59:56 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\Escobar\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/05/04 18:57:19 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/05/04 18:57:19 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/05/04 18:57:19 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/05/04 18:56:57 | 000,020,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\31.exe
[2010/05/04 18:56:15 | 000,081,408 | ---- | M] () -- C:\WINDOWS\System32\drivers\zcqomdar7.sys
[2010/05/04 18:55:20 | 000,001,211 | ---- | M] () -- C:\Documents and Settings\Escobar\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/05/04 18:55:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/05/04 18:55:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/05/04 18:55:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/05/04 18:55:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/05/04 18:55:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/05/04 18:54:58 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/05/04 18:54:58 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/05/04 18:54:55 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Escobar\reader_s.exe
[2010/05/04 18:54:51 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/05/04 18:54:51 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/05/04 18:54:51 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/05/04 18:54:51 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/04 18:53:56 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\ut478ko117.dll
[2010/05/04 18:53:40 | 000,182,784 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\regedit.exe
[2010/05/04 18:53:32 | 000,026,112 | ---- | M] () -- C:\lsass.exe
[2010/05/04 18:53:25 | 000,164,352 | ---- | M] () -- C:\WINDOWS\Ozecya.exe
[2010/05/04 18:52:42 | 000,036,676 | ---- | M] (Privat) -- C:\WINDOWS\System32\net.net
[2010/05/04 18:47:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL
[2010/05/04 17:14:15 | 267,468,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/04 12:29:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/02 13:02:12 | 000,001,140 | ---- | M] () -- C:\Documents and Settings\Escobar\Desktop\MSN Games.lnk
[2010/05/02 13:02:11 | 000,001,908 | ---- | M] () -- C:\Documents and Settings\Escobar\Desktop\Big City Adventure New York City.lnk
[2010/05/02 12:47:38 | 000,001,886 | ---- | M] () -- C:\Documents and Settings\Escobar\Desktop\Dream Day Wedding Bella Italia.lnk
[2010/05/01 23:16:58 | 000,000,441 | ---- | M] () -- C:\Program Files\0501201020165726.bat
[2010/04/29 18:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 18:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 19:05:47 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Escobar\Desktop\Juan Escobar CSP.doc
[2010/04/27 23:05:37 | 000,201,728 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\ToyStory_BuzzWoody_Screensaver.scr
[2010/04/27 23:02:57 | 005,298,638 | ---- | M] () -- C:\Documents and Settings\Escobar\Desktop\buzzWoody_pc.zip
[2010/04/27 22:58:31 | 000,201,728 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\ToyStory_Potato_Head_Screensaver.scr
[2010/04/27 22:57:03 | 009,322,502 | ---- | M] () -- C:\Documents and Settings\Escobar\Desktop\potato_pc.zip
[2010/04/27 14:06:37 | 000,000,614 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/27 14:06:37 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/27 14:06:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/27 12:36:33 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/27 11:21:23 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Escobar\Desktop\CCleaner.lnk
[2010/04/24 22:35:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/24 12:07:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/17 13:49:05 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Escobar\My Documents\malyssa guzman.doc
[2010/04/17 13:48:45 | 000,020,640 | ---- | M] () -- C:\Documents and Settings\Escobar\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/16 14:00:22 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/15 00:52:46 | 000,158,720 | ---- | M] () -- C:\Documents and Settings\Escobar\My Documents\Doc1.doc
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/05/04 20:55:49 | 000,034,816 | ---- | C] () -- C:\Program Files\alggui.exe
[2010/05/04 20:55:37 | 000,000,009 | ---- | C] () -- C:\Program Files\nuar.old
[2010/05/04 20:55:32 | 000,028,672 | ---- | C] () -- C:\Program Files\svchost.exe
[2010/05/04 20:55:32 | 000,000,066 | ---- | C] () -- C:\Program Files\wp4.dat
[2010/05/04 20:55:32 | 000,000,004 | ---- | C] () -- C:\Program Files\wp3.dat
[2010/05/04 20:55:28 | 000,000,036 | ---- | C] () -- C:\Program Files\skynet.dat
[2010/05/04 20:55:25 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\Escobar\Desktop\AKM Antivirus 2010 Pro.lnk
[2010/05/04 20:54:56 | 000,000,139 | ---- | C] () -- C:\Program Files\ypp_13259109.bat
[2010/05/04 19:08:46 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Escobar\Desktop\rkill.com
[2010/05/04 19:00:28 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\484.exe
[2010/05/04 18:56:57 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\31.exe
[2010/05/04 18:56:16 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\Escobar\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/05/04 18:55:20 | 000,001,211 | ---- | C] () -- C:\Documents and Settings\Escobar\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/05/04 18:55:05 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/05/04 18:55:05 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/05/04 18:55:04 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/05/04 18:55:04 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/05/04 18:55:03 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/05/04 18:55:01 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/05/04 18:55:01 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/05/04 18:54:59 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/05/04 18:54:56 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/05/04 18:54:55 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\zcqomdar7.sys
[2010/05/04 18:54:55 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Escobar\reader_s.exe
[2010/05/04 18:54:52 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/05/04 18:54:50 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/05/04 18:54:49 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/05/04 18:54:47 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/05/04 18:54:43 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\onkqjnxu.sys
[2010/05/04 18:54:41 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/05/04 18:54:40 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/05/04 18:54:39 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/05/04 18:54:39 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/05/04 18:54:39 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/05/04 18:54:39 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/05/04 18:54:39 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/05/04 18:54:38 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/05/04 18:54:38 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/05/04 18:54:38 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/05/04 18:54:38 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/05/04 18:54:12 | 000,164,352 | ---- | C] () -- C:\WINDOWS\Ozecya.exe
[2010/05/04 18:53:56 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\ut478ko117.dll
[2010/05/04 18:53:48 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/04 18:53:43 | 000,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/05/04 18:53:37 | 000,026,112 | ---- | C] () -- C:\lsass.exe
[2010/05/04 18:46:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL
[2010/05/02 13:02:12 | 000,001,140 | ---- | C] () -- C:\Documents and Settings\Escobar\Desktop\MSN Games.lnk
[2010/05/02 13:02:11 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\Escobar\Desktop\Big City Adventure New York City.lnk
[2010/05/02 12:47:38 | 000,001,886 | ---- | C] () -- C:\Documents and Settings\Escobar\Desktop\Dream Day Wedding Bella Italia.lnk
[2010/05/01 23:16:58 | 000,000,441 | ---- | C] () -- C:\Program Files\0501201020165726.bat
[2010/04/28 19:05:47 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Escobar\Desktop\Juan Escobar CSP.doc
[2010/04/27 23:02:54 | 005,298,638 | ---- | C] () -- C:\Documents and Settings\Escobar\Desktop\buzzWoody_pc.zip
[2010/04/27 22:56:32 | 009,322,502 | ---- | C] () -- C:\Documents and Settings\Escobar\Desktop\potato_pc.zip
[2010/04/27 12:32:21 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/17 13:49:04 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Escobar\My Documents\malyssa guzman.doc
[2010/04/16 14:00:02 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/15 00:52:45 | 000,158,720 | ---- | C] () -- C:\Documents and Settings\Escobar\My Documents\Doc1.doc
[2010/01/11 01:07:49 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/01/11 01:07:49 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/01/11 01:07:07 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Escobar\Application Data\$_hpcst$.hpc
[2009/11/27 15:49:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/20 21:39:21 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Escobar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/26 13:34:16 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/07/19 23:44:22 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Escobar\ntuser.ini
[2009/07/19 23:44:21 | 000,114,688 | -H-- | C] () -- C:\Documents and Settings\Escobar\ntuser.dat.LOG
[2009/07/19 23:44:20 | 003,932,160 | -H-- | C] () -- C:\Documents and Settings\Escobar\NTUSER.DAT
[2009/07/19 23:42:41 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2009/07/19 23:42:41 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2009/07/19 23:42:41 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2009/07/19 23:42:41 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2009/07/19 23:42:40 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2009/07/19 23:42:40 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2008/05/04 21:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll
[2007/10/25 21:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2001/08/23 13:00:00 | 000,125,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\ftdisk.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010/05/04 18:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\1F9EDAC48C3DCD2AAE5322FD61FDAF14
[2009/12/09 12:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\countdown_to_volunteer
[2010/04/19 16:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\FileZilla
[2009/12/28 15:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\Friday's games
[2009/08/26 17:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\Gamelab
[2010/02/12 23:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\Leadertech
[2010/05/04 16:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\LimeWire
[2010/01/11 01:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\ML
[2010/01/22 01:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\Nokia
[2010/01/22 01:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\PC Suite
[2010/01/11 01:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\Samsung
[2009/08/05 16:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\Snapfish
[2010/03/02 23:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\Sony Online Entertainment
[2010/02/17 00:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Escobar\Application Data\TS3Client
[2010/05/04 12:29:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/05/04 18:54:51 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/05/04 18:54:51 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/05/04 18:54:51 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/05/04 18:54:51 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/05/04 18:54:58 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/05/04 18:54:58 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/05/04 19:00:10 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/05/04 20:05:24 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/05/04 21:05:28 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/05/04 18:55:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/05/04 18:55:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/05/04 18:55:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/05/04 18:55:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/05/04 18:55:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/05/04 21:56:26 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/05/04 21:56:26 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\windows\tasks\*.job >[/color]
[2010/05/04 12:29:00 | 000,000,472 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/04/24 22:35:02 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At1.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At10.job
[2010/05/04 18:54:51 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At11.job
[2010/05/04 18:54:51 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At12.job
[2010/05/04 18:54:51 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At13.job
[2010/05/04 18:54:51 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At14.job
[2010/05/04 18:54:58 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At15.job
[2010/05/04 18:54:58 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At16.job
[2010/05/04 19:00:10 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At17.job
[2010/05/04 20:05:24 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At18.job
[2010/05/04 21:05:28 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At19.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At2.job
[2010/05/04 18:55:06 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At20.job
[2010/05/04 18:55:06 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At21.job
[2010/05/04 18:55:06 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At22.job
[2010/05/04 18:55:06 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At23.job
[2010/05/04 18:55:06 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At24.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At3.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At4.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At5.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At6.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At7.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At8.job
[2010/05/04 18:54:44 | 000,000,380 | ---- | M] () -- C:\windows\tasks\At9.job
[2010/05/04 21:56:26 | 000,000,250 | -H-- | M] () -- C:\windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/05/04 21:56:26 | 000,000,290 | -H-- | M] () -- C:\windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job


[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/22 14:58:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/07/22 14:58:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 09:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 09:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\AGP440.SYS

[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2002/08/29 04:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2009/07/22 14:58:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/07/22 14:58:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/08/29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: CLASSPNP.SYS  >[/color]
[2002/08/29 03:08:44 | 000,046,336 | ---- | M] (Microsoft Corporation) MD5=4E86B33AFF1A6AF46889CBCF90F0C8F0 -- C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys
[2004/08/04 02:14:26 | 000,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
[2004/08/04 02:14:26 | 000,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- C:\WINDOWS\system32\dllcache\classpnp.sys
[2004/08/04 02:14:26 | 000,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- C:\WINDOWS\system32\drivers\classpnp.sys

[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2002/08/29 04:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2009/07/22 14:58:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/07/22 14:58:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2004/08/04 01:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2004/08/04 01:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\dllcache\disk.sys
[2004/08/04 01:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2002/08/29 02:27:58 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=D1B16340CEACEECBF52340A0CBDF43E1 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys

[color=#A23BEC]< MD5 for: KBDCLASS.SYS  >[/color]
[2002/08/29 04:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:kbdclass.sys
[2009/07/22 14:58:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:kbdclass.sys
[2009/07/22 14:58:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:kbdclass.sys
[2002/08/29 02:27:02 | 000,023,424 | ---- | M] (Microsoft Corporation) MD5=1E7F78C2FC393356CD884C6FDE7966F9 -- C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys
[2004/08/04 01:58:32 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=EBDEE8A2EE5393890A1ACEE971C4C246 -- C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
[2004/08/04 01:58:32 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=EBDEE8A2EE5393890A1ACEE971C4C246 -- C:\WINDOWS\system32\drivers\kbdclass.sys
< End of report >


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:49 PM

Posted 09 May 2010 - 08:06 AM

This is a heavily infected computer with rouge antivirus and there is possibility of a nasty file infector. The exe and com files are hijacked and more.
We do some cleaning and repairing and see if the computer can boot.
  1. Please open OTLPE.
    • Copy the text in code box and paste it to Custom Scans/Fixes section (alternatively you can copy it to a text file and name it fix.txt then drag fix.txt to Scans/Fixes) :

      CODE
      :services
      onkqjnxu
      zcqomdar7
      :otl
      O4 - Startup: C:\Documents and Settings\Escobar\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\Escobar\Application Data\1F9EDAC48C3DCD2AAE5322FD61FDAF14\gotnewupdate000.exe (MS)
      O2 - BHO: (C:\WINDOWS\system32\ut478ko117.dll) - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\ut478ko117.dll ()
      O4 - HKLM..\Run: [12958] C:\Documents and Settings\Escobar\Local Settings\Temp\khvcol.exe ()
      O4 - HKU\Escobar_ON_C..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Documents and Settings\Escobar\Local Settings\Temp\svchost.exe ()
      DRV - [2010/05/04 18:57:19 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 50pfo = C:\DOCUME~1\Escobar\LOCALS~1\Temp\uxq9by.exe ()
      O7 - HKU\Escobar_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
      O7 - HKU\Escobar_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.164.138,93.188.161.247
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.138,93.188.161.247
      O22 - SharedTaskScheduler: {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - kjsfi8sjefiuoshiefyhiusdhfdf - C:\WINDOWS\system32\ut478ko117.dll ()

      :files
      C:\Documents and Settings\Escobar\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\Escobar\Application Data\1F9EDAC48C3DCD2AAE5322FD61FDAF14
      C:\DOCUME~1\Escobar\LOCALS~1\Temp\*.*
      C:\Program Files\adc32.dll
      C:\Program Files\scdata
      C:\Program Files\AKM Antivirus 2010 Pro
      C:\Program Files\wpp.exe
      C:\Program Files\alggui.exe
      C:\Program Files\nuar.old
      C:\Program Files\svchost.exe
      C:\Program Files\wp4.dat
      C:\Program Files\wp3.dat
      C:\Program Files\skynet.dat
      C:\Documents and Settings\Escobar\Local Settings\Application Data\arvxweubq
      C:\WINDOWS\System32\wpcap.dll
      C:\WINDOWS\System32\Packet.dll
      C:\WINDOWS\System32\Packet.dll
      C:\Program Files\alggui.exe
      C:\Program Files\ezLife
      C:\WINDOWS\System32\regedit.exe
      C:\WINDOWS\System32\net.net
      C:\WINDOWS\System32\drivers\onkqjnxu.sys
      C:\WINDOWS\system32\drivers\zcqomdar7.sys
      C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
      C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
      C:\WINDOWS\tasks\at*.job
      C:\WINDOWS\System32\drivers\31.exe
      C:\Documents and Settings\Escobar\reader_s.exe
      C:\WINDOWS\System32\ut478ko117.dll
      C:\lsass.exe
      C:\WINDOWS\Ozecya.exe
      C:\WINDOWS\System32\H@tKeysH@@k.DLL
      C:\Documents and Settings\Escobar\Desktop\AKM Antivirus 2010 Pro.lnk
      C:\Program Files\ypp_13259109.bat
      C:\WINDOWS\System32\drivers\484.exe
      C:\Documents and Settings\Escobar\oashdihasidhasuidhiasdhiashdiuasdhasd
      C:\Documents and Settings\Escobar\Start Menu\Programs\Startup\Antimalware Doctor.lnk
      C:\Program Files\0501201020165726.bat
      C:\WINDOWS\System32\GTW32N50.dll

      :reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com]
      @="comfile"
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]
      @="exefile"
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
      @="\"%1\" %*"
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon]
      @="%1"
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "Malwarebytes' Anti-Malware"=-
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.

  2. Please shut down the computer, remove the Boot CD and restart the computer. Tell me if anything is changed.

Edited by farbar, 09 May 2010 - 08:40 AM.


#12 KaZa

KaZa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 09 May 2010 - 04:27 PM

ok copied and pasted the fix.txt ran program then asked to reboot but no file came upi clicked not to reboot see if file would come up but a window asking me to hit ok so i can see the file but waited 15 minutes and no file. tried to loog for a file manually but wouldnt even know what name it would be under. so i rebooted without cd and its asking me to strike f1 or f2 but my keyboard is still not booting up.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:49 PM

Posted 09 May 2010 - 04:41 PM

QUOTE
ok copied and pasted the fix.txt ran program then asked to reboot but no file came upi clicked not to reboot


You should have rebooted. Now please see if there is a log. The log should be saved on C drive. Please use the Boot CD again. Open My Computer and then C: drive and the log should be a test file with OTL in its name.

Pressing F1 or F2 is what you didn't get before running the fix, isn't it?

Also tell me if you can get to BIOS set up. You said in one of your posts you could get to BIOS to change the boot order. What is the make up and model of your mother board.

Edited by farbar, 09 May 2010 - 04:52 PM.


#14 KaZa

KaZa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 09 May 2010 - 11:59 PM

szPorcessName:smss.exe
szPorcessName:winlogon.exe
szPorcessName:service.exe
szPorcessName:lsass.exe
szPorcessName:svchost.exe
szPorcessName:svchost.exe
szPorcessName:userinit.exe
szPorcessName:explorer.ExE

dell - optiplex gx240
bios version A03
service tag = f7xrk11

that all i could find on the bios. other than that it wont show me the make and model if u know how i can get into it from another way please let me know

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:49 PM

Posted 10 May 2010 - 01:38 AM

Let's first take care of press F1 or F2 key then we do the fix once more.
  1. Enter BIOS set up. Use the arrow keys to move up en down. Under System (you might need to expand it)=> select Boot Sequence and press Enter. You see the list of the booting devices. One of them might be a disk floppy and is mentioned (not present). Move it to the last place. Make sure CD-ROM is still the first.

    Under Drives there is a list of Drives. Select the drive related to Disk Floppy. Press Enter and in the right window select Disable or Turn off.
    Press Esc key and select Save and Exit.

    Press Esc key then select Exit and press Enter to exit the Set Up utility.

  2. Make sure each time you use OTLPE you do the following:
    Insert the CD-ROM into the CD-ROM drive, and then restart the computer.
    • Please be patient as "Windows" loads
    • Your system should now display a REATOGO-X-PE desktop.
    • Double click on the OTLPE icon on your desktop.
    • When asked "Do you wish to load the remote registry", select Yes
    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • On make sure the box "Automatically Load All Remaining Users" is checked and press OK
    • Now apply the fix once more and post the log please.

      Note: When booting with OTLPE open my computer to make sure the hard drive is C: because that is the default letter but in some computers it might be different.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users