Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly google redirect, AVG/MalwareAM can't find it, browser noot loading/loading incredibly slow


  • This topic is locked This topic is locked
31 replies to this topic

#1 Eric2378

Eric2378

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 15 May 2010 - 04:10 PM

So, it started with FF not loading pages very well, "waiting for www.google.com" and such. Switched to IE and google Chrome, same problem. Started looking online for solutions, I have AVG8 installed, no hits. Tried Malewarebytes Anti-Malware, no hits. CCleaner detected two funny things in the startup, TDSS and GEST. Deleted both posts in the startup. Tried ComboFix, don't think that the whole scan went through, rebooted before a log was created and computer said that it restored system after a serious error (my translation from Swedish). During the course of my searching I found you guys, hope someone can help me.

I don't know if it is related, but my hotmail has been sending out spam mails to my address book the last few weeks, I think it is caused by Windows Mail.

I have also noticed when I try to load more common webpages (Google, various news sites, a Swedish maps/telephone directory page) I would see other sites being requested by the browser in the status bar, didn't think about it until I heard about a redirect virus, but it is definately wierd behavior...)

I have followed the instructions in the "Prepare yourself..." post, attaching the required log files from DDS. I could not, unfortunately, get GMER to run completetly, came close once, but it locked up when I was to save the log. Now it just reboots as soon as I oppen the program. Tried to use a random name download, didn't work either. According to a previous post, an OTL log is helpful in such situations, I am going to post one here.

DDS.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by Eric Hamelin at 15:06:02,51 on 2010-05-15
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2046.1443 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program\AVG\AVG8\avgwdsvc.exe
H:\Program\Delade filer\InterVideo\DeviceService\DevSvc.exe
H:\WINDOWS\system32\FsUsbExService.Exe
H:\Program\AVG\AVG8\avgrsx.exe
H:\WINDOWS\system32\svchost.exe -k hpdevmgmt
H:\Program\AVG\AVG8\avgnsx.exe
H:\Program\Java\jre6\bin\jqs.exe
H:\WINDOWS\System32\svchost.exe -k HPZ12
H:\WINDOWS\System32\svchost.exe -k HPZ12
H:\WINDOWS\System32\svchost.exe -k imgsvc
H:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
H:\Program\AVG\AVG8\avgemc.exe
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\SOUNDMAN.EXE
H:\Program\AVG\AVG8\avgtray.exe
H:\Program\Logitech\Gaming Software\LWEMon.exe
H:\Program\AVG\AVG8\avgcsrvx.exe
H:\WINDOWS\system32\ctfmon.exe
i:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
H:\Program\Ray Adams\ATI Tray Tools\atitray.exe
H:\Program\Personal\bin\Personal.exe
I:\Program\MagicDisc\MagicDisc.exe
i:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
H:\Program\Mozilla Firefox\firefox.exe
H:\Program\DAEMON Tools Pro\DTProShellHlp.exe
H:\Documents and Settings\Eric Hamelin\Skrivbord\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - h:\windows\system32\dvmurl.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - h:\program\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - h:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - h:\program\daemon tools toolbar\DTToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] h:\windows\system32\ctfmon.exe
uRun: [AtiTrayTools] "h:\program\ray adams\ati tray tools\atitray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AVG8_TRAY] h:\program\avg\avg8\avgtray.exe
mRun: [Start WingMan Profiler] h:\program\logitech\gaming software\LWEMon.exe /noui
mRun: [StartCCC] "i:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
dRun: [CTFMON.EXE] h:\windows\system32\CTFMON.EXE
StartupFolder: h:\docume~1\ericha~1\start-~1\program\autost~1\magicd~1.lnk - i:\program\magicdisc\MagicDisc.exe
StartupFolder: h:\docume~1\alluse~1\start-~1\program\autost~1\aktive~1.lnk - c:\program\labtecs trådlösa tangentbord-musset\MagicKey.exe
StartupFolder: h:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - h:\program\personal\bin\Personal.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://h:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://h:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - h:\program\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - h:\program\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - h:\program\delade~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - h:\docume~1\ericha~1\applic~1\mozilla\firefox\profiles\oj22nfzs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2201076&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - GRABTHE.INFO Customized Web Search
FF - prefs.js: network.proxy.http - 128.252.19.18
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: h:\documents and settings\eric hamelin\application data\mozilla\firefox\profiles\oj22nfzs.default\extensions\{5c79a359-218f-425f-86bd-ddb2bedf61f8}\components\FFExternalAlert.dll
FF - component: h:\documents and settings\eric hamelin\application data\mozilla\firefox\profiles\oj22nfzs.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: h:\documents and settings\eric hamelin\application data\mozilla\firefox\profiles\oj22nfzs.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: h:\documents and settings\eric hamelin\application data\mozilla\firefox\profiles\oj22nfzs.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: h:\program\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: h:\program\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: h:\program\personal\bin\np_prsnl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - h:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - h:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
h:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
h:\program\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
h:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
h:\program\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
h:\program\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
h:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
h:\program\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
h:\program\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
h:\program\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
h:\program\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
h:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
h:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
h:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
h:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
h:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
h:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
h:\program\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
h:\program\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
h:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
h:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
h:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
h:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
h:\program\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
h:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
h:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
h:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
h:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
h:\program\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
h:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
h:\program\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
h:\program\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
h:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
h:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
h:\program\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
h:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");
h:\program\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
h:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
h:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
h:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 atitray;atitray;h:\program\ray adams\ati tray tools\atitray.sys [2008-9-8 18336]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;h:\windows\system32\drivers\avgldx86.sys [2009-8-7 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;h:\windows\system32\drivers\avgmfx86.sys [2009-8-7 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;h:\windows\system32\drivers\avgtdix.sys [2009-8-7 108552]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/09 22:31:28];i:\program\cyberlink\powerdvd10\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
R2 avg8emc;AVG Free8 E-mail Scanner;h:\program\avg\avg8\avgemc.exe [2009-8-7 908056]
R2 avg8wd;AVG Free8 WatchDog;h:\program\avg\avg8\avgwdsvc.exe [2009-8-7 297752]
R2 FsUsbExService;FsUsbExService;h:\windows\system32\FsUsbExService.Exe [2010-3-27 233472]
R3 FsUsbExDisk;FsUsbExDisk;h:\windows\system32\FsUsbExDisk.Sys [2010-3-27 36608]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;i:\program\ea games\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-25 25832]
S3 SaiH0109;SaiH0109;h:\windows\system32\drivers\SaiH0109.sys [2007-5-1 132232]
S3 SaiU0109;SaiU0109;h:\windows\system32\drivers\SaiU0109.sys [2007-5-1 28416]

=============== Created Last 30 ================

2010-05-15 12:57:42 20 ----a-w- h:\documents and settings\eric hamelin\defogger_reenable
2010-05-14 23:52:34 0 d-s---w- H:\ComboFix
2010-05-14 15:42:13 0 d-----w- h:\docume~1\ericha~1\applic~1\Malwarebytes
2010-05-14 15:42:05 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2010-05-14 15:42:04 20952 ----a-w- h:\windows\system32\drivers\mbam.sys
2010-05-14 15:42:04 0 d-----w- h:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-13 11:24:58 0 d-sha-r- H:\cmdcons
2010-05-13 11:23:08 98816 ----a-w- h:\windows\sed.exe
2010-05-13 11:23:08 77312 ----a-w- h:\windows\MBR.exe
2010-05-13 11:23:08 256512 ----a-w- h:\windows\PEV.exe
2010-05-13 11:23:08 161792 ----a-w- h:\windows\SWREG.exe
2010-05-13 10:56:05 0 d-----w- h:\windows\pss
2010-05-06 18:56:04 293376 ----a-w- h:\windows\system32\midas.dll
2010-05-06 18:56:04 138752 ----a-w- h:\windows\system32\ZipDLL.dll
2010-05-06 18:56:04 122368 ----a-w- h:\windows\system32\UNZDLL.dll
2010-05-06 18:56:04 1044480 ----a-w- h:\windows\system32\ROBOEX32.DLL
2010-05-06 18:56:04 0 d-----w- h:\program\SvampCentralen DEMO
2010-04-29 13:17:30 0 d-----w- h:\program\Mumin

==================== Find3M ====================

2010-05-15 13:05:49 82948 ----a-w- h:\windows\system32\perfc01D.dat
2010-05-15 13:05:49 442620 ----a-w- h:\windows\system32\perfh01D.dat
2010-04-09 20:30:10 505128 ----a-w- h:\windows\system32\msvcp71.dll
2010-04-09 20:30:10 353576 ----a-w- h:\windows\system32\msvcr71.dll
2010-04-09 20:30:10 29480 ----a-w- h:\windows\system32\msxml3a.dll
2010-03-27 16:56:46 5632 ----a-w- h:\windows\system32\drivers\StarOpen.sys
2010-03-11 12:37:44 832512 ----a-w- h:\windows\system32\wininet.dll
2010-03-11 12:37:41 78336 ------w- h:\windows\system32\ieencode.dll
2010-03-11 12:37:41 17408 ----a-w- h:\windows\system32\corpol.dll
2010-03-09 11:11:42 430080 ----a-w- h:\windows\system32\vbscript.dll
2010-03-08 19:23:26 411368 ----a-w- h:\windows\system32\deploytk.dll
2010-02-16 19:09:26 2147328 ----a-w- h:\windows\system32\ntoskrnl.exe
2010-02-16 19:09:26 2025472 ----a-w- h:\windows\system32\ntkrnlpa.exe

============= FINISH: 15:06:19,25 ===============

Edited by Eric2378, 16 May 2010 - 07:52 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:06 PM

Posted 16 May 2010 - 06:55 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Eric2378

Eric2378
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 17 May 2010 - 12:18 AM

Hello!

I am here smile.gif

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:06 PM

Posted 17 May 2010 - 05:24 PM

If you still have the Combofix programme installed please do this:

Please go to Start >Run > and copy/paste the following, then press Enter

C:\QooBox\ComboFix-quarantined-files.txt

A log file should open. Please post that in your next reply.


If you don't have it any more then let me know.
Posted Image
m0le is a proud member of UNITE

#5 Eric2378

Eric2378
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 17 May 2010 - 06:10 PM

I found a QooBox directory, but no .txt files matching that name. The ComboFix program never completed, it just rebooted my computer every time I tried to run it.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:06 PM

Posted 17 May 2010 - 06:37 PM

In order to resolve your problem we will need to to download a program called OTLPE. This program is quite large, at 292MB, so it will take a while to download. In order to get this program setup properly, please print out these instructions so you can follow them when you are at the computer we will be working on.

First

Please download ISOBurner, which will allow you to burn the OTLPE ISO image to a CD and make it bootable. Just download and install the program and follow all the default questions.


Second
  • Download the OTLPE.iso to your computer and burn it to the CD using ISOBurner. Information on how to burn an ISO image using ISOBurner can be found here.

    NOTE: This file is 292Mb in size so it may take some time to download.

  • When the file has finished downloading, double-click on it and ISOBurner will automatically open and prompt you to burn the ISO image to a CD.

  • Once it has finished creating the CD, reboot your system using the boot CD you just created.

    Note:If you do not know how to set your computer to boot from CD, please follow the steps here.

  • When the CD has finished booting your computer, you should now see a REATOGO-X-PE desktop.

  • Double-click on the OTLPE icon that is on the desktop.

  • When asked Do you wish to load the remote registry, select Yes.

  • When asked Do you wish to load remote user profile(s) for scanning, select Yes.

  • Ensure the box Automatically Load All Remaining Users is checked and press OK.

  • OTL should now start. Change the following settings
    • Change Drivers to Use SafeList
    • Under the Custom Scan box paste the following commands:

      /md5start
      iaStor.sys
      nvstor.sys
      atapi.sys
      nvata.sys
      iastorv.sys
      /md5stop
  • Press the Run Scan button to start the scan.

  • When finished, the OTL.txt log file will be saved in the folder C:\.

  • If you do not have an Internet connection to the post the contents of the OTL.txt file, then copy this file to a USB drive.

  • Then post the contents of the OTL.txt file in your next reply.

Posted Image
m0le is a proud member of UNITE

#7 Eric2378

Eric2378
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 18 May 2010 - 12:32 PM

OTL logfile created on: 5/18/2010 8:25:59 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program
Drive C: | 24.41 Gb Total Space | 8.02 Gb Free Space | 32.86% Space Free | Partition Type: NTFS
Drive D: | 244.14 Gb Total Space | 87.11 Gb Free Space | 35.68% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 5.38 Gb Free Space | 2.31% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 39.81 Gb Free Space | 40.76% Space Free | Partition Type: NTFS
Drive G: | 343.68 Gb Total Space | 43.43 Gb Free Space | 12.64% Space Free | Partition Type: NTFS
Drive H: | 221.61 Gb Total Space | 17.71 Gb Free Space | 7.99% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (xmlprov)
SRV - File not found [Auto] -- -- (WZCSVC)
SRV - File not found [Auto] -- -- (wscsvc)
SRV - File not found [On_Demand] -- -- (WmiApSrv)
SRV - File not found [On_Demand] -- -- (Wmi)
SRV - File not found [On_Demand] -- -- (WmdmPmSN)
SRV - File not found [Auto] -- -- (winmgmt)
SRV - File not found [Auto] -- -- (WebClient)
SRV - File not found [Auto] -- -- (W32Time)
SRV - File not found [On_Demand] -- -- (VSS)
SRV - File not found [On_Demand] -- -- (UPS)
SRV - File not found [On_Demand] -- -- (upnphost)
SRV - File not found [Auto] -- -- (UleadBurningHelper)
SRV - File not found [Auto] -- -- (TrkWks)
SRV - File not found [On_Demand] -- -- (TlntSvr)
SRV - File not found [Auto] -- -- (Themes)
SRV - File not found [On_Demand] -- -- (TermService)
SRV - File not found [On_Demand] -- -- (TapiSrv)
SRV - File not found [On_Demand] -- -- (SysmonLog)
SRV - File not found [On_Demand] -- -- (SwPrv)
SRV - File not found [Auto] -- -- (stisvc) WIA (Windows Image Acquisition)
SRV - File not found [Disabled] -- -- (SSDPSRV)
SRV - File not found [Auto] -- -- (srservice)
SRV - File not found [Auto] -- -- (Spooler)
SRV - File not found [Auto] -- -- (ShellHWDetection)
SRV - File not found [Auto] -- -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - File not found [On_Demand] -- -- (ServiceLayer)
SRV - File not found [Auto] -- -- (SENS)
SRV - File not found [Auto] -- -- (seclogon)
SRV - File not found [Auto] -- -- (Schedule)
SRV - File not found [On_Demand] -- -- (SCardSvr)
SRV - File not found [Auto] -- -- (SamSs)
SRV - File not found [On_Demand] -- -- (RSVP)
SRV - File not found [Auto] -- -- (RpcSs) Remote Procedure Call (RPC)
SRV - File not found [On_Demand] -- -- (RpcLocator) Remote Procedure Call (RPC)
SRV - File not found [Auto] -- -- (RemoteRegistry)
SRV - File not found [Disabled] -- -- (RemoteAccess)
SRV - File not found [On_Demand] -- -- (RDSessMgr)
SRV - File not found [On_Demand] -- -- (RasMan)
SRV - File not found [On_Demand] -- -- (RasAuto)
SRV - File not found [Auto] -- -- (ProtectedStorage)
SRV - File not found [Auto] -- -- (PolicyAgent)
SRV - File not found [Auto] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto] -- -- (PlugPlay)
SRV - File not found [On_Demand] -- -- (ose)
SRV - File not found [On_Demand] -- -- (NtmsSvc)
SRV - File not found [On_Demand] -- -- (NtLmSsp)
SRV - File not found [On_Demand] -- -- (Nla) Network Location Awareness (NLA)
SRV - File not found [Disabled] -- -- (NetTcpPortSharing)
SRV - File not found [On_Demand] -- -- (Netman)
SRV - File not found [On_Demand] -- -- (Netlogon)
SRV - File not found [Disabled] -- -- (NetDDEdsdm)
SRV - File not found [Disabled] -- -- (NetDDE)
SRV - File not found [Auto] -- -- (Net Driver HPZ12)
SRV - File not found [On_Demand] -- -- (napagent)
SRV - File not found [On_Demand] -- -- (MSIServer)
SRV - File not found [On_Demand] -- -- (MSDTC)
SRV - File not found [On_Demand] -- -- (mnmsrvc)
SRV - File not found [Disabled] -- -- (Messenger)
SRV - File not found [Auto] -- -- (LmHosts)
SRV - File not found [Auto] -- -- (lanmanworkstation)
SRV - File not found [Auto] -- -- (lanmanserver)
SRV - File not found [Auto] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand] -- -- (ImapiService)
SRV - File not found [On_Demand] -- -- (idsvc)
SRV - File not found [On_Demand] -- -- (HTTPFilter)
SRV - File not found [Auto] -- -- (hpqddsvc)
SRV - File not found [On_Demand] -- -- (hpqcxs08)
SRV - File not found [Auto] -- -- (hpdj)
SRV - File not found [On_Demand] -- -- (hkmsvc)
SRV - File not found [Auto] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (getPlus® Helper) getPlus®
SRV - File not found [Auto] -- -- (FsUsbExService)
SRV - File not found [On_Demand] -- -- (FontCache3.0.0.0)
SRV - File not found [On_Demand] -- -- (FastUserSwitchingCompatibility)
SRV - File not found [On_Demand] -- -- (EventSystem)
SRV - File not found [Auto] -- -- (Eventlog)
SRV - File not found [Auto] -- -- (ERSvc)
SRV - File not found [On_Demand] -- -- (EapHost) EAP-tjänsten (Extensible Authentication Protocol)
SRV - File not found [On_Demand] -- -- (Dot3svc)
SRV - File not found [Auto] -- -- (Dnscache)
SRV - File not found [Auto] -- -- (dmserver)
SRV - File not found [On_Demand] -- -- (dmadmin)
SRV - File not found [Auto] -- -- (Dhcp)
SRV - File not found [Auto] -- -- (DcomLaunch)
SRV - File not found [On_Demand] -- -- (DAUpdaterSvc)
SRV - File not found [Auto] -- -- (CryptSvc)
SRV - File not found [On_Demand] -- -- (COMSysApp)
SRV - File not found [On_Demand] -- -- (clr_optimization_v2.0.50727_32)
SRV - File not found [On_Demand] -- -- (ClipSrv)
SRV - File not found [On_Demand] -- -- (CiSvc)
SRV - File not found [Auto] -- -- (Browser)
SRV - File not found [On_Demand] -- -- (BITS)
SRV - File not found [Auto] -- -- (avg8wd)
SRV - File not found [Auto] -- -- (avg8emc)
SRV - File not found [Auto] -- -- (AudioSrv)
SRV - File not found [Auto] -- -- (ATI Smart)
SRV - File not found [Auto] -- -- (Ati HotKey Poller)
SRV - File not found [On_Demand] -- -- (aspnet_state)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - File not found [On_Demand] -- -- (ALG)
SRV - File not found [Disabled] -- -- (Alerter)
SRV - [2008/04/14 12:04:56 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 12:04:47 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (xusb21)
DRV - File not found [Kernel | On_Demand] -- -- (WSTCODEC)
DRV - File not found [Kernel | On_Demand] -- -- (WmXlCore)
DRV - File not found [Kernel | On_Demand] -- -- (WmVirHid)
DRV - File not found [Kernel | System] -- -- (WmiAcpi)
DRV - File not found [Kernel | On_Demand] -- -- (WmFilter)
DRV - File not found [Kernel | On_Demand] -- -- (WmBEnum)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock)
DRV - File not found [Kernel | On_Demand] -- -- (wdmaud)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (Wdf01000)
DRV - File not found [Kernel | On_Demand] -- -- (Wanarp)
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | System] -- -- (VgaSave)
DRV - File not found [Kernel | On_Demand] -- -- (usbstor)
DRV - File not found [Kernel | On_Demand] -- -- (usbscan)
DRV - File not found [Kernel | On_Demand] -- -- (usbprint)
DRV - File not found [Kernel | On_Demand] -- -- (usbohci)
DRV - File not found [Kernel | On_Demand] -- -- (usbhub) Drivrutin för Microsoft USB-standardnav (hub)
DRV - File not found [Kernel | On_Demand] -- -- (usbehci)
DRV - File not found [Kernel | On_Demand] -- -- (usbccgp)
DRV - File not found [Kernel | On_Demand] -- -- (Update)
DRV - File not found [Kernel | On_Demand] -- -- (umpusbxp)
DRV - File not found [Kernel | System] -- -- (TermDD)
DRV - File not found [Kernel | On_Demand] -- -- (TDTCP)
DRV - File not found [Kernel | On_Demand] -- -- (TDPIPE)
DRV - File not found [Kernel | System] -- -- (Tcpip)
DRV - File not found [Kernel | On_Demand] -- -- (sysaudio)
DRV - File not found [Kernel | On_Demand] -- -- (swmidi)
DRV - File not found [Kernel | On_Demand] -- -- (swenum)
DRV - File not found [Kernel | On_Demand] -- -- (streamip)
DRV - File not found [Kernel | On_Demand] -- -- (sscdmdm)
DRV - File not found [Kernel | On_Demand] -- -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand] -- -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - File not found [File_System | On_Demand] -- -- (Srv)
DRV - File not found [File_System | Boot] -- -- (sr)
DRV - File not found [Kernel | Boot] -- -- (sptd)
DRV - File not found [Kernel | On_Demand] -- -- (splitter)
DRV - File not found [Kernel | On_Demand] -- -- (SLIP)
DRV - File not found [Kernel | System] -- -- (Sfloppy)
DRV - File not found [Kernel | System] -- -- (Serial)
DRV - File not found [Kernel | On_Demand] -- -- (serenum)
DRV - File not found [Kernel | On_Demand] -- -- (Secdrv)
DRV - File not found [Kernel | On_Demand] -- -- (SaiU0109)
DRV - File not found [Kernel | On_Demand] -- -- (SaiNtBus)
DRV - File not found [Kernel | On_Demand] -- -- (SaiMini)
DRV - File not found [Kernel | On_Demand] -- -- (SaiH0109)
DRV - File not found [Kernel | On_Demand] -- -- (RTLE8023xp)
DRV - File not found [Kernel | On_Demand] -- -- (RTHDMIAzAudService)
DRV - File not found [Kernel | System] -- -- (redbook)
DRV - File not found [Kernel | On_Demand] -- -- (RDPWD)
DRV - File not found [Kernel | On_Demand] -- -- (rdpdr)
DRV - File not found [Kernel | System] -- -- (RDPCDD)
DRV - File not found [File_System | System] -- -- (Rdbss)
DRV - File not found [Kernel | On_Demand] -- -- (Raspti)
DRV - File not found [Kernel | On_Demand] -- -- (RasPppoe)
DRV - File not found [Kernel | On_Demand] -- -- (Rasl2tp) WAN Miniport (L2TP)
DRV - File not found [Kernel | System] -- -- (RasAcd)
DRV - File not found [Kernel | On_Demand] -- -- (Ptilink)
DRV - File not found [Kernel | On_Demand] -- -- (PSched)
DRV - File not found [Kernel | System] -- -- (Processor)
DRV - File not found [Kernel | On_Demand] -- -- (PptpMiniport) WAN Miniport (PPTP)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | Boot] -- -- (PCIIde)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- -- (PCI)
DRV - File not found [Kernel | Auto] -- -- (ParVdm)
DRV - File not found [Kernel | Boot] -- -- (PartMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Parport)
DRV - File not found [Kernel | Boot] -- -- (ohci1394)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | System] -- -- (Null)
DRV - File not found [File_System | System] -- -- (Npfs)
DRV - File not found [Kernel | On_Demand] -- -- (NIC1394)
DRV - File not found [Kernel | System] -- -- (NetBT)
DRV - File not found [File_System | System] -- -- (NetBIOS)
DRV - File not found [Kernel | On_Demand] -- -- (NDProxy)
DRV - File not found [Kernel | On_Demand] -- -- (NdisWan)
DRV - File not found [Kernel | On_Demand] -- -- (Ndisuio)
DRV - File not found [Kernel | On_Demand] -- -- (NdisTapi)
DRV - File not found [Kernel | On_Demand] -- -- (NdisIP)
DRV - File not found [Kernel | Boot] -- -- (NDIS)
DRV - File not found [Kernel | On_Demand] -- -- (NABTSFEC)
DRV - File not found [File_System | Boot] -- -- (Mup)
DRV - File not found [Kernel | On_Demand] -- -- (MSTEE)
DRV - File not found [Kernel | On_Demand] -- -- (mssmbios)
DRV - File not found [Kernel | On_Demand] -- -- (MSPQM)
DRV - File not found [Kernel | On_Demand] -- -- (MSPCLOCK)
DRV - File not found [Kernel | On_Demand] -- -- (MSKSSRV)
DRV - File not found [File_System | System] -- -- (Msfs)
DRV - File not found [Kernel | On_Demand] -- -- (MSDV)
DRV - File not found [File_System | System] -- -- (MRxSmb)
DRV - File not found [File_System | On_Demand] -- -- (MRxDAV)
DRV - File not found [Kernel | Boot] -- -- (MountMgr)
DRV - File not found [Kernel | On_Demand] -- -- (mouhid)
DRV - File not found [Kernel | System] -- -- (Mouclass)
DRV - File not found [Kernel | On_Demand] -- -- (Modem)
DRV - File not found [Kernel | System] -- -- (mnmdd)
DRV - File not found [Kernel | On_Demand] -- -- (mcdbus)
DRV - File not found [Kernel | Auto] -- -- (lirsgt)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot] -- -- (KSecDD)
DRV - File not found [Kernel | On_Demand] -- -- (kmixer)
DRV - File not found [Kernel | System] -- -- (kbdhid)
DRV - File not found [Kernel | System] -- -- (Kbdclass)
DRV - File not found [Kernel | Boot] -- -- (isapnp)
DRV - File not found [Kernel | On_Demand] -- -- (IRENUM)
DRV - File not found [Kernel | System] -- -- (IPSec)
DRV - File not found [Kernel | On_Demand] -- -- (IpNat)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IpFilterDriver)
DRV - File not found [Kernel | On_Demand] -- -- (ip6fw)
DRV - File not found [Kernel | On_Demand] -- -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | System] -- -- (Imapi)
DRV - File not found [Kernel | System] -- -- (i8042prt)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (HTTP)
DRV - File not found [Kernel | On_Demand] -- -- (HPZius12)
DRV - File not found [Kernel | On_Demand] -- -- (HPZipr12)
DRV - File not found [Kernel | On_Demand] -- -- (HPZid412)
DRV - File not found [Kernel | On_Demand] -- -- (hidusb)
DRV - File not found [Kernel | On_Demand] -- -- (HDAudBus)
DRV - File not found [Kernel | On_Demand] -- -- (Gpc)
DRV - File not found [Kernel | On_Demand] -- -- (gdrv)
DRV - File not found [Kernel | Boot] -- -- (Ftdisk)
DRV - File not found [Kernel | On_Demand] -- -- (FsUsbExDisk)
DRV - File not found [Recognizer | System] -- -- (Fs_Rec)
DRV - File not found [File_System | Boot] -- -- (FltMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Flpydisk)
DRV - File not found [Kernel | System] -- -- (Fips)
DRV - File not found [Kernel | On_Demand] -- -- (Fdc)
DRV - File not found [Kernel | On_Demand] -- -- (drmkaud)
DRV - File not found [Kernel | On_Demand] -- -- (DMusic)
DRV - File not found [Kernel | Boot] -- -- (dmload)
DRV - File not found [Kernel | Boot] -- -- (dmio)
DRV - File not found [Kernel | Boot] -- -- (Disk)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (Cdrom)
DRV - File not found [Kernel | System] -- -- (Cdaudio)
DRV - File not found [Kernel | On_Demand] -- -- (CCDECODE)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - File not found [Kernel | System] -- -- (AvgTdiX)
DRV - File not found [File_System | System] -- -- (AvgMfx86)
DRV - File not found [Kernel | System] -- -- (AvgLdx86)
DRV - File not found [Kernel | On_Demand] -- -- (Avc)
DRV - File not found [Kernel | On_Demand] -- -- (audstub)
DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc)
DRV - File not found [Kernel | Auto] -- -- (atksgt)
DRV - File not found [Kernel | System] -- -- (atitray)
DRV - File not found [Kernel | On_Demand] -- -- (ati2mtag)
DRV - File not found [Kernel | Boot] -- -- (atapi)
DRV - File not found [Kernel | On_Demand] -- -- (AsyncMac)
DRV - File not found [Kernel | On_Demand] -- -- (Arp1394)
DRV - File not found [Kernel | System] -- -- (AFD)
DRV - File not found [Kernel | On_Demand] -- -- (aec)
DRV - File not found [Kernel | Boot] -- -- (ACPI)
DRV - File not found [Kernel | On_Demand] -- -- (61883)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Eric_Hamelin_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\WINDOWS\System32\ieframe.dll File not found
IE - HKU\Eric_Hamelin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Eric_Hamelin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: H:\Program\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: H:\Program\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: H:\Program\Mozilla Firefox\plugins


Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKU\Eric_Hamelin_ON_C\..\Toolbar\ShellBrowser: (&Adress) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - H:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Eric_Hamelin_ON_C\..\Toolbar\WebBrowser: (&Adress) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - H:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Eric_Hamelin_ON_C\..\Toolbar\WebBrowser: (&Länkar) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - H:\WINDOWS\System32\SHELL32.dll File not found
O4 - HKLM..\Run: [Alcmtr] File not found
O4 - HKLM..\Run: [AlcWzrd] File not found
O4 - HKLM..\Run: [AVG8_TRAY] H:\Program\AVG\AVG8\avgtray.exe File not found
O4 - HKLM..\Run: [RTHDCPL] File not found
O4 - HKLM..\Run: [SoundMan] File not found
O4 - HKLM..\Run: [Start WingMan Profiler] H:\Program\Logitech\Gaming Software\LWEMon.exe File not found
O4 - HKLM..\Run: [StartCCC] i:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE File not found
O4 - HKU\Eric_Hamelin_ON_C..\Run: [AtiTrayTools] H:\Program\Ray Adams\ATI Tray Tools\atitray.exe File not found
O4 - HKU\Eric_Hamelin_ON_C..\Run: [CTFMON.EXE] H:\WINDOWS\System32\ctfmon.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Eric_Hamelin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Eric_Hamelin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - H:\WINDOWS\System32\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - H:\WINDOWS\System32\winrnr.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\WINDOWS\System32\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\WINDOWS\System32\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - H:\WINDOWS\System32\mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://H:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://H:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - H:\WINDOWS\System32\msvidctl.dll File not found
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\WINDOWS\System32\itss.dll File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - H:\WINDOWS\System32\inetcomm.dll File not found
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\WINDOWS\System32\itss.dll File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program\DELADE~1\Skype\SKYPE4~1.DLL File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - H:\WINDOWS\System32\msvidctl.dll File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - H:\WINDOWS\System32\wiascr.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - H:\WINDOWS\System32\SHELL32.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\System32\userinit.exe File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - H:\WINDOWS\System32\dimsntfy.dll File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - H:\WINDOWS\System32\SHELL32.dll File not found
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - H:\WINDOWS\System32\SHELL32.dll File not found
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - H:\WINDOWS\System32\stobject.dll File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - H:\WINDOWS\System32\webcheck.dll File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - H:\WINDOWS\System32\browseui.dll File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - H:\WINDOWS\System32\browseui.dll File not found
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O30 - LSA: Authentication Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (kerberos) - File not found
O30 - LSA: Security Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (schannel) - File not found
O30 - LSA: Security Packages - (wdigest) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========


========== Files - Modified Within 30 Days ==========


========== LOP Check ==========


========== Purity Check ==========



========== Custom Scans ==========


< End of report >


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:06 PM

Posted 18 May 2010 - 04:25 PM

The log is showing no files found and this could be bad news if we can't find them elsewhere.

Type the following into the Custom Scan box:

CODE
c:\*.*
c:\*.
c:\program files\*.
c:\windows\*.


Click on the NONE button and then scan again.
Posted Image
m0le is a proud member of UNITE

#9 Eric2378

Eric2378
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 18 May 2010 - 04:37 PM

My windows directory is H:\Windows, my program directory is I:\Program or I:\Program Files

I noticed that when the scan saved its log, it saved it to F:\ but according to OTL it shows C:\ as my windows directory...

Does that help? I think I should use different commands since my drives are partitioned as they are and C:\ is not what OTL thinks it should be, what should I put into the custom scan?

I assume

H:\*.*
H:\*.
I:\Program
I:\Program Files
H:\Windows

Is it relevant that OTL doesn't seem to have the drives in the right place, when I open "My Computer"?

Edited by Eric2378, 18 May 2010 - 04:41 PM.


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:06 PM

Posted 18 May 2010 - 05:36 PM

Yes, please run this script

CODE
H:\*.*
H:\*.
I:\Program
I:\Program Files
H:\Windows


Do not click the NONE button this time. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#11 Eric2378

Eric2378
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 19 May 2010 - 10:36 AM

I don't think OTL found the files now either... Must be he fact that the drives are switched around from what OTL is expecting, but we have searched both C: and H:

The log states that it is searching H:\Windows, even in the first version...

I will try as you suggested in post 8 after this...


OTL logfile created on: 5/19/2010 9:36:19 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program
Drive C: | 24.41 Gb Total Space | 8.01 Gb Free Space | 32.80% Space Free | Partition Type: NTFS
Drive D: | 244.14 Gb Total Space | 87.11 Gb Free Space | 35.68% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 4.69 Gb Free Space | 2.01% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 39.81 Gb Free Space | 40.76% Space Free | Partition Type: NTFS
Drive G: | 343.68 Gb Total Space | 43.25 Gb Free Space | 12.58% Space Free | Partition Type: NTFS
Drive H: | 221.61 Gb Total Space | 13.27 Gb Free Space | 5.99% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (xmlprov)
SRV - File not found [Auto] -- -- (WZCSVC)
SRV - File not found [Auto] -- -- (wscsvc)
SRV - File not found [On_Demand] -- -- (WmiApSrv)
SRV - File not found [On_Demand] -- -- (Wmi)
SRV - File not found [On_Demand] -- -- (WmdmPmSN)
SRV - File not found [Auto] -- -- (winmgmt)
SRV - File not found [Auto] -- -- (WebClient)
SRV - File not found [Auto] -- -- (W32Time)
SRV - File not found [On_Demand] -- -- (VSS)
SRV - File not found [On_Demand] -- -- (UPS)
SRV - File not found [On_Demand] -- -- (upnphost)
SRV - File not found [Auto] -- -- (UleadBurningHelper)
SRV - File not found [Auto] -- -- (TrkWks)
SRV - File not found [On_Demand] -- -- (TlntSvr)
SRV - File not found [Auto] -- -- (Themes)
SRV - File not found [On_Demand] -- -- (TermService)
SRV - File not found [On_Demand] -- -- (TapiSrv)
SRV - File not found [On_Demand] -- -- (SysmonLog)
SRV - File not found [On_Demand] -- -- (SwPrv)
SRV - File not found [Auto] -- -- (stisvc) WIA (Windows Image Acquisition)
SRV - File not found [Disabled] -- -- (SSDPSRV)
SRV - File not found [Auto] -- -- (srservice)
SRV - File not found [Auto] -- -- (Spooler)
SRV - File not found [Auto] -- -- (ShellHWDetection)
SRV - File not found [Auto] -- -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - File not found [On_Demand] -- -- (ServiceLayer)
SRV - File not found [Auto] -- -- (SENS)
SRV - File not found [Auto] -- -- (seclogon)
SRV - File not found [Auto] -- -- (Schedule)
SRV - File not found [On_Demand] -- -- (SCardSvr)
SRV - File not found [Auto] -- -- (SamSs)
SRV - File not found [On_Demand] -- -- (RSVP)
SRV - File not found [Auto] -- -- (RpcSs) Remote Procedure Call (RPC)
SRV - File not found [On_Demand] -- -- (RpcLocator) Remote Procedure Call (RPC)
SRV - File not found [Auto] -- -- (RemoteRegistry)
SRV - File not found [Disabled] -- -- (RemoteAccess)
SRV - File not found [On_Demand] -- -- (RDSessMgr)
SRV - File not found [On_Demand] -- -- (RasMan)
SRV - File not found [On_Demand] -- -- (RasAuto)
SRV - File not found [Auto] -- -- (ProtectedStorage)
SRV - File not found [Auto] -- -- (PolicyAgent)
SRV - File not found [Auto] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto] -- -- (PlugPlay)
SRV - File not found [On_Demand] -- -- (ose)
SRV - File not found [On_Demand] -- -- (NtmsSvc)
SRV - File not found [On_Demand] -- -- (NtLmSsp)
SRV - File not found [On_Demand] -- -- (Nla) Network Location Awareness (NLA)
SRV - File not found [Disabled] -- -- (NetTcpPortSharing)
SRV - File not found [On_Demand] -- -- (Netman)
SRV - File not found [On_Demand] -- -- (Netlogon)
SRV - File not found [Disabled] -- -- (NetDDEdsdm)
SRV - File not found [Disabled] -- -- (NetDDE)
SRV - File not found [Auto] -- -- (Net Driver HPZ12)
SRV - File not found [On_Demand] -- -- (napagent)
SRV - File not found [On_Demand] -- -- (MSIServer)
SRV - File not found [On_Demand] -- -- (MSDTC)
SRV - File not found [On_Demand] -- -- (mnmsrvc)
SRV - File not found [Disabled] -- -- (Messenger)
SRV - File not found [Auto] -- -- (LmHosts)
SRV - File not found [Auto] -- -- (lanmanworkstation)
SRV - File not found [Auto] -- -- (lanmanserver)
SRV - File not found [Auto] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand] -- -- (ImapiService)
SRV - File not found [On_Demand] -- -- (idsvc)
SRV - File not found [On_Demand] -- -- (HTTPFilter)
SRV - File not found [Auto] -- -- (hpqddsvc)
SRV - File not found [On_Demand] -- -- (hpqcxs08)
SRV - File not found [Auto] -- -- (hpdj)
SRV - File not found [On_Demand] -- -- (hkmsvc)
SRV - File not found [Auto] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (getPlus® Helper) getPlus®
SRV - File not found [Auto] -- -- (FsUsbExService)
SRV - File not found [On_Demand] -- -- (FontCache3.0.0.0)
SRV - File not found [On_Demand] -- -- (FastUserSwitchingCompatibility)
SRV - File not found [On_Demand] -- -- (EventSystem)
SRV - File not found [Auto] -- -- (Eventlog)
SRV - File not found [Auto] -- -- (ERSvc)
SRV - File not found [On_Demand] -- -- (EapHost) EAP-tjänsten (Extensible Authentication Protocol)
SRV - File not found [On_Demand] -- -- (Dot3svc)
SRV - File not found [Auto] -- -- (Dnscache)
SRV - File not found [Auto] -- -- (dmserver)
SRV - File not found [On_Demand] -- -- (dmadmin)
SRV - File not found [Auto] -- -- (Dhcp)
SRV - File not found [Auto] -- -- (DcomLaunch)
SRV - File not found [On_Demand] -- -- (DAUpdaterSvc)
SRV - File not found [Auto] -- -- (CryptSvc)
SRV - File not found [On_Demand] -- -- (COMSysApp)
SRV - File not found [On_Demand] -- -- (clr_optimization_v2.0.50727_32)
SRV - File not found [On_Demand] -- -- (ClipSrv)
SRV - File not found [On_Demand] -- -- (CiSvc)
SRV - File not found [Auto] -- -- (Browser)
SRV - File not found [On_Demand] -- -- (BITS)
SRV - File not found [Auto] -- -- (avg8wd)
SRV - File not found [Auto] -- -- (avg8emc)
SRV - File not found [Auto] -- -- (AudioSrv)
SRV - File not found [Auto] -- -- (ATI Smart)
SRV - File not found [Auto] -- -- (Ati HotKey Poller)
SRV - File not found [On_Demand] -- -- (aspnet_state)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - File not found [On_Demand] -- -- (ALG)
SRV - File not found [Disabled] -- -- (Alerter)
SRV - [2008/04/14 12:04:56 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 12:04:47 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (xusb21)
DRV - File not found [Kernel | On_Demand] -- -- (WSTCODEC)
DRV - File not found [Kernel | On_Demand] -- -- (WmXlCore)
DRV - File not found [Kernel | On_Demand] -- -- (WmVirHid)
DRV - File not found [Kernel | System] -- -- (WmiAcpi)
DRV - File not found [Kernel | On_Demand] -- -- (WmFilter)
DRV - File not found [Kernel | On_Demand] -- -- (WmBEnum)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock)
DRV - File not found [Kernel | On_Demand] -- -- (wdmaud)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (Wdf01000)
DRV - File not found [Kernel | On_Demand] -- -- (Wanarp)
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | System] -- -- (VgaSave)
DRV - File not found [Kernel | On_Demand] -- -- (usbstor)
DRV - File not found [Kernel | On_Demand] -- -- (usbscan)
DRV - File not found [Kernel | On_Demand] -- -- (usbprint)
DRV - File not found [Kernel | On_Demand] -- -- (usbohci)
DRV - File not found [Kernel | On_Demand] -- -- (usbhub) Drivrutin för Microsoft USB-standardnav (hub)
DRV - File not found [Kernel | On_Demand] -- -- (usbehci)
DRV - File not found [Kernel | On_Demand] -- -- (usbccgp)
DRV - File not found [Kernel | On_Demand] -- -- (Update)
DRV - File not found [Kernel | On_Demand] -- -- (umpusbxp)
DRV - File not found [Kernel | System] -- -- (TermDD)
DRV - File not found [Kernel | On_Demand] -- -- (TDTCP)
DRV - File not found [Kernel | On_Demand] -- -- (TDPIPE)
DRV - File not found [Kernel | System] -- -- (Tcpip)
DRV - File not found [Kernel | On_Demand] -- -- (sysaudio)
DRV - File not found [Kernel | On_Demand] -- -- (swmidi)
DRV - File not found [Kernel | On_Demand] -- -- (swenum)
DRV - File not found [Kernel | On_Demand] -- -- (streamip)
DRV - File not found [Kernel | On_Demand] -- -- (sscdmdm)
DRV - File not found [Kernel | On_Demand] -- -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand] -- -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - File not found [File_System | On_Demand] -- -- (Srv)
DRV - File not found [File_System | Boot] -- -- (sr)
DRV - File not found [Kernel | Boot] -- -- (sptd)
DRV - File not found [Kernel | On_Demand] -- -- (splitter)
DRV - File not found [Kernel | On_Demand] -- -- (SLIP)
DRV - File not found [Kernel | System] -- -- (Sfloppy)
DRV - File not found [Kernel | System] -- -- (Serial)
DRV - File not found [Kernel | On_Demand] -- -- (serenum)
DRV - File not found [Kernel | On_Demand] -- -- (Secdrv)
DRV - File not found [Kernel | On_Demand] -- -- (SaiU0109)
DRV - File not found [Kernel | On_Demand] -- -- (SaiNtBus)
DRV - File not found [Kernel | On_Demand] -- -- (SaiMini)
DRV - File not found [Kernel | On_Demand] -- -- (SaiH0109)
DRV - File not found [Kernel | On_Demand] -- -- (RTLE8023xp)
DRV - File not found [Kernel | On_Demand] -- -- (RTHDMIAzAudService)
DRV - File not found [Kernel | System] -- -- (redbook)
DRV - File not found [Kernel | On_Demand] -- -- (RDPWD)
DRV - File not found [Kernel | On_Demand] -- -- (rdpdr)
DRV - File not found [Kernel | System] -- -- (RDPCDD)
DRV - File not found [File_System | System] -- -- (Rdbss)
DRV - File not found [Kernel | On_Demand] -- -- (Raspti)
DRV - File not found [Kernel | On_Demand] -- -- (RasPppoe)
DRV - File not found [Kernel | On_Demand] -- -- (Rasl2tp) WAN Miniport (L2TP)
DRV - File not found [Kernel | System] -- -- (RasAcd)
DRV - File not found [Kernel | On_Demand] -- -- (Ptilink)
DRV - File not found [Kernel | On_Demand] -- -- (PSched)
DRV - File not found [Kernel | System] -- -- (Processor)
DRV - File not found [Kernel | On_Demand] -- -- (PptpMiniport) WAN Miniport (PPTP)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | Boot] -- -- (PCIIde)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- -- (PCI)
DRV - File not found [Kernel | Auto] -- -- (ParVdm)
DRV - File not found [Kernel | Boot] -- -- (PartMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Parport)
DRV - File not found [Kernel | Boot] -- -- (ohci1394)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | System] -- -- (Null)
DRV - File not found [File_System | System] -- -- (Npfs)
DRV - File not found [Kernel | On_Demand] -- -- (NIC1394)
DRV - File not found [Kernel | System] -- -- (NetBT)
DRV - File not found [File_System | System] -- -- (NetBIOS)
DRV - File not found [Kernel | On_Demand] -- -- (NDProxy)
DRV - File not found [Kernel | On_Demand] -- -- (NdisWan)
DRV - File not found [Kernel | On_Demand] -- -- (Ndisuio)
DRV - File not found [Kernel | On_Demand] -- -- (NdisTapi)
DRV - File not found [Kernel | On_Demand] -- -- (NdisIP)
DRV - File not found [Kernel | Boot] -- -- (NDIS)
DRV - File not found [Kernel | On_Demand] -- -- (NABTSFEC)
DRV - File not found [File_System | Boot] -- -- (Mup)
DRV - File not found [Kernel | On_Demand] -- -- (MSTEE)
DRV - File not found [Kernel | On_Demand] -- -- (mssmbios)
DRV - File not found [Kernel | On_Demand] -- -- (MSPQM)
DRV - File not found [Kernel | On_Demand] -- -- (MSPCLOCK)
DRV - File not found [Kernel | On_Demand] -- -- (MSKSSRV)
DRV - File not found [File_System | System] -- -- (Msfs)
DRV - File not found [Kernel | On_Demand] -- -- (MSDV)
DRV - File not found [File_System | System] -- -- (MRxSmb)
DRV - File not found [File_System | On_Demand] -- -- (MRxDAV)
DRV - File not found [Kernel | Boot] -- -- (MountMgr)
DRV - File not found [Kernel | On_Demand] -- -- (mouhid)
DRV - File not found [Kernel | System] -- -- (Mouclass)
DRV - File not found [Kernel | On_Demand] -- -- (Modem)
DRV - File not found [Kernel | System] -- -- (mnmdd)
DRV - File not found [Kernel | On_Demand] -- -- (mcdbus)
DRV - File not found [Kernel | Auto] -- -- (lirsgt)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot] -- -- (KSecDD)
DRV - File not found [Kernel | On_Demand] -- -- (kmixer)
DRV - File not found [Kernel | System] -- -- (kbdhid)
DRV - File not found [Kernel | System] -- -- (Kbdclass)
DRV - File not found [Kernel | Boot] -- -- (isapnp)
DRV - File not found [Kernel | On_Demand] -- -- (IRENUM)
DRV - File not found [Kernel | System] -- -- (IPSec)
DRV - File not found [Kernel | On_Demand] -- -- (IpNat)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IpFilterDriver)
DRV - File not found [Kernel | On_Demand] -- -- (ip6fw)
DRV - File not found [Kernel | On_Demand] -- -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | System] -- -- (Imapi)
DRV - File not found [Kernel | System] -- -- (i8042prt)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (HTTP)
DRV - File not found [Kernel | On_Demand] -- -- (HPZius12)
DRV - File not found [Kernel | On_Demand] -- -- (HPZipr12)
DRV - File not found [Kernel | On_Demand] -- -- (HPZid412)
DRV - File not found [Kernel | On_Demand] -- -- (hidusb)
DRV - File not found [Kernel | On_Demand] -- -- (HDAudBus)
DRV - File not found [Kernel | On_Demand] -- -- (Gpc)
DRV - File not found [Kernel | On_Demand] -- -- (gdrv)
DRV - File not found [Kernel | Boot] -- -- (Ftdisk)
DRV - File not found [Kernel | On_Demand] -- -- (FsUsbExDisk)
DRV - File not found [Recognizer | System] -- -- (Fs_Rec)
DRV - File not found [File_System | Boot] -- -- (FltMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Flpydisk)
DRV - File not found [Kernel | System] -- -- (Fips)
DRV - File not found [Kernel | On_Demand] -- -- (Fdc)
DRV - File not found [Kernel | On_Demand] -- -- (drmkaud)
DRV - File not found [Kernel | On_Demand] -- -- (DMusic)
DRV - File not found [Kernel | Boot] -- -- (dmload)
DRV - File not found [Kernel | Boot] -- -- (dmio)
DRV - File not found [Kernel | Boot] -- -- (Disk)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (Cdrom)
DRV - File not found [Kernel | System] -- -- (Cdaudio)
DRV - File not found [Kernel | On_Demand] -- -- (CCDECODE)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - File not found [Kernel | System] -- -- (AvgTdiX)
DRV - File not found [File_System | System] -- -- (AvgMfx86)
DRV - File not found [Kernel | System] -- -- (AvgLdx86)
DRV - File not found [Kernel | On_Demand] -- -- (Avc)
DRV - File not found [Kernel | On_Demand] -- -- (audstub)
DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc)
DRV - File not found [Kernel | Auto] -- -- (atksgt)
DRV - File not found [Kernel | System] -- -- (atitray)
DRV - File not found [Kernel | On_Demand] -- -- (ati2mtag)
DRV - File not found [Kernel | Boot] -- -- (atapi)
DRV - File not found [Kernel | On_Demand] -- -- (AsyncMac)
DRV - File not found [Kernel | On_Demand] -- -- (Arp1394)
DRV - File not found [Kernel | System] -- -- (AFD)
DRV - File not found [Kernel | On_Demand] -- -- (aec)
DRV - File not found [Kernel | Boot] -- -- (ACPI)
DRV - File not found [Kernel | On_Demand] -- -- (61883)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Eric_Hamelin_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\WINDOWS\System32\ieframe.dll File not found
IE - HKU\Eric_Hamelin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Eric_Hamelin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: H:\Program\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: H:\Program\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: H:\Program\Mozilla Firefox\plugins


Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKU\Eric_Hamelin_ON_C\..\Toolbar\ShellBrowser: (&Adress) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - H:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Eric_Hamelin_ON_C\..\Toolbar\WebBrowser: (&Adress) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - H:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Eric_Hamelin_ON_C\..\Toolbar\WebBrowser: (&Länkar) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - H:\WINDOWS\System32\SHELL32.dll File not found
O4 - HKLM..\Run: [Alcmtr] File not found
O4 - HKLM..\Run: [AlcWzrd] File not found
O4 - HKLM..\Run: [AVG8_TRAY] H:\Program\AVG\AVG8\avgtray.exe File not found
O4 - HKLM..\Run: [RTHDCPL] File not found
O4 - HKLM..\Run: [SoundMan] File not found
O4 - HKLM..\Run: [Start WingMan Profiler] H:\Program\Logitech\Gaming Software\LWEMon.exe File not found
O4 - HKLM..\Run: [StartCCC] i:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE File not found
O4 - HKU\Eric_Hamelin_ON_C..\Run: [AtiTrayTools] H:\Program\Ray Adams\ATI Tray Tools\atitray.exe File not found
O4 - HKU\Eric_Hamelin_ON_C..\Run: [CTFMON.EXE] H:\WINDOWS\System32\ctfmon.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Eric_Hamelin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Eric_Hamelin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - H:\WINDOWS\System32\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - H:\WINDOWS\System32\winrnr.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\WINDOWS\System32\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\WINDOWS\System32\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - H:\WINDOWS\System32\mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://H:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://H:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - H:\WINDOWS\System32\msvidctl.dll File not found
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\WINDOWS\System32\itss.dll File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - H:\WINDOWS\System32\inetcomm.dll File not found
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\WINDOWS\System32\itss.dll File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program\DELADE~1\Skype\SKYPE4~1.DLL File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - H:\WINDOWS\System32\msvidctl.dll File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - H:\WINDOWS\System32\wiascr.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - H:\WINDOWS\System32\SHELL32.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\System32\userinit.exe File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - H:\WINDOWS\System32\dimsntfy.dll File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - H:\WINDOWS\System32\SHELL32.dll File not found
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - H:\WINDOWS\System32\SHELL32.dll File not found
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - H:\WINDOWS\System32\stobject.dll File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - H:\WINDOWS\System32\webcheck.dll File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - H:\WINDOWS\System32\browseui.dll File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - H:\WINDOWS\System32\browseui.dll File not found
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O30 - LSA: Authentication Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (kerberos) - File not found
O30 - LSA: Security Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (schannel) - File not found
O30 - LSA: Security Packages - (wdigest) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========


========== Files - Modified Within 30 Days ==========


========== LOP Check ==========


========== Purity Check ==========



========== Custom Scans ==========


< H:\*.* >
[2010/05/18 20:26:09 | 000,065,424 | ---- | M] () -- H:\OTL.Txt
[2009/12/28 10:37:24 | 041,943,040 | -HS- | M] () -- H:\PAGEFILE.SYS

< H:\* >
[2010/05/18 20:26:09 | 000,065,424 | ---- | M] () -- H:\OTL.Txt
[2009/12/28 10:37:24 | 041,943,040 | -HS- | M] () -- H:\PAGEFILE.SYS

< I:\Program >

< I:\Program Files >

< H:\Windows >
< End of report >


#12 Eric2378

Eric2378
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 19 May 2010 - 01:33 PM

Result of scans on C: (OTLs C:, which is actually my H: drive...)


You told me to click "None", but I don't know which None you are referring to...


OTL logfile created on: 5/19/2010 8:53:06 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program
Drive C: | 24.41 Gb Total Space | 8.00 Gb Free Space | 32.78% Space Free | Partition Type: NTFS
Drive D: | 244.14 Gb Total Space | 87.11 Gb Free Space | 35.68% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 4.69 Gb Free Space | 2.01% Space Free | Partition Type: NTFS
Drive F: | 97.65 Gb Total Space | 39.81 Gb Free Space | 40.76% Space Free | Partition Type: NTFS
Drive G: | 343.68 Gb Total Space | 43.25 Gb Free Space | 12.58% Space Free | Partition Type: NTFS
Drive H: | 221.61 Gb Total Space | 13.27 Gb Free Space | 5.99% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (xmlprov)
SRV - File not found [Auto] -- -- (WZCSVC)
SRV - File not found [Auto] -- -- (wscsvc)
SRV - File not found [On_Demand] -- -- (WmiApSrv)
SRV - File not found [On_Demand] -- -- (Wmi)
SRV - File not found [On_Demand] -- -- (WmdmPmSN)
SRV - File not found [Auto] -- -- (winmgmt)
SRV - File not found [Auto] -- -- (WebClient)
SRV - File not found [Auto] -- -- (W32Time)
SRV - File not found [On_Demand] -- -- (VSS)
SRV - File not found [On_Demand] -- -- (UPS)
SRV - File not found [On_Demand] -- -- (upnphost)
SRV - File not found [Auto] -- -- (UleadBurningHelper)
SRV - File not found [Auto] -- -- (TrkWks)
SRV - File not found [On_Demand] -- -- (TlntSvr)
SRV - File not found [Auto] -- -- (Themes)
SRV - File not found [On_Demand] -- -- (TermService)
SRV - File not found [On_Demand] -- -- (TapiSrv)
SRV - File not found [On_Demand] -- -- (SysmonLog)
SRV - File not found [On_Demand] -- -- (SwPrv)
SRV - File not found [Auto] -- -- (stisvc) WIA (Windows Image Acquisition)
SRV - File not found [Disabled] -- -- (SSDPSRV)
SRV - File not found [Auto] -- -- (srservice)
SRV - File not found [Auto] -- -- (Spooler)
SRV - File not found [Auto] -- -- (ShellHWDetection)
SRV - File not found [Auto] -- -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - File not found [On_Demand] -- -- (ServiceLayer)
SRV - File not found [Auto] -- -- (SENS)
SRV - File not found [Auto] -- -- (seclogon)
SRV - File not found [Auto] -- -- (Schedule)
SRV - File not found [On_Demand] -- -- (SCardSvr)
SRV - File not found [Auto] -- -- (SamSs)
SRV - File not found [On_Demand] -- -- (RSVP)
SRV - File not found [Auto] -- -- (RpcSs) Remote Procedure Call (RPC)
SRV - File not found [On_Demand] -- -- (RpcLocator) Remote Procedure Call (RPC)
SRV - File not found [Auto] -- -- (RemoteRegistry)
SRV - File not found [Disabled] -- -- (RemoteAccess)
SRV - File not found [On_Demand] -- -- (RDSessMgr)
SRV - File not found [On_Demand] -- -- (RasMan)
SRV - File not found [On_Demand] -- -- (RasAuto)
SRV - File not found [Auto] -- -- (ProtectedStorage)
SRV - File not found [Auto] -- -- (PolicyAgent)
SRV - File not found [Auto] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto] -- -- (PlugPlay)
SRV - File not found [On_Demand] -- -- (ose)
SRV - File not found [On_Demand] -- -- (NtmsSvc)
SRV - File not found [On_Demand] -- -- (NtLmSsp)
SRV - File not found [On_Demand] -- -- (Nla) Network Location Awareness (NLA)
SRV - File not found [Disabled] -- -- (NetTcpPortSharing)
SRV - File not found [On_Demand] -- -- (Netman)
SRV - File not found [On_Demand] -- -- (Netlogon)
SRV - File not found [Disabled] -- -- (NetDDEdsdm)
SRV - File not found [Disabled] -- -- (NetDDE)
SRV - File not found [Auto] -- -- (Net Driver HPZ12)
SRV - File not found [On_Demand] -- -- (napagent)
SRV - File not found [On_Demand] -- -- (MSIServer)
SRV - File not found [On_Demand] -- -- (MSDTC)
SRV - File not found [On_Demand] -- -- (mnmsrvc)
SRV - File not found [Disabled] -- -- (Messenger)
SRV - File not found [Auto] -- -- (LmHosts)
SRV - File not found [Auto] -- -- (lanmanworkstation)
SRV - File not found [Auto] -- -- (lanmanserver)
SRV - File not found [Auto] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand] -- -- (ImapiService)
SRV - File not found [On_Demand] -- -- (idsvc)
SRV - File not found [On_Demand] -- -- (HTTPFilter)
SRV - File not found [Auto] -- -- (hpqddsvc)
SRV - File not found [On_Demand] -- -- (hpqcxs08)
SRV - File not found [Auto] -- -- (hpdj)
SRV - File not found [On_Demand] -- -- (hkmsvc)
SRV - File not found [Auto] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (getPlus® Helper) getPlus®
SRV - File not found [Auto] -- -- (FsUsbExService)
SRV - File not found [On_Demand] -- -- (FontCache3.0.0.0)
SRV - File not found [On_Demand] -- -- (FastUserSwitchingCompatibility)
SRV - File not found [On_Demand] -- -- (EventSystem)
SRV - File not found [Auto] -- -- (Eventlog)
SRV - File not found [Auto] -- -- (ERSvc)
SRV - File not found [On_Demand] -- -- (EapHost) EAP-tjänsten (Extensible Authentication Protocol)
SRV - File not found [On_Demand] -- -- (Dot3svc)
SRV - File not found [Auto] -- -- (Dnscache)
SRV - File not found [Auto] -- -- (dmserver)
SRV - File not found [On_Demand] -- -- (dmadmin)
SRV - File not found [Auto] -- -- (Dhcp)
SRV - File not found [Auto] -- -- (DcomLaunch)
SRV - File not found [On_Demand] -- -- (DAUpdaterSvc)
SRV - File not found [Auto] -- -- (CryptSvc)
SRV - File not found [On_Demand] -- -- (COMSysApp)
SRV - File not found [On_Demand] -- -- (clr_optimization_v2.0.50727_32)
SRV - File not found [On_Demand] -- -- (ClipSrv)
SRV - File not found [On_Demand] -- -- (CiSvc)
SRV - File not found [Auto] -- -- (Browser)
SRV - File not found [On_Demand] -- -- (BITS)
SRV - File not found [Auto] -- -- (avg8wd)
SRV - File not found [Auto] -- -- (avg8emc)
SRV - File not found [Auto] -- -- (AudioSrv)
SRV - File not found [Auto] -- -- (ATI Smart)
SRV - File not found [Auto] -- -- (Ati HotKey Poller)
SRV - File not found [On_Demand] -- -- (aspnet_state)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - File not found [On_Demand] -- -- (ALG)
SRV - File not found [Disabled] -- -- (Alerter)
SRV - [2008/04/14 12:04:56 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 12:04:47 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (xusb21)
DRV - File not found [Kernel | On_Demand] -- -- (WSTCODEC)
DRV - File not found [Kernel | On_Demand] -- -- (WmXlCore)
DRV - File not found [Kernel | On_Demand] -- -- (WmVirHid)
DRV - File not found [Kernel | System] -- -- (WmiAcpi)
DRV - File not found [Kernel | On_Demand] -- -- (WmFilter)
DRV - File not found [Kernel | On_Demand] -- -- (WmBEnum)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock)
DRV - File not found [Kernel | On_Demand] -- -- (wdmaud)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (Wdf01000)
DRV - File not found [Kernel | On_Demand] -- -- (Wanarp)
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | System] -- -- (VgaSave)
DRV - File not found [Kernel | On_Demand] -- -- (usbstor)
DRV - File not found [Kernel | On_Demand] -- -- (usbscan)
DRV - File not found [Kernel | On_Demand] -- -- (usbprint)
DRV - File not found [Kernel | On_Demand] -- -- (usbohci)
DRV - File not found [Kernel | On_Demand] -- -- (usbhub) Drivrutin för Microsoft USB-standardnav (hub)
DRV - File not found [Kernel | On_Demand] -- -- (usbehci)
DRV - File not found [Kernel | On_Demand] -- -- (usbccgp)
DRV - File not found [Kernel | On_Demand] -- -- (Update)
DRV - File not found [Kernel | On_Demand] -- -- (umpusbxp)
DRV - File not found [Kernel | System] -- -- (TermDD)
DRV - File not found [Kernel | On_Demand] -- -- (TDTCP)
DRV - File not found [Kernel | On_Demand] -- -- (TDPIPE)
DRV - File not found [Kernel | System] -- -- (Tcpip)
DRV - File not found [Kernel | On_Demand] -- -- (sysaudio)
DRV - File not found [Kernel | On_Demand] -- -- (swmidi)
DRV - File not found [Kernel | On_Demand] -- -- (swenum)
DRV - File not found [Kernel | On_Demand] -- -- (streamip)
DRV - File not found [Kernel | On_Demand] -- -- (sscdmdm)
DRV - File not found [Kernel | On_Demand] -- -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand] -- -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - File not found [File_System | On_Demand] -- -- (Srv)
DRV - File not found [File_System | Boot] -- -- (sr)
DRV - File not found [Kernel | Boot] -- -- (sptd)
DRV - File not found [Kernel | On_Demand] -- -- (splitter)
DRV - File not found [Kernel | On_Demand] -- -- (SLIP)
DRV - File not found [Kernel | System] -- -- (Sfloppy)
DRV - File not found [Kernel | System] -- -- (Serial)
DRV - File not found [Kernel | On_Demand] -- -- (serenum)
DRV - File not found [Kernel | On_Demand] -- -- (Secdrv)
DRV - File not found [Kernel | On_Demand] -- -- (SaiU0109)
DRV - File not found [Kernel | On_Demand] -- -- (SaiNtBus)
DRV - File not found [Kernel | On_Demand] -- -- (SaiMini)
DRV - File not found [Kernel | On_Demand] -- -- (SaiH0109)
DRV - File not found [Kernel | On_Demand] -- -- (RTLE8023xp)
DRV - File not found [Kernel | On_Demand] -- -- (RTHDMIAzAudService)
DRV - File not found [Kernel | System] -- -- (redbook)
DRV - File not found [Kernel | On_Demand] -- -- (RDPWD)
DRV - File not found [Kernel | On_Demand] -- -- (rdpdr)
DRV - File not found [Kernel | System] -- -- (RDPCDD)
DRV - File not found [File_System | System] -- -- (Rdbss)
DRV - File not found [Kernel | On_Demand] -- -- (Raspti)
DRV - File not found [Kernel | On_Demand] -- -- (RasPppoe)
DRV - File not found [Kernel | On_Demand] -- -- (Rasl2tp) WAN Miniport (L2TP)
DRV - File not found [Kernel | System] -- -- (RasAcd)
DRV - File not found [Kernel | On_Demand] -- -- (Ptilink)
DRV - File not found [Kernel | On_Demand] -- -- (PSched)
DRV - File not found [Kernel | System] -- -- (Processor)
DRV - File not found [Kernel | On_Demand] -- -- (PptpMiniport) WAN Miniport (PPTP)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | Boot] -- -- (PCIIde)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- -- (PCI)
DRV - File not found [Kernel | Auto] -- -- (ParVdm)
DRV - File not found [Kernel | Boot] -- -- (PartMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Parport)
DRV - File not found [Kernel | Boot] -- -- (ohci1394)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | System] -- -- (Null)
DRV - File not found [File_System | System] -- -- (Npfs)
DRV - File not found [Kernel | On_Demand] -- -- (NIC1394)
DRV - File not found [Kernel | System] -- -- (NetBT)
DRV - File not found [File_System | System] -- -- (NetBIOS)
DRV - File not found [Kernel | On_Demand] -- -- (NDProxy)
DRV - File not found [Kernel | On_Demand] -- -- (NdisWan)
DRV - File not found [Kernel | On_Demand] -- -- (Ndisuio)
DRV - File not found [Kernel | On_Demand] -- -- (NdisTapi)
DRV - File not found [Kernel | On_Demand] -- -- (NdisIP)
DRV - File not found [Kernel | Boot] -- -- (NDIS)
DRV - File not found [Kernel | On_Demand] -- -- (NABTSFEC)
DRV - File not found [File_System | Boot] -- -- (Mup)
DRV - File not found [Kernel | On_Demand] -- -- (MSTEE)
DRV - File not found [Kernel | On_Demand] -- -- (mssmbios)
DRV - File not found [Kernel | On_Demand] -- -- (MSPQM)
DRV - File not found [Kernel | On_Demand] -- -- (MSPCLOCK)
DRV - File not found [Kernel | On_Demand] -- -- (MSKSSRV)
DRV - File not found [File_System | System] -- -- (Msfs)
DRV - File not found [Kernel | On_Demand] -- -- (MSDV)
DRV - File not found [File_System | System] -- -- (MRxSmb)
DRV - File not found [File_System | On_Demand] -- -- (MRxDAV)
DRV - File not found [Kernel | Boot] -- -- (MountMgr)
DRV - File not found [Kernel | On_Demand] -- -- (mouhid)
DRV - File not found [Kernel | System] -- -- (Mouclass)
DRV - File not found [Kernel | On_Demand] -- -- (Modem)
DRV - File not found [Kernel | System] -- -- (mnmdd)
DRV - File not found [Kernel | On_Demand] -- -- (mcdbus)
DRV - File not found [Kernel | Auto] -- -- (lirsgt)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot] -- -- (KSecDD)
DRV - File not found [Kernel | On_Demand] -- -- (kmixer)
DRV - File not found [Kernel | System] -- -- (kbdhid)
DRV - File not found [Kernel | System] -- -- (Kbdclass)
DRV - File not found [Kernel | Boot] -- -- (isapnp)
DRV - File not found [Kernel | On_Demand] -- -- (IRENUM)
DRV - File not found [Kernel | System] -- -- (IPSec)
DRV - File not found [Kernel | On_Demand] -- -- (IpNat)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IpFilterDriver)
DRV - File not found [Kernel | On_Demand] -- -- (ip6fw)
DRV - File not found [Kernel | On_Demand] -- -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | System] -- -- (Imapi)
DRV - File not found [Kernel | System] -- -- (i8042prt)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (HTTP)
DRV - File not found [Kernel | On_Demand] -- -- (HPZius12)
DRV - File not found [Kernel | On_Demand] -- -- (HPZipr12)
DRV - File not found [Kernel | On_Demand] -- -- (HPZid412)
DRV - File not found [Kernel | On_Demand] -- -- (hidusb)
DRV - File not found [Kernel | On_Demand] -- -- (HDAudBus)
DRV - File not found [Kernel | On_Demand] -- -- (Gpc)
DRV - File not found [Kernel | On_Demand] -- -- (gdrv)
DRV - File not found [Kernel | Boot] -- -- (Ftdisk)
DRV - File not found [Kernel | On_Demand] -- -- (FsUsbExDisk)
DRV - File not found [Recognizer | System] -- -- (Fs_Rec)
DRV - File not found [File_System | Boot] -- -- (FltMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Flpydisk)
DRV - File not found [Kernel | System] -- -- (Fips)
DRV - File not found [Kernel | On_Demand] -- -- (Fdc)
DRV - File not found [Kernel | On_Demand] -- -- (drmkaud)
DRV - File not found [Kernel | On_Demand] -- -- (DMusic)
DRV - File not found [Kernel | Boot] -- -- (dmload)
DRV - File not found [Kernel | Boot] -- -- (dmio)
DRV - File not found [Kernel | Boot] -- -- (Disk)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (Cdrom)
DRV - File not found [Kernel | System] -- -- (Cdaudio)
DRV - File not found [Kernel | On_Demand] -- -- (CCDECODE)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - File not found [Kernel | System] -- -- (AvgTdiX)
DRV - File not found [File_System | System] -- -- (AvgMfx86)
DRV - File not found [Kernel | System] -- -- (AvgLdx86)
DRV - File not found [Kernel | On_Demand] -- -- (Avc)
DRV - File not found [Kernel | On_Demand] -- -- (audstub)
DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc)
DRV - File not found [Kernel | Auto] -- -- (atksgt)
DRV - File not found [Kernel | System] -- -- (atitray)
DRV - File not found [Kernel | On_Demand] -- -- (ati2mtag)
DRV - File not found [Kernel | Boot] -- -- (atapi)
DRV - File not found [Kernel | On_Demand] -- -- (AsyncMac)
DRV - File not found [Kernel | On_Demand] -- -- (Arp1394)
DRV - File not found [Kernel | System] -- -- (AFD)
DRV - File not found [Kernel | On_Demand] -- -- (aec)
DRV - File not found [Kernel | Boot] -- -- (ACPI)
DRV - File not found [Kernel | On_Demand] -- -- (61883)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Eric_Hamelin_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\WINDOWS\System32\ieframe.dll File not found
IE - HKU\Eric_Hamelin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Eric_Hamelin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: H:\Program\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: H:\Program\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: H:\Program\Mozilla Firefox\plugins


Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKU\Eric_Hamelin_ON_C\..\Toolbar\ShellBrowser: (&Adress) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - H:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Eric_Hamelin_ON_C\..\Toolbar\WebBrowser: (&Adress) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - H:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Eric_Hamelin_ON_C\..\Toolbar\WebBrowser: (&Länkar) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - H:\WINDOWS\System32\SHELL32.dll File not found
O4 - HKLM..\Run: [Alcmtr] File not found
O4 - HKLM..\Run: [AlcWzrd] File not found
O4 - HKLM..\Run: [AVG8_TRAY] H:\Program\AVG\AVG8\avgtray.exe File not found
O4 - HKLM..\Run: [RTHDCPL] File not found
O4 - HKLM..\Run: [SoundMan] File not found
O4 - HKLM..\Run: [Start WingMan Profiler] H:\Program\Logitech\Gaming Software\LWEMon.exe File not found
O4 - HKLM..\Run: [StartCCC] i:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE File not found
O4 - HKU\Eric_Hamelin_ON_C..\Run: [AtiTrayTools] H:\Program\Ray Adams\ATI Tray Tools\atitray.exe File not found
O4 - HKU\Eric_Hamelin_ON_C..\Run: [CTFMON.EXE] H:\WINDOWS\System32\ctfmon.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Eric_Hamelin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Eric_Hamelin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - H:\WINDOWS\System32\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - H:\WINDOWS\System32\winrnr.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\WINDOWS\System32\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\WINDOWS\System32\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - H:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - H:\WINDOWS\System32\mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://H:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://H:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - H:\WINDOWS\System32\msvidctl.dll File not found
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\WINDOWS\System32\itss.dll File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - H:\WINDOWS\System32\inetcomm.dll File not found
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program\DELADE~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\WINDOWS\System32\itss.dll File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program\DELADE~1\Skype\SKYPE4~1.DLL File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - H:\WINDOWS\System32\msvidctl.dll File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - H:\WINDOWS\System32\wiascr.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - H:\WINDOWS\System32\SHELL32.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\System32\userinit.exe File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - H:\WINDOWS\System32\dimsntfy.dll File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - H:\WINDOWS\System32\SHELL32.dll File not found
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - H:\WINDOWS\System32\SHELL32.dll File not found
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - H:\WINDOWS\System32\stobject.dll File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - H:\WINDOWS\System32\webcheck.dll File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - H:\WINDOWS\System32\browseui.dll File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - H:\WINDOWS\System32\browseui.dll File not found
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O30 - LSA: Authentication Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (kerberos) - File not found
O30 - LSA: Security Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (schannel) - File not found
O30 - LSA: Security Packages - (wdigest) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========


========== Files - Modified Within 30 Days ==========


========== LOP Check ==========


========== Purity Check ==========



========== Custom Scans ==========


< c:\windows >

< c:\*.* >
[2009/02/14 07:42:32 | 000,000,000 | ---- | M] () -- c:\AdobeDebug.txt
[2009/01/14 16:23:39 | 000,000,193 | ---- | M] () -- c:\Boot.bak
[2010/05/13 07:25:01 | 000,000,264 | RHS- | M] () -- c:\boot.ini
[2002/09/11 08:00:00 | 000,004,952 | RHS- | M] () -- c:\Bootfont.bin
[2004/08/03 17:00:18 | 000,260,784 | ---- | M] () -- c:\cmldr
[2009/01/12 16:24:44 | 000,000,086 | ---- | M] () -- c:\csb.log
[2009/06/21 07:48:48 | 000,017,173 | ---- | M] () -- c:\hpfr5600.log
[2009/05/09 03:45:02 | 000,000,000 | RHS- | M] () -- c:\IO.SYS
[2009/06/23 17:07:27 | 000,000,000 | ---- | M] () -- c:\Log.txt
[2009/05/09 03:45:02 | 000,000,000 | RHS- | M] () -- c:\MSDOS.SYS
[2009/01/12 15:46:42 | 000,047,564 | RHS- | M] () -- c:\NTDETECT.COM
[2009/08/07 13:00:08 | 000,250,560 | RHS- | M] () -- c:\ntldr
[2010/05/19 13:29:53 | 2145,386,496 | -HS- | M] () -- c:\pagefile.sys
[2009/01/08 14:39:59 | 000,000,933 | ---- | M] () -- c:\RHDSetup.log
[2010/05/15 15:47:37 | 000,000,325 | ---- | M] () -- c:\rkill.log
[2010/05/14 18:13:57 | 000,083,498 | ---- | M] () -- c:\TDSSKiller.2.2.8.1_15.05.2010_00.13.56_log.txt
[2010/05/14 18:14:04 | 000,083,498 | ---- | M] () -- c:\TDSSKiller.2.2.8.1_15.05.2010_00.14.03_log.txt
[2010/05/14 18:14:45 | 000,083,498 | ---- | M] () -- c:\TDSSKiller.2.2.8.1_15.05.2010_00.14.45_log.txt
[2010/05/14 18:22:10 | 000,075,962 | ---- | M] () -- c:\TDSSKiller.2.2.8.1_15.05.2010_00.22.09_log.txt

< c:\* >
[2009/02/14 07:42:32 | 000,000,000 | ---- | M] () -- c:\AdobeDebug.txt
[2009/01/14 16:23:39 | 000,000,193 | ---- | M] () -- c:\Boot.bak
[2010/05/13 07:25:01 | 000,000,264 | RHS- | M] () -- c:\boot.ini
[2002/09/11 08:00:00 | 000,004,952 | RHS- | M] () -- c:\Bootfont.bin
[2004/08/03 17:00:18 | 000,260,784 | ---- | M] () -- c:\cmldr
[2009/01/12 16:24:44 | 000,000,086 | ---- | M] () -- c:\csb.log
[2009/06/21 07:48:48 | 000,017,173 | ---- | M] () -- c:\hpfr5600.log
[2009/05/09 03:45:02 | 000,000,000 | RHS- | M] () -- c:\IO.SYS
[2009/06/23 17:07:27 | 000,000,000 | ---- | M] () -- c:\Log.txt
[2009/05/09 03:45:02 | 000,000,000 | RHS- | M] () -- c:\MSDOS.SYS
[2009/01/12 15:46:42 | 000,047,564 | RHS- | M] () -- c:\NTDETECT.COM
[2009/08/07 13:00:08 | 000,250,560 | RHS- | M] () -- c:\ntldr
[2010/05/19 13:29:53 | 2145,386,496 | -HS- | M] () -- c:\pagefile.sys
[2009/01/08 14:39:59 | 000,000,933 | ---- | M] () -- c:\RHDSetup.log
[2010/05/15 15:47:37 | 000,000,325 | ---- | M] () -- c:\rkill.log
[2010/05/14 18:13:57 | 000,083,498 | ---- | M] () -- c:\TDSSKiller.2.2.8.1_15.05.2010_00.13.56_log.txt
[2010/05/14 18:14:04 | 000,083,498 | ---- | M] () -- c:\TDSSKiller.2.2.8.1_15.05.2010_00.14.03_log.txt
[2010/05/14 18:14:45 | 000,083,498 | ---- | M] () -- c:\TDSSKiller.2.2.8.1_15.05.2010_00.14.45_log.txt
[2010/05/14 18:22:10 | 000,075,962 | ---- | M] () -- c:\TDSSKiller.2.2.8.1_15.05.2010_00.22.09_log.txt

< f:\Program >

< f:\Program Files >
< End of report >

Edited by Eric2378, 19 May 2010 - 01:35 PM.


#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:06 PM

Posted 19 May 2010 - 03:11 PM

Okay, I'm going to consult with some colleagues, maybe I can scare up the developer and we can see what is going on here.
Posted Image
m0le is a proud member of UNITE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:06 PM

Posted 19 May 2010 - 03:55 PM

Okay, an idea from the brilliant elise. hug.gif

Rename c:\boot.ini to c:\boot.bak

Boot into the OTLPE environment and it should prompt you by asking you which folder you would like to open. Choose the Windows folder and then rerun the original scan I asked for.

Before you boot back into the normal mode you must rename the boot.bak file back to boot.ini otherwise you will not be able to boot the machine normally.
Posted Image
m0le is a proud member of UNITE

#15 Eric2378

Eric2378
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 19 May 2010 - 05:05 PM

What about H:\boot.ini ?

I found a C:\boot.ini as well, which one does Windows use to boot my machine normally, I assume the one on the H: drive, which is my Windows partition... Does OTL use the one on the C: partition? Can I just change that one and leave the one on the H: partition alone? Will that accomplish our goal?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users