Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant reboot in Safe mode and have no XP CD


  • This topic is locked This topic is locked
63 replies to this topic

#1 steve1509

steve1509

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 19 May 2010 - 02:10 AM

Hi There

This morning I got what seems like an AVG message saying that I had a number of serious virus type errors on my ACER laptop

A pop up arrived sayibng the system was shutting down to protect.

I couldnt stop this and the laptop shut down

I tried to start in safe mode so I could run Malware Bytes and Rkill but could not get into safe mode

the usual choose mode screen (safe mode/Safe mode with networking/safe mode with command prompt etc) but it just goes back to the same screen over and over

I do not have the XP CD

Can anyone help?

I am running XP professional

EDIT: Moved from XP to more appropriate Am I Infected forum ~ Hamluis.

Edited by hamluis, 19 May 2010 - 09:58 AM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 19 May 2010 - 04:47 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

Please do this......
  • Download OTLPE Network from either location and save it to your desktop:

    http://oldtimer.geekstogo.com/OTLPENet.exe
    http://ottools.noahdfear.net/OTLPENet.exe

  • Double click the OTLPENet icon on your desktop
  • "Do you want to burn the CD?" choose Yes
  • ImgBurn will automatically extract and load the OTLPENet Iso to be burned to CD
  • Place a blank CD in your CD-Rom
  • Click to start the burn process
  • You will see a dialog "Operation successfully completed"
  • Boot the non-working computer using the boot CD you just created
  • In order to do so, the computer must be set to boot from the CD first

    Note : For information click here

  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start
  • Copy and Paste the following code into the textbox. Do not include the word "Code"

    Please note: Double click the Firefox Icon on the desktop to connect to this thread if you have a Wired connection otherwise you can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  • Push
  • When finished, the file will be saved in drive C:\OTL.txt
  • Please post the contents of the C:\OTL.txt file in your next reply.
  • Copy this file to your USB drive if you do not have an internet connection.

Kind regards,
~ t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 steve1509

steve1509
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 22 May 2010 - 01:38 AM


Hi thcbytes

MANY THANKS FOR YOUR HELP

Here is the log


OTL logfile created on: 5/22/2010 9:17:47 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 795.00 Mb Available Physical Memory | 78.00% Memory free
902.00 Mb Paging File | 828.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.20 Gb Total Space | 29.00 Gb Free Space | 54.52% Space Free | Partition Type: FAT32
Drive D: | 53.69 Gb Total Space | 53.68 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive E: | 244.70 Mb Total Space | 11.02 Mb Free Space | 4.50% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/05/19 21:16:08 | 000,025,088 | ---- | M] () [Auto] -- C:\WINDOWS\system\svchost.exe -- (svchost)
SRV - [2010/03/14 10:32:10 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/14 10:32:06 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/24 23:51:36 | 000,138,680 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 23:51:22 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 23:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 23:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () [Auto] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () [Auto] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2006/04/06 19:30:46 | 000,086,016 | ---- | M] (Logitech) [Auto] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/04/22 08:29:12 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/14 10:32:14 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/14 10:32:04 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/24 23:51:00 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 23:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 23:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 23:49:08 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 23:48:58 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 23:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2006/07/06 04:28:42 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2006/06/28 01:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/06 19:30:46 | 002,400,128 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2006/04/06 19:30:46 | 000,016,768 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2006/04/06 03:46:42 | 001,097,472 | ---- | M] (Logitech) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2006/04/06 03:42:54 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/02/07 16:17:40 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/01/23 12:41:42 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/01/23 12:41:04 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2006/01/23 12:41:04 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/17 17:20:12 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2005/11/17 17:20:08 | 000,074,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2005/11/17 17:20:02 | 000,060,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2005/10/31 14:16:00 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2005/10/31 14:16:00 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/10/24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/07/20 14:53:54 | 000,190,592 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2004/12/17 16:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/08/04 05:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 05:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2004/08/04 05:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2004/08/04 05:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2004/08/04 05:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2004/08/04 05:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 05:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 05:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 05:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2004/08/04 05:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 05:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 05:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2004/08/04 05:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =



IE - HKU\Steve_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com
IE - HKU\Steve_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com/
IE - HKU\Steve_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\Steve_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555




O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Steve_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Steve_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Steve_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\disallowrun: 1 = firefox.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\disallowrun: 2 = opera.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\disallowrun: 3 = chrome.exe
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steve_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (logon.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O27 - HKLM IFEO\RapportMgmtService.exe: Debugger - ZASRAKOMONDOHUI31338.EXE File not found
O27 - HKLM IFEO\RapportService.exe: Debugger - ZASRAKOMONDOHUI31338.EXE File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/06 04:28:58 | 000,000,150 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/01/10 09:34:24 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0



ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/19 04:41:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2010/05/19 04:41:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\IETldCache
[2010/05/19 04:41:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2010/05/04 05:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\hwiehwwtq
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/20 04:41:26 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Steve\NTUSER.DAT
[2010/05/20 04:41:26 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/05/20 04:41:26 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/05/20 04:41:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/20 04:41:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/20 04:41:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Steve\ntuser.ini
[2010/05/20 04:40:48 | 004,306,808 | -H-- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\IconCache.db
[2010/05/20 04:40:34 | 000,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/20 04:40:34 | 000,000,229 | RHS- | M] () -- C:\boot.ini
[2010/05/20 04:40:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/19 21:16:08 | 000,025,088 | ---- | M] () -- C:\WINDOWS\System\svchost.exe
[2010/05/19 21:15:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/19 21:15:44 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010/05/19 21:12:32 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/15 11:24:52 | 000,023,332 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\365 report.docx
[2010/05/14 12:01:30 | 000,471,552 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\ManagementReportProposal-DftII.doc
[2010/05/04 05:50:06 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/19 21:16:08 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System\svchost.exe
[2010/05/15 11:24:50 | 000,023,332 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\365 report.docx
[2010/05/14 12:01:29 | 000,471,552 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\ManagementReportProposal-DftII.doc
[2010/05/04 19:42:51 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/05 21:01:33 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/12/23 13:09:57 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/22 17:23:49 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2009/12/22 17:21:59 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\fusioncache.dat
[2009/12/22 17:20:51 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009/12/22 17:20:32 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\Steve\Installer.log
[2009/12/22 17:19:23 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/12/22 17:13:23 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\Steve\ntuser.dat.LOG
[2009/12/22 17:13:23 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Steve\ntuser.ini
[2009/12/22 17:13:22 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Steve\NTUSER.DAT
[2009/12/22 10:02:20 | 000,013,227 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/07/06 12:47:54 | 000,786,432 | ---- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2006/07/06 04:47:54 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2006/07/06 04:47:54 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2006/07/06 04:47:54 | 000,057,344 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2006/07/06 04:47:54 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/07/06 04:47:54 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2006/07/06 04:47:46 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2006/07/06 04:29:22 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/07/06 04:28:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/07/06 04:28:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/07/06 04:28:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/07/06 04:28:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/07/06 04:25:00 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
[2006/05/13 14:18:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
[2006/04/06 19:30:46 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2006/04/06 19:30:46 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2006/04/01 12:24:50 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2005/12/27 15:50:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2005/12/27 15:50:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2005/12/27 15:50:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2005/12/27 15:50:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2005/12/27 15:50:26 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/11/29 13:12:38 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/10/31 18:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005/01/10 11:23:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/10 09:55:42 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2005/01/10 09:55:42 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2004/12/17 16:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/13 13:49:44 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2006/05/13 14:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acer
[2006/05/13 14:22:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer
[2006/05/13 14:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Acer
[2009/12/22 23:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Azureus
[2010/01/03 16:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Research In Motion
[2010/01/16 06:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Windows Desktop Search
[2010/01/28 07:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

< %SYSTEMDRIVE%\*.exe >
[2009/07/15 17:30:46 | 000,028,672 | R--- | M] (Microsoft Corporation) -- C:\setupSNK.exe


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/01/10 09:40:40 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2005/01/10 09:40:40 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/01/10 09:40:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 17:46:58 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2008/06/17 19:02:20 | 008,461,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[2010/02/25 07:24:36 | 001,985,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/14 05:42:04 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/04/14 05:42:02 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2010/02/25 11:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< CREATERESTOREPOINT >
< End of report >

Edited by steve1509, 22 May 2010 - 02:26 AM.


#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 22 May 2010 - 03:05 PM

Hello,

Well done. thumbup2.gif

Your welcome.

Please do this....
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL
    IE - HKU\Steve_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\Steve_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O20 - HKLM Winlogon: Shell - (logon.exe) - File not found
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
    O27 - HKLM IFEO\RapportMgmtService.exe: Debugger - ZASRAKOMONDOHUI31338.EXE File not found
    O27 - HKLM IFEO\RapportService.exe: Debugger - ZASRAKOMONDOHUI31338.EXE File not found
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    [2010/05/19 04:41:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
    [2010/05/04 05:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\hwiehwwtq
    [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

==========

Are you able to boot into Windows? If not please do this....

We need to run an OTL Custom Scan
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon /rs
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon /rs
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  3. Push
  4. A report will open. Copy and Paste that report in your next reply.

==========

With your next post please provide:

* OTL fix log
* Are you able to boot?
* OTL.txt

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 steve1509

steve1509
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 23 May 2010 - 02:28 AM

Hi TCHBYTES


Heres what I got as a report, it did ask if I wanted to reboot, I clicked yes but got a windonws bubble saying that windows/system32/otple.exe.tmp was corrupt, then would not reboot


:OTL
IE - HKU\Steve_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Steve_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O20 - HKLM Winlogon: Shell - (logon.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
O27 - HKLM IFEO\RapportMgmtService.exe: Debugger - ZASRAKOMONDOHUI31338.EXE File not found
O27 - HKLM IFEO\RapportService.exe: Debugger - ZASRAKOMONDOHUI31338.EXE File not found
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
[2010/05/19 04:41:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2010/05/04 05:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\hwiehwwtq
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:Commands
[resethosts]
[emptytemp]
[Reboot]

I manually restarted it though and just got the same skin as last time with reatogo-x-pe

Edited by steve1509, 23 May 2010 - 03:01 AM.


#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 23 May 2010 - 09:32 PM

Hi,

Your response is confusing. You posted the script I created for you. I asked you to run a very specifc scan if after the fix was completed you were unable to boot normally into Windows. It does not appear that you did that either.

So please take your time and clarify a few things for me. thumbup2.gif
  • When you ran the OTL fix did you accidentally press "Run Scan" instead of "Run Fix"???
  • Since you were unable to boot into Windows normally after the OTL fix did you run the custom OTL scan I requested?
  • If you did do you have the log for my perusal?

If you boot into Reatogo-X you will find all the logs at C:\_OTL.

Please answer my questions and I will guide you from there.

Thanks,
~ t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 steve1509

steve1509
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 23 May 2010 - 10:44 PM

Sorry T

Here is the log, I posted the wrong thing

========== OTL ==========
Registry value HKEY_USERS\Steve_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\Steve_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:logon.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe\ deleted successfully.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
C:\WINDOWS\System32\lowsec folder moved successfully.
C:\Documents and Settings\Steve\Local Settings\Application Data\hwiehwwtq folder moved successfully.
C:\WINDOWS\System32\SETA1.tmp deleted successfully.
C:\WINDOWS\System32\1B.tmp deleted successfully.
C:\WINDOWS\System32\SETF3.tmp deleted successfully.
C:\WINDOWS\System32\SETF1.tmp deleted successfully.
C:\WINDOWS\System32\SETA6.tmp deleted successfully.
C:\WINDOWS\System32\SET9F.tmp deleted successfully.
C:\WINDOWS\System32\SETAD.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SETAF.tmp deleted successfully.
C:\WINDOWS\System32\SETF6.tmp deleted successfully.
C:\WINDOWS\002925_.tmp deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 24 May 2010 - 06:29 AM

Thanks.

Let's continue...

We need to run an OTL Custom Scan
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon /rs
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon /rs
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  3. Push
  4. A report will open. Copy and Paste that report in your next reply.
==========

Next....
  • Start button (lower left screen)
  • Run
  • Type this in the run box and press enter

chkdsk C:/r

==========

With your next post please provide:

* OTL.txt
* Are you able to boot yet?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 steve1509

steve1509
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 24 May 2010 - 04:11 PM


Hi

Here is the log

I cant type chkdsk because my keyboard is screwed - k comes out as 2

I copied and pasted the correct letters but it would not reboot

it says the volume is in use - it also said chkdsk may run if this volume is dismounted first, all open handles to this volume would then be invalid would you like to force dismount - i hit yes

there were a few lines that were truncated including otlmovedfiles

it did a ton of stuff and asked me do i want to convert lost chains to files i said yes

it did not then reboot, turned the laptop off and on again but it rebooted as before with the reatogo x pe


OTL logfile created on: 5/24/2010 8:11:35 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 790.00 Mb Available Physical Memory | 78.00% Memory free
902.00 Mb Paging File | 820.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.20 Gb Total Space | 30.92 Gb Free Space | 58.13% Space Free | Partition Type: FAT32
Drive D: | 244.70 Mb Total Space | 10.92 Mb Free Space | 4.46% Space Free | Partition Type: FAT
Drive E: | 53.69 Gb Total Space | 53.68 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/05/19 21:16:08 | 000,025,088 | ---- | M] () [Auto] -- C:\WINDOWS\system\svchost.exe -- (svchost)
SRV - [2010/03/14 10:32:10 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/14 10:32:06 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/24 23:51:36 | 000,138,680 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 23:51:22 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 23:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 23:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () [Auto] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () [Auto] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2006/04/06 19:30:46 | 000,086,016 | ---- | M] (Logitech) [Auto] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/04/22 08:29:12 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/14 10:32:14 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/14 10:32:04 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/24 23:51:00 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 23:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 23:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 23:49:08 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 23:48:58 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 23:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2006/07/06 04:28:42 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2006/06/28 01:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/06 19:30:46 | 002,400,128 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2006/04/06 19:30:46 | 000,016,768 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2006/04/06 03:46:42 | 001,097,472 | ---- | M] (Logitech) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2006/04/06 03:42:54 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/02/07 16:17:40 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/01/23 12:41:42 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/01/23 12:41:04 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2006/01/23 12:41:04 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/17 17:20:12 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2005/11/17 17:20:08 | 000,074,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2005/11/17 17:20:02 | 000,060,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2005/10/31 14:16:00 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2005/10/31 14:16:00 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/10/24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/07/20 14:53:54 | 000,190,592 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2004/12/17 16:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/08/04 05:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 05:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2004/08/04 05:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2004/08/04 05:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2004/08/04 05:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2004/08/04 05:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 05:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 05:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 05:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2004/08/04 05:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 05:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 05:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2004/08/04 05:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =



IE - HKU\Steve_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com
IE - HKU\Steve_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com/
IE - HKU\Steve_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =




O1 HOSTS File: ([2010/05/23 09:18:24 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\Steve_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Steve_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\disallowrun: 1 = firefox.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\disallowrun: 2 = opera.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\disallowrun: 3 = chrome.exe
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steve_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/06 04:28:58 | 000,000,150 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/01/10 09:34:24 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0



ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 09:18:21 | 000,552,960 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/05/23 09:18:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/19 04:41:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2010/05/19 04:41:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\IETldCache

========== Files - Modified Within 30 Days ==========

[2010/05/23 09:31:58 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Steve\NTUSER.DAT
[2010/05/23 09:31:58 | 000,786,432 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/20 04:41:26 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/05/20 04:41:26 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/05/20 04:41:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/20 04:41:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/20 04:41:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Steve\ntuser.ini
[2010/05/20 04:40:48 | 004,306,808 | -H-- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\IconCache.db
[2010/05/20 04:40:34 | 000,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/20 04:40:34 | 000,000,229 | RHS- | M] () -- C:\boot.ini
[2010/05/20 04:40:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/19 21:16:08 | 000,025,088 | ---- | M] () -- C:\WINDOWS\System\svchost.exe
[2010/05/19 21:15:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/19 21:15:44 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010/05/19 21:12:32 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/15 11:24:52 | 000,023,332 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\365 report.docx
[2010/05/14 12:01:30 | 000,471,552 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\ManagementReportProposal-DftII.doc
[2010/05/12 19:52:32 | 000,552,960 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2010/05/04 05:50:06 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/05/19 21:16:08 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System\svchost.exe
[2010/05/15 11:24:50 | 000,023,332 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\365 report.docx
[2010/05/14 12:01:29 | 000,471,552 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\ManagementReportProposal-DftII.doc
[2010/05/04 19:42:51 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/05 21:01:33 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/12/23 13:09:57 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/22 17:23:49 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2009/12/22 17:21:59 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\fusioncache.dat
[2009/12/22 17:20:51 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009/12/22 17:20:32 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\Steve\Installer.log
[2009/12/22 17:19:23 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/12/22 17:13:23 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Steve\ntuser.dat.LOG
[2009/12/22 17:13:23 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Steve\ntuser.ini
[2009/12/22 17:13:22 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Steve\NTUSER.DAT
[2009/12/22 10:02:20 | 000,013,227 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/07/06 12:47:54 | 000,786,432 | ---- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2006/07/06 04:47:54 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2006/07/06 04:47:54 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2006/07/06 04:47:54 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2006/07/06 04:47:54 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/07/06 04:47:54 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2006/07/06 04:47:46 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2006/07/06 04:29:22 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/07/06 04:28:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/07/06 04:28:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/07/06 04:28:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/07/06 04:28:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/07/06 04:25:00 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
[2006/05/13 14:18:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
[2006/04/06 19:30:46 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2006/04/06 19:30:46 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2006/04/01 12:24:50 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2005/12/27 15:50:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2005/12/27 15:50:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2005/12/27 15:50:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2005/12/27 15:50:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2005/12/27 15:50:26 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/11/29 13:12:38 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/10/31 18:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005/01/10 11:23:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/10 09:55:42 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2005/01/10 09:55:42 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2004/12/17 16:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/13 13:49:44 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2006/05/13 14:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acer
[2006/05/13 14:22:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer
[2006/05/13 14:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Acer
[2009/12/22 23:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Azureus
[2010/01/03 16:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Research In Motion
[2010/01/16 06:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Windows Desktop Search
[2010/01/28 07:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon /rs >

< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon /rs >

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

< %SYSTEMDRIVE%\*.exe >
[2009/07/15 17:30:46 | 000,028,672 | R--- | M] (Microsoft Corporation) -- C:\setupSNK.exe
[2010/05/12 19:52:32 | 000,552,960 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/01/10 09:40:40 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2005/01/10 09:40:40 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/01/10 09:40:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 17:46:58 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2008/07/25 11:16:58 | 000,282,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mscoree.dll
[2008/06/17 19:02:20 | 008,461,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[2010/02/25 07:24:36 | 001,985,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/14 05:42:04 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/04/14 05:42:02 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2010/02/25 07:24:38 | 000,206,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\occache.dll
[2010/02/25 11:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll

< CREATERESTOREPOINT >
< End of report >


#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 24 May 2010 - 09:58 PM

Hello,

Let's continue...

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL
    SRV - [2010/05/19 21:16:08 | 000,025,088 | ---- | M] () [Auto] -- C:\WINDOWS\system\svchost.exe -- (svchost)

    :Commands
    [emptytemp]
    [Reboot]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

==========

Pay attention here.
We are going to run OTL a bit different this time...

  1. Please reopen on your desktop.


    Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All

  2. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    /md5start
    svchost.exe
    /md5stop

  3. Push
  4. A report will open. Copy and Paste that report in your next reply.

Please note....The OTL logs are located at C:\_OTL

==========

Reboot...

Take out the OTL disc...

Reboot...

Can you boot into normal Windows yet?

==========

With your next post please provide:

* OTL fix log
* OTL.txt
* Able to boot into Windows yet?

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 steve1509

steve1509
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 24 May 2010 - 11:36 PM

Hi T
his report opened up when I started OTL

Files\Folders moved on Reboot...
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.

Registry entries deleted on Reboot...



I was asked if I wanted to reboot I said yes and it did nothing

I copied the 2nd part and hit run scan

Here is the report



OTL logfile created on: 5/25/2010 9:17:45 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 782.00 Mb Available Physical Memory | 77.00% Memory free
902.00 Mb Paging File | 810.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.20 Gb Total Space | 30.92 Gb Free Space | 58.13% Space Free | Partition Type: FAT32
Drive D: | 53.69 Gb Total Space | 53.68 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive E: | 244.70 Mb Total Space | 10.83 Mb Free Space | 4.43% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/14 10:32:10 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/14 10:32:06 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/24 23:51:36 | 000,138,680 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 23:51:22 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 23:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 23:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () [Auto] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () [Auto] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2006/04/06 19:30:46 | 000,086,016 | ---- | M] (Logitech) [Auto] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/04/22 08:29:12 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/14 10:32:14 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/14 10:32:04 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/24 23:51:00 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 23:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 23:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 23:49:08 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 23:48:58 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 23:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2006/07/06 04:28:42 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2006/06/28 01:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/06 19:30:46 | 002,400,128 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2006/04/06 19:30:46 | 000,016,768 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2006/04/06 03:46:42 | 001,097,472 | ---- | M] (Logitech) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2006/04/06 03:42:54 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/02/07 16:17:40 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/01/23 12:41:42 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/01/23 12:41:04 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2006/01/23 12:41:04 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/17 17:20:12 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2005/11/17 17:20:08 | 000,074,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2005/11/17 17:20:02 | 000,060,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2005/10/31 14:16:00 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2005/10/31 14:16:00 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/10/24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/07/20 14:53:54 | 000,190,592 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2004/12/17 16:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/08/04 05:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 05:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2004/08/04 05:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2004/08/04 05:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2004/08/04 05:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2004/08/04 05:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 05:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 05:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 05:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2004/08/04 05:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 05:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 05:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2004/08/04 05:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =



IE - HKU\Steve_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com
IE - HKU\Steve_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com/
IE - HKU\Steve_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\Steve_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =




O1 HOSTS File: ([2010/05/23 09:18:24 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\Steve_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Steve_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\disallowrun: 1 = firefox.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\disallowrun: 2 = opera.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\disallowrun: 3 = chrome.exe
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steve_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/06 04:28:58 | 000,000,150 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/24 23:56:28 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2010/05/23 09:18:21 | 000,552,960 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/05/23 09:18:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/19 04:41:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2010/05/19 04:41:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\IETldCache

========== Files - Modified Within 30 Days ==========

[2010/05/24 21:21:22 | 000,786,432 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/23 09:31:58 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Steve\NTUSER.DAT
[2010/05/20 04:41:26 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/05/20 04:41:26 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/05/20 04:41:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/20 04:41:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/20 04:41:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Steve\ntuser.ini
[2010/05/20 04:40:48 | 004,306,808 | -H-- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\IconCache.db
[2010/05/20 04:40:34 | 000,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/20 04:40:34 | 000,000,229 | RHS- | M] () -- C:\boot.ini
[2010/05/20 04:40:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/19 21:15:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/19 21:15:44 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010/05/19 21:12:32 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/15 11:24:52 | 000,023,332 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\365 report.docx
[2010/05/14 12:01:30 | 000,471,552 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\ManagementReportProposal-DftII.doc
[2010/05/12 19:52:32 | 000,552,960 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2010/05/04 05:50:06 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/05/15 11:24:50 | 000,023,332 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\365 report.docx
[2010/05/14 12:01:29 | 000,471,552 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\ManagementReportProposal-DftII.doc
[2010/05/04 19:42:51 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/05 21:01:33 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/12/23 13:09:57 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/22 17:23:49 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2009/12/22 17:21:59 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\fusioncache.dat
[2009/12/22 17:20:51 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009/12/22 17:20:32 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\Steve\Installer.log
[2009/12/22 17:19:23 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/12/22 17:13:23 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Steve\ntuser.dat.LOG
[2009/12/22 17:13:23 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Steve\ntuser.ini
[2009/12/22 17:13:22 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Steve\NTUSER.DAT
[2009/12/22 10:02:20 | 000,013,227 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/07/06 12:47:54 | 000,786,432 | ---- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2006/07/06 04:47:54 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2006/07/06 04:47:54 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2006/07/06 04:47:54 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2006/07/06 04:47:54 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/07/06 04:47:54 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2006/07/06 04:47:46 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2006/07/06 04:29:22 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/07/06 04:28:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/07/06 04:28:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/07/06 04:28:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/07/06 04:28:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/07/06 04:25:00 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
[2006/05/13 14:18:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
[2006/04/06 19:30:46 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2006/04/06 19:30:46 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2006/04/01 12:24:50 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2005/12/27 15:50:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2005/12/27 15:50:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2005/12/27 15:50:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2005/12/27 15:50:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2005/12/27 15:50:26 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/11/29 13:12:38 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/10/31 18:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005/01/10 11:23:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/10 09:55:42 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2005/01/10 09:55:42 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2004/12/17 16:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/13 13:49:44 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2006/05/13 14:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acer
[2006/05/13 14:22:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer
[2006/05/13 14:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Acer
[2009/12/22 23:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Azureus
[2010/01/03 16:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Research In Motion
[2010/01/16 06:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Windows Desktop Search
[2010/01/28 07:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2010/05/19 21:16:08 | 000,025,088 | ---- | M] () MD5=51DDEE8E6DDF7D13D8331753B79D8450 -- C:\_OTL\MovedFiles\05252010_091217\C_WINDOWS\system\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< End of report >

rebooted

removed disk

rebooted

No - it just keeps looping still

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 25 May 2010 - 06:22 AM

This next please.......

Please download ARCDC from Artellos.com.
  • Double click ARCDC.exe
  • Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3
  • You will be prompted with a Terms of Use by Microsoft, please accept.
  • You will see a few dos screens flash by, this is normal.
  • Next you will be able to choose to add extra files. Select the Default Files.
  • The last window will allow you to burn the disk using BurnCDCC
Your ISO is located on your desktop.
  • Insert the RC CD-ROM you just created into the CD-ROM drive of your sick computer and boot it!
  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

  • When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

  • A command prompt will open
  • Type the green bolded one line at a time and press Enter after entering each line.
chkdsk /r
fixmbr



Type exit and press Enter.
Reboot.

Success?

Thanks,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 steve1509

steve1509
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 25 May 2010 - 06:33 AM

Thanks T

I will have to update you this evening when I get home

regards

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 25 May 2010 - 09:47 AM

You bet thumbup2.gif
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 steve1509

steve1509
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 25 May 2010 - 01:43 PM

Nope

Type R then it just loops back to the welcome to setup screen






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users